Adrian Brown, Founder of My School Portal, considers the new data protection legislation and its future implications for how schools process information and communicate with parents and stakeholders.
How safe is our data? In today’s digital age, it’s a question everyone, quite justifiably, seems to be asking. Frequently, we hear stories in the media of data being leaked, lost, sold or shared to third parties, often without our knowledge or consent. The recent allegations directed at Facebook, with Mark Zuckerberg facing the US Senate over their alleged mishandling of users’ data, is just one high profile example that points to the high value and influential power of our personal data.
Keeping data safe and accessible to the right people has always been at the core of what we do at My School Portal. We’re acutely aware that data security is at the top of many schools’ agendas, and particularly so now, as many are actively reviewing and where needed, adjusting their processes to comply with the upcoming legislative changes in data protection.
Data management is a huge challenge for schools with personal information for pupils, parents and stakeholders often held across various online and printed formats, which are more often than not, disparate, unconnected and holding duplicate information. In addition to the various formats, each storage mode has varying degrees of security and access rights, which can create risks for data leakage, whether that is either a deliberate or accidental data loss.
It is therefore quite timely that we will see the General Data Protection Regulation (GDPR) coming into force in May 2018, which will result in a tightening up of regulations around the processing of personal data, yet at the same time, presenting many challenges for schools. We know that many schools have invested considerable time to undertake holistic assessments of their data systems, reviewing collection, modes of storage and data security and where needed, migrating their data into systems and processes that enable compliance with the legislation.
Schools are also busily critically reviewing their data to determine its sensitivity and setting up robust processes to mitigate any future risks. This includes schools actively reviewing and considering the use of email for the communication of sensitive information, and instead looking at secure file transfer systems. Quite simply, an email containing personal information accidentally sent to the wrong person could be a data breach.
How information is collected in the first place is also something that schools are addressing. Asking parents to post personal data to the school, for example a student medical form, is no longer ideal. Interestingly, a recent survey that we carried out with a sample of independent schools found that 86 percent of schools had looked at a secure way of asking parents to complete personal data forms online. A recent development for us at MSP has been the introduction of our custom forms which can be used for joining, induction, medical and trip permission forms. They remove the need for paper-based forms and digitally capture all interactions between the school and parents instead. The interest we’ve had in these has been unprecedented as it will significantly help schools in their drive to improve data security and GDPR compliance.
One school that is really leading the way when it comes to data protection is LVS Ascot. Adrian McGarry, Director of Information, Communication and Technology at LVS Ascot, explained: “The biggest challenge for schools in relation to GDPR is ensuring that the staff understand what their obligations are in relation to the regulation. Schools, like any other service sector, business or charity need to train their staff and stakeholders, as although they are any organisation’s best asset, they could also unwittingly be responsible for the next data breach.
“Key to any good GDPR roll-out programmes is open, honest, clear and concise communication. Information about data privacy, in the form of privacy notices, reformed policies and fewer consent forms are what I would expect as an information practitioner and a parent. A secure portal is an essential part of delivering the right content to the right people at the right time.
“At LVS Ascot we continually assess data privacy with our community as a whole. This activity pre-dates the formative plans for GDPR and will clearly continue once the GDPR takes effect. The data protection bill is one example of how the conversation is already moving beyond GDPR.”
There is no doubt that the safeguarding of children is at the forefront of any school’s stewardship and an expectation of every parent. This, together with the new data protection regulation, is re-shaping the way that schools communicate and share data. I think we will see a further shift in visibility and access to information with more and more data and communication between school and parents migrating to secure privately accessible information portals.
About Adrian Brown
Adrian Brown is the Founder of My School Portal – a secure, web-based communication platform that has been specifically designed for use by teachers, parents and students within the independent school sector. www.myschoolportal.co.uk