October is Cyber Security Awareness Month!  And although we don't think that Cyber Security awareness is something to cover just once in the year,  we are dedicating this month to raising awareness about digital safety.

A cyber attack on nursery chain, Kido claims to have stolen photos, names and addresses of around 8,000 children.  The information includes parental details and carers and safeguarding notes.

The Cyber Assessment Framework (CAF) is cyber security guidance for organisations that play a vital role in the day-today life in the UK and organisations should look to it as guidelines for helping keep data safe.

Given the Public Sector Fraud Authority estimates that every year between £39.9 billion and £58.5 billion of taxpayer's money is subject to fraud and error, it's no wonder the UK Government has published some guidance about fraud awareness.

With the recent Data Use and Access Act, organisations must now be more precise than ever about how they handle data rights concerns; the complaints process for data rights is clarified and formalised. This article discusses best practice around which complaints process to use when you receive a complaint.

Joe Tidy, BBC's Cyber correspondent has published a blog about cyber crime in schools following the ICO issuing a warning about the 'worrying trend' of students hacking their own school and college IT systems for fun or as part of dares. We explore the situation and what you should do when it happens.

Parents of a school in Birmingham are concerned that a school has accidentally shared a spreadsheet which contained student names for children in Year 7 to Year 11 and parental contact details.

We've updated and added some new policies, including the Data Protection Policy, Model Redaction Guidelines, Data Rights Complaints Process, Freedom of Information Policy, SAR Procedure Template, SAR Response Template, Subject Access Request Clarification Template.  This article shows an amendments made to the documents.

The latest release of the "Keeping Children Safe in Education" guidance brings important updates for schools and colleges, including points relating to the rapidly evolving digital landscape.  Most of the changes in this year's guidance are technical.

We've published a new e-learning module for 2025 data protection training.

The recent data breach involving Online SCR, an online provider of single central record (SCR) services, has put the personal data of education staff at risk.  The breach was a result of a cyber attack on a subcontractor.

As schools begin to welcome back students, staff and new joiners, the focus is on the new academic year: curriculum planning, safeguarding and operational logistics.  An equally critical and statutory area that demands attention is data protection and cyber security compliance.  Adhering to data protection law isn't just about avoiding fines; it's about protecting sensitive personal data of children, their families and staff.

The Murky Panda (also known as Silk Typhoon) is a cyber threat that has had significant activity since 2023 and has targeted government, technology, academic, legal and professional services. Currently there are reports of the threats only in North America, however, as the Murky Panda has previously targeted compromises in the cloud, it is assumed that they will easily transition to attacks further afield. The threat group is a China-nexus group

The ICO Accountability Framework is a crucial tool for any organisation handling personal data, providing a structured approach to data protection compliance. When applied to the Department for Education (DfE) Digital Standards, it becomes a powerful mechanism for schools and trusts to ensure their technology and data practices are not only efficient but also legally compliant and secure.

The DfE has published the report for their consultation: Narrowing the Digital Divide in Schools and Colleges, with the conclusion that schools can and want to meet the standards by 2030.

The changes to the Academy Trust Handbook will be effective from 1st September 2025 and include some statutory digital standards recommendations.

A secondary school in Cornwall close for two days due to a 'cyber incident'.

This podcast episode delves into the often-overlooked but crucial topic of records management within the school environment. It breaks down the lifecycle of a record from creation to disposal, highlighting the legal framework schools operate within, including the Data Protection Act 2018, UK GDPR, and the Freedom of Information Act 2000. The episode also explores the consequences of non-compliance, the importance of a robust Records Management Policy, and the specific considerations for handl

This podcast episode provides an overview of the Data Protection Education's 2024 training update, focusing on the legal framework and practical guidance for data protection in the workplace. The discussion covers key definitions like UK GDPR, Data Controller, Data Processor, Personal Data, and Data Protection Officer. It also highlights the importance of data protection in preventing breaches and fostering a strong

The GOV.UK Cyber Security Breaches Survey 2025 is out and reveals that 43% of UK businesses and 30% of charities experienced a cyber security breach or attack in the last 12 months.  We review and highlight some key data protection points.