RM School Management Solutions – the second largest supplier of MIS systems in the UK - conducted research in 933 schools across England to investigate how primary schools handle pupil data. The findings revealed that primary schools are taking more risks than ever before with the safe storage of databases containing confidential and personal information about both pupils and staff.
The need to back-up pupil data is unequivocal, but what do schools do with this data and how are these back-ups being taken? Are schools given appropriate resources to ensure pupil data is secure?
The Data Protection Act 1988 states that ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.’
According to the latest figures, 49% of primary schools - the equivalent of more that eight thousand schools across England - are taking unencrypted copies of children’s records off school premises overnight and at weekends.
Despite schools acting with the best of intentions to preserve children’s records and ensure information is kept up to date, they are perilously close to breaching the data protection guidelines by not storing copies of the data securely or protecting against loss and damage.
Paul Grubb, from RM School Management Solutions, said: "Given the profile of the recent loss of unencrypted data CDs schools need to be aware of how information about their pupils is currently being stored and protected”
Paul adds: “The schools are in a difficult position. We all know that data back-ups have to be made and if the school data is only held on a server on school premises then you immediately have a problem about how to ensure that data is saved in case of any system failure or fire.”
“Remote back-up solutions are routinely sold as a costly upgrade. I’m pleased to announce that any school moving to IntegrisG2 has secure remote back-ups included in the price.”
IntegrisG2 provides local authorities with an ‘Enterprise MIS’, one centrally hosted and web-delivered system, meaning pupil data from across the authority sits securely on one protected database.
‘Enterprise MIS’ means software and data are not physically stored in learning centres, but hosted either by the local authority or an approved third party hosting partner. This removes the burden of data security on the school as well as providing them with a system which maintains itself, giving Administrators time to concentrate on managing the school. “The research has exposed a huge weakness in the majority of school management systems which physically keep the data in the school, meaning that data back-ups have to be made and kept separately. Suppliers of management information systems used by schools should be looking seriously at this issue and exploring ways to reduce the burden on schools.
“We have to start looking at the alternative ways of managing information within the education system, instead of relying on the traditional methods, if we are to achieve a truly safe, integrated way of working.
