☝️ Guidance on Biometric Data for MATs and Schools
September 25, 2024
It is hard to comprehend just how much things have changed since we sent out our last newsletter at the start of March. In that time, we have continued to support our schools with any on-going data incidents that have occurred, held virtual audits and meetings online, as well as provided resources to help with continuity planning, setting up hubs and remote working. And we continue to be amazed by the fantastic jobs you are all doing in such testing and uncertain times!
This month’s newsletter features advice from the ICO about data protection and data security during the Coronavirus pandemic, our latest resources including advice for conducting interviews and recruitment virtually, and an overview of the security concerns regarding Zoom – the video conferencing app du jour!
If you have any further questions about the topics below, or if you would like to book your next visit from us, either online using video conferencing or onsite once schools reopen, please get in touch via GDPR@schoolpro.uk.
Stay safe and healthy!
No. We understand that resources, whether they are finances or people, might be diverted away from usual compliance or information governance work. We won’t penalise organisations that we know need to prioritise other areas or adapt their usual approach during this extraordinary period.
We can’t extend statutory timescales, but we will tell people through our own communications channels that they may experience understandable delays when making information rights requests during the pandemic.
Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual and they can use their own device or communications equipment. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.
Yes. You should keep staff informed about cases in your organisation. Remember, you probably don’t need to name individuals and you shouldn’t provide more information than necessary. You have an obligation to ensure the health and safety of your employees, as well as a duty of care. Data protection doesn’t prevent you doing this.
You have an obligation to protect your employees’ health, but that doesn’t necessarily mean you need to gather lots of information about them.
It’s reasonable to ask people to tell you if they are experiencing COVID-19 symptoms.
You could ask visitors to consider government advice before they decide to come. And you could advise staff to call 111 if they are experiencing symptoms. This approach should help you to minimise the information you need to collect.
If that’s not enough and you still need to collect specific health data, don’t collect more than you need and ensure that any information collected is treated with the appropriate safeguards.
Yes. It’s unlikely your organisation will have to share information with authorities about specific individuals, but if it is necessary then data protection law won’t stop you from doing so.
Source – https://ico.org.uk/
Download the ICO’s guide to the basics of data security here:
https://ico.org.uk/media/for-organisations/documents/2617548/ico-data-security-guide-to-the-basics.pdf
Further resources for data security can be found here including our Working From Home Securely factsheet:
Zoom has become the most popular video conferencing app in the UK and US for socialising and conducting business. Some schools are also using it for streaming live lessons. However, some concerns have been raised about its privacy and security as can be seen in the following articles:
Coronavirus: Zoom under increased scrutiny as popularity soars – BBC
Zoom faces a privacy and security backlash as it surges in popularity – The Verge
Zoom is a big privacy headache. Here’s how you can lock it down – Wired
Privacy concerns grow over Zoom videoconferencing platform – Financial Times
Zoom sued for allegedly sharing users’ personal data with Facebook – CBS News
Zoom admits meetings aren’t really end-to-end encrypted – Trusted Reviews
Even Boris Johnson has come under fire for using it for Cabinet meetings – as well as publicly sharing the meeting ID…!
It is clear that the software is not free from some genuine concerns, especially if you are using it with your pupils. The Wired article above gives some handy advice as to how you can make Zoom safer such as setting passwords for your Zoom meetings to prevent ‘Zoombombings’ and removing data slurping settings as much as possible. Equally, it also suggests using different software that is more security conscious which would be our recommendation as well. Having said that, it is hard to find any product that is doesn’t have any privacy or security concerns at all!
The key thing is to risk assess your decision and record all of the actions you have taken to mitigate all of the risks.
Don’t get caught out when it comes to pupil photos – ICO
Smart camera and baby monitor warning given by UK’s cyber-defender – BBC
Rail station wi-fi provider exposed traveller data – BBC
UK Home Office ‘repeatedly breached GDPR’ – TechRadar
Amazon’s Ring logs every doorbell press and app action – BBC
UK data watchdog slaps a £500,000 fine on Cathay Pacific for 2018 9.4m customer data leak – The Register
Boots Advantage and Tesco Clubcard both suffer data breaches in same week – Which
Virgin Media data breach affects 900,000 people – BBC
Polish school hit with GDPR fine for using fingerprints to verify students’ lunch payments – VentureBeat
Dutch government loses hard drives with data of 6.9 million registered donors – ZDNet
Coronavirus-tracking smartphone apps don’t invade privacy says data watchdog – ZDNet
Using Zoom while working from home? Here are the privacy risks to watch out for – CNet
Council employee fined £400 for illegally deleted audio file – ICO
Marriott hit by second data breach exposing “up to” 5.2 million people – Verdict
Please contact us if you do have further questions at GDPR@schoolpro.uk.
SchoolPro TLC Ltd (2020)
SchoolPro TLC is not responsible for the content of external websites
For a confidential conversation about the needs of your school or organisation, please contact SchoolPro TLC using the links below. Based in Gloucestershire, available anywhere in the UK!
SchoolPro TLC Limited was formed by school and education leaders with over 60 years of experience across all stages of education and in a variety of contexts. The company founders have worked to improve educational provision as both senior leaders and school governors.
Monday – Friday : 8am – 6pm
© 2024 SchoolPro TLC – All Rights Reserved