A recent study conducted by Check Point Research which can be found at the bottom of this article has found that there has been a 29% increase in cyberattacks on organisations in the education sector since 2020, the highest increase of any sector.
A recent study conducted by Check Point Research which can be found at the bottom of this article has found that there has been a 29% increase in cyberattacks on organisations in the education sector since 2020, the highest increase of any sector.
Cyber attacks are on the up, and with the education sector seeing the highest number of cyber attacks of any sector since the start of the pandemic, as well as the highest increase in attacks in that same period
With biometric technology becoming more and more prevalent in society, the governance of the personal data that organisations collect from using this technology has recently been a topic of discussion.
How to share this year’s Nativity play online safety
Schools will have good intentions in wanting to share this year’s Nativity play online. But how do you ensure you do this safely and adhere to the latest data protection regulations? Below is some guidance which will support you in this task.
We will be releasing the Phishing Simulation to all schools over the next three weeks. We are currently finalising scenarios and implementation materials prior to final user testing and release.
The Children’s Code
The first update from the ICO is that the transition year for the introduction of The Children’s Code (also known as The Age Appropriate Design Code) has passed, with the code having come into effect on September 2nd.
Recording staff vaccination data
Firstly, a couple of links as reference...though they don't really tell you the answer - especially the second one which doesn't seem to have been updated post-August 16th:
Schools in Brighton and Hove have received the following Freedom of Information request:
1. Please send me copies/scans/digital files that record individual racist/religious incidents/bullying incidents in terms of numbers of incidents and their
The National Cyber Security Centre has today upgraded it's advice to schools relating to the prevalence of cybers attacks in the sector:
These protocols aim to ensure that online lessons with pupils when working from home, are safe, secure and continue to provide high-quality education using a virtual platform.
This is guidance for setting up and managing online lessons using the school’s chosen platform ie Zoom; Google or Microsoft teams.
Users of Class Dojo will recently have noticed that a requirement to provide consent for international data transfers was included to the login screen.
It is a requirement under the Freedom of Information Act and ICO to set out your commitment to making certain classes of information routinely available, such as policies and procedures, minutes of meetings, annual reports and financial information.
Updated 22 March 2021
The ICO gives the following advice when communicating privacy matters to children:
What information should we give to children?
Transparency is about being clear, open and honest with your users about what they can expect from you.
We've had a few questions recently about parents and students recording conversations with members of staff, both covertly or overtly without seeking permission. This article only covers recordings made by external individuals, not organisations or individuals acting on behalf of an organisation.
We know the jargon can be confusing. As can the timelines for responding to the various requests that you receive.
Is it a month? Or 30 days? Are those working days?
So here's a little chart to simplify everything:
We've recently had more than one breach reported where physical files have got lost in the post.
In such cases, the sender remains the data controller and is responsible for ensuring that the optimum data security measures are in place during transfer. Where possible, consider whether a physical drop-off (and get a receipt) is a more secure option.
Do I need consent for emergency contacts?
Actually no, and here's why.
We know that we must have a lawful basis for processing any data, and consent is one of the six lawful bases that can be used.
Adapted from: The Irish Data Protection Commissioner
The UK GDPR does not prescribe the exact process for carrying out a DPIA beyond the minimum features outlined above, allowing for flexibility and scalability in line with your organisation’s needs. Although there is no one prescribed approach to take, the following steps can guide you through the process:
We have added publication scheme model templates in the FOI Best Practice area for academies as well as maintained schools.
Difference between the High Level and Detailed Publication Scheme
The Government has provided some guidance on the avoidance of disinformation online.
https://sharechecklist.gov.uk/
What is disinformation?
Disinformation is the deliberate creation or dissemination of false and/or manipulated information