A word of warning – The Data Protection Act: Are you fully compliant?

A word of warning – The Data Protection Act: Are you fully compliant?

Provided to Best Bear by Michele Payne, Director IsHr Management www.ishrmanagement.co.uk

A school in Oldham has been found in breach of the Data Protection Act.

The school reported the breach in January after an unencrypted laptop was stolen from the boot of a teacher’s car when parked at their home overnight. The laptop contained personal information relating to 90 pupils at the school.

The Information Commissioner's Office (ICO) enquiries found that the school was unaware of the need to encrypt portable and mobile storage devices, although it did have a policy in place informing staff that storage devices should not be kept in cars when away from the school premises.

It is vitally important that all organisations, in particular, schools and nurseries, take the necessary precautions to ensure that people’s personal information remains secure. The fact that the school was unaware of the need to encrypt the information stored on their laptop fuels our suspicion that many childcare and education establishments continue to process personal information without having the necessary security measures in place. 

We understand the Head Teacher of the school in question has since signed an undertaking to ensure that all portable and mobile devices including laptops used to store and transmit personal data are encrypted using encryption software which meets the current standard; that the staff at the school are also to be trained on how to follow the school’s policy and procedures for the storage and use of personal data, and the school has agreed to regularly monitor its policies on data protection and IT security issues.

The Data Protection Act covers a huge area and is an Act employers can easily, quickly, and inadvertently fall foul of.  All policies and procedures should be measured alongside the Act and wise employers will ensure that their Data Protection Policy is updated regularly and, periodically overseen by their HR / Legal Adviser as to get it wrong can be a costly mistake and lead to prosecution.

All employers should familiarise themselves with the Act and can access more information from the Information Commissioner’s website at www.ico.gov.uk The ICO also has a general Helpline and Regional Offices:

Helpline 0303 123 1113 or 01625 545745 Open from 9am to 5pm, Monday to Friday.