Term is well under way and the summer holidays a distant memory. It has been busy in the world of data protection too, so here is a summary of the latest updates and alerts for your organisation:
Important Alerts and Urgent Updates
- Information Sharing to Protect Children and Young People
The Information Commissioner’s Office (ICO) has recently launched new guidance to address concerns from organisations that they worry are scared to share information for fear of falling foul of data protection law. The Information Commissioner has urged organisations to “share information to protect children and young people at risk“.
- US-UK Data Bridge Becomes Law – Takes Effect 12th October
The UK government has announced an updated transfer agreement with the US that replaces the Privacy Shield (struck down in 2020). This will allow schools and trusts to transfer personal data to the US without need for further safeguards provided the receiving organisation is certified to the “U.K. Extension to the EU-US Data Privacy Framework”.
- Check Your Email Security
The National Cyber Security Centre (NCSC) has released a free government service to help UK organisations check for cyber vulnerabilities.
- “Data Breaches Put Domestic Abuse Victims’ Lives at Risk”
The ICO has issued guidance after recent reprimands related to breaches of the data of victims of domestic abuse:
- Regularly check contact information;
- Avoid inappropriate access to your systems;
- Always double check before data is transferred, altered or disclosed;
- Ensure training is thorough and relevant for staff.
General Data Protection Updates
- The ICO has published guidance to help employers understand data protection obligations under the UK GDPR and Data Protection Act when handling employees’ health information.
- The ICO has updated their guidance around data storage and security. This includes specific guidance to reduce the risk of issues linked to the use of Bcc in emails:
- set rules within the email system to provide alerts and warnings;
- set a delay to allow errors to be corrected before the email is sent;
- turn off auto-complete to remove email address suggestions;
- use the NCSC’s email security check tool (linked above 👆).
- The ICO has fined a former social services council employee for unlawfully accessing sensitive personal data. This raises questions for all organisations that process sensitive personal data:
- What access do staff have to your data?
- How is that access controlled?
- How are leavers managed to remove access?
- DarkBeam, a digital risk protection firm, has leaked billions of email and password combinations in a recent data breach. Advice to keep safe in the event of a breach like this:
- Use an online checker to see if your data has been leaked;
- Change your passwords if it has;
- Enable 2FA on all accounts that you can;
- Be on the lookout for spam emails, unsolicited texts, & phishing emails.
If in doubt, don’t click!
- The DfE have updated their ‘Working Together to Improve School Attendance‘ guidance. They have added ‘Toolkit for schools: communicating with families to support attendance’ and ‘Annex A: example attendance letters and emails to parents and carers’.
- The DfE have also updated their ‘Share Your Daily School Attendance Data‘ guidance. They have updated ‘How this data will be used’ section with the latest versions of the ‘privacy notice’, ‘data collection principles’ and ‘data protection impact assessment (DPIA).
- The DfE have also updated the ‘Apply for Department for Education (DfE) Personal Data‘ guidance. They have updated the DfE data sharing service application form & guidance, & the individualised learner record, national pupil database & school workforce data tables. They have also updated the ‘Apply directly to ONS for other key datasets’ section with information about the further education workforce and pupil parent matched dataset.
- A Statutory Instrument (SI) will be enacted that will “amend references to ‘fundamental rights and freedoms’ in the UK’s data protection legislation.” The impacts of this are nuanced and the SI currently states that “no significant impact on the private, voluntary or public sector is foreseen.”
Latest SchoolPro TLC Information
- We are expanding our team! We have two posts available in our team here at SchoolPro TLC. The posts close on 6th October (only a few more days) but interest can be expressed in the first instance by emailing a CV to firstname.lastname@example.org:
- Data Protection Officer for Education
- Administrative Assistant
- Over the past couple of updates, we’ve emphasised the importance of staff training with regards to Data Protection.
The RPA has also confirmed that Cyber Security training should be completed annually which you can also do through our training platform.
- We have added more of our recent guidance and update blogs to the ‘Guidance’ folder of Global Documents as downloadable pdfs that can be shared with staff. The latest are:
- 📜 Do I Need to Give References in a Subject Access Request?
- 📢 Handling FOI Requests from Suspended Accounts on WhatDoTheyKnow
- 📧 Protecting Data Double-Check Recipient Emails
- We’ve also recently added the following document to the portal in Global Documents:
- DPIA for the use of Biometric Data
- DPIA for the implementation and use of School Calendar, Co-Curricular, Music & Sports Comms System – SOCS
- DPIA for the use of SDS Group – Scanning and Hosting of HR Documentation
- DPIA for the implementation and use of Xero accounting software
- As mentioned in previous communications, we are pleased to inform you that we have organised a complimentary advisory session in partnership with Peninsula UK for our clients who may be facing challenges or have issues regarding HR, employment law, and health and safety matters.
Get Complimentary Advice From The Market Leading HR and H&S Provider.
SchoolPro TLC Ltd (2023)
SchoolPro TLC guidance does not constitute legal advice.
SchoolPro TLC is not responsible for the content of external websites.