The Data Protection Act (DPA) and Freedom of Information Acts (FOIA) is complex. It is a school’s responsibility to be registered with the Information Commissioners Office (ICO) and comply with current legislation; failure to do so can result in fines of
up to £500,000 for each breach of the legislation from the ICO. Legislation changes are under constant review both at European and National level. Understanding and adherence to DPA and FOIA are therefore essential for schools.
The ICO is the UK’s independent public authority set up to uphold information rights. They promote good practice, rule on complaints and take appropriate action when the law is breached.
The Governing Body of a school is responsible for data protection and if there is any breach of the DPA it may have to pay any fine from its budget.
Schools must therefore ensure the following:
- Make sure staff and governors understand what personal data is and that they know how to safeguard it.
- Have information security policies in place and make sure all staff and governors are familiar with and abide by the policies.
- Understand how to keep information safe when it is being stored, used, transported, and disposed of. This includes paper files, emails, and electronic files on your laptop or memory stick.
- Encrypt any laptops/computers that may contain personal data.
- Know what information you can share and know how to do this safely.
- Have a process for reporting and managing incidents where personal data has or may have been disclosed.
We can help you become and remain compliant with the Acts and provide professional assistance should the worst happen. We can also take the worry out of keeping up with the law in this area. Our training, guidance and advice comes from qualified and experienced
professionals who understand the role of the ICO and current legislation.
Further details here