Schoolchildren’s addresses, routes to school and even fingerprints are at risk of exploitation because nearly half of schools have no policy for handling pupil data, researchers have found. This is from the Telegraph…
Data including information about where children live, who their parents are, their routes to school, whether relatives are on the sex offenders’ register, whether they have special needs and whether they are known to social services are not being guarded vigilantly enough, according to the study.
40 per cent of UK secondary schools and 10 per cent of primaries are thought to use biometric systems, including fingerprint, iris or palm recognition software, to allow pupils to take out library books or pay for school dinners.
Despite increasing use of biometric data, however, a survey of 1,059 schools by the East Anglia and Plymouth university academics, and presented at the British Educational Research Association’s (Bera) annual conference in Manchester, found that 48 per cent had either no personal data policy or were in the process of formulating one.
The findings also show that 45% were below the minimum level in the area of password security and 40% were below the minimum standard for technical security – the measures a school puts in place to protect its computer system from problems such as viruses.
Researchers said that schools must be more cautious in their handling of personal data or face consequences including identity theft, parents wrongly being sent confidential information about someone else’s child; or, in future, pupils’ biometric data being accessed by strangers.
The study found that schools often seemed to view collecting pupil data in this way as a simple matter of convenience, with little thought about security or the implications for children…
Dr Leaton Gray, of the University of East Anglia said: “If this information gets into the wrong hands, it can have big consequences for individuals. Yet security levels in schools are inconsistent, and generally not as high as they should be.”
A Department for Education spokesperson said: “We take the security of pupils’ personal data very seriously. We have changed the law so that schools have to obtain parental permission before they take fingerprints or any kind of biometric data. This will come into force in September 2013. Under the Data Protection Act all data collected by schools must only be used for its stated purpose, cannot be shared with third parties for another purpose, must be kept securely and be destroyed when a pupil leaves their school.”