Data Protection – Key Issues for Staff

Data Protection – Key Issues for Staff Please carefully read the below points with regards to GDPR and data protection regulations to follow when working in schools.

• Data is not to be shared without following the proper procedures, even with trusted third parties such as social care and the police. The lawful basis for sharing must be established. This includes people within the family, their consent must be recorded to share with an extended family member: Be particularly careful before releasing personal information by telephone.
• Passwords will be kept securely and not accessible to Third Parties.
• Passwords will comply with the School requirements for complexity.
• Passwords will not be shared.
• Automated log on processes to store passwords will not be used.
• Computers will be locked if they are unattended or auto lock within a period of 15 minutes.
• Confidential or restricted data will not be left out if the office is unoccupied or left on the desk if others can access the information. This applies to hard copy and removable storage, e.g. USB memory sticks. Locked offices, cupboards and drawers are safe places to secure data, subject to the policy.
• At the end of the day the computer must be fully shut down and log out procedures followed. Hard copy and sensitive data must be securely stored and locked away.
• Downloading new software from the internet must only be done with the consent of the Business Manager and ICT support provider
• Confidential discussion will not take place in front of unauthorised individuals.
• Sensitive information should be sent by secure email or password protected before sending to an external email and any password conveyed separately. 
• Records and data in any form that are taken off site must be secured at all times. Leaving paper files or digital media unattended is not acceptable.
• Make sure that if you are going to remove hard copy or digital information to work on away from school that you have authority to do this and it is done on work laptop. 
• If out of school overnight the paper records and data must be stored securely. Leaving paper records or data in a locked car is not acceptable. 
• Memory sticks, mobile phones, laptops and tablets must be encrypted. Be aware that those seeking information sometimes use deception in order to gain access to it. Always verify the identity of the data subject and the legitimacy of the request. 
• If you receive a request for personal information about another employee, you should forward this to the School Business Manager, who will be responsible for dealing with such requests. 
• Do not access another employee’s records without authority as this will be treated as gross misconduct and it is a criminal offence.
• Do not write down opinions – by email or hard copy – about a person that you would not feel comfortable saying to their face. Record facts not opinions. 
• Treat everyone’s data in the same way you would like others to treat yours!