It is hard to comprehend just how much things have changed since we sent out our last newsletter at the start of March. In that time, we have continued to support our schools with any on-going data incidents that have occurred, held virtual audits and meetings online, as well as provided resources to help with continuity planning, setting up hubs and remote working. And we continue to be amazed by the fantastic jobs you are all doing in such testing and uncertain times!

This month’s newsletter features advice from the ICO about data protection and data security during the Coronavirus pandemic, our latest resources including advice for conducting interviews and recruitment virtually, and an overview of the security concerns regarding Zoom – the video conferencing app du jour!

If you have any further questions about the topics below, or if you would like to book your next visit from us, either online using video conferencing or onsite once schools reopen, please get in touch via GDPR@schoolpro.uk.

Stay safe and healthy!

Data Protection During the Coronavirus Pandemic

The ICO has shared some handy advice for data controllers during the Coronavirus pandemic which we wanted to share with you as this may apply over the coming weeks:
During the pandemic, we are worried that our data protection practices might not meet our usual standard or our response to information rights requests will be longer. Will the ICO take regulatory action against us?

No. We understand that resources, whether they are finances or people, might be diverted away from usual compliance or information governance work. We won’t penalise organisations that we know need to prioritise other areas or adapt their usual approach during this extraordinary period.
We can’t extend statutory timescales, but we will tell people through our own communications channels that they may experience understandable delays when making information rights requests during the pandemic.

More of our staff will be homeworking during the pandemic. What kind of security measures should my organisation have in place for homeworking during this period?

Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual and they can use their own device or communications equipment. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.

Can I tell my staff that a colleague may have potentially contracted COVID-19?

Yes. You should keep staff informed about cases in your organisation. Remember, you probably don’t need to name individuals and you shouldn’t provide more information than necessary. You have an obligation to ensure the health and safety of your employees, as well as a duty of care. Data protection doesn’t prevent you doing this.

Can I collect health data in relation to COVID-19 about employees or from visitors to my organisation? What about health information ahead of a conference, or an event?

You have an obligation to protect your employees’ health, but that doesn’t necessarily mean you need to gather lots of information about them.
It’s reasonable to ask people to tell you if they are experiencing COVID-19 symptoms.
You could ask visitors to consider government advice before they decide to come. And you could advise staff to call 111 if they are experiencing symptoms. This approach should help you to minimise the information you need to collect.
If that’s not enough and you still need to collect specific health data, don’t collect more than you need and ensure that any information collected is treated with the appropriate safeguards.

Can I share employees’ health information to authorities for public health purposes?

Yes. It’s unlikely your organisation will have to share information with authorities about specific individuals, but if it is necessary then data protection law won’t stop you from doing so.

Source – https://ico.org.uk/for-organisations/data-protection-and-coronavirus/

Data Security – Advice from the ICO

Data Security - Advice from the ICO

Download the ICO’s guide to the basics of data security here:
https://ico.org.uk/media/for-organisations/documents/2617548/ico-data-security-guide-to-the-basics.pdf

Further resources for data security can be found here including our Working From Home Securely factsheet:

National Cyber Security Centre’s Home-Working Guidance

SAN Security Awareness Work-From-Home Deployment Kit

Working From Home Securely Fact Sheet

Latest Resources

Download our Conducting Virtual Interviews infographic as an image or a pdf.
Download our Conducting Virtual Meetings for Schools infographic as an image or a pdf
Download our Conducting Virtual Governor Meetings infographic as an image or a pdf.

Zoom – Privacy and Security Concerns

Zoom has become the most popular video conferencing app in the UK and US for socialising and conducting business. Some schools are also using it for streaming live lessons. However, some concerns have been raised about its privacy and security as can be seen in the following articles:

Coronavirus: Zoom under increased scrutiny as popularity soars – BBC
Zoom faces a privacy and security backlash as it surges in popularity – The Verge
Zoom is a big privacy headache. Here’s how you can lock it down – Wired
Privacy concerns grow over Zoom videoconferencing platform – Financial Times
Zoom sued for allegedly sharing users’ personal data with Facebook – CBS News
Zoom admits meetings aren’t really end-to-end encrypted – Trusted Reviews

Even Boris Johnson has come under fire for using it for Cabinet meetings – as well as publicly sharing the meeting ID…!

It is clear that the software is not free from some genuine concerns, especially if you are using it with your pupils. The Wired article above gives some handy advice as to how you can make Zoom safer such as setting passwords for your Zoom meetings to prevent ‘Zoombombings’ and removing data slurping settings as much as possible. Equally, it also suggests using different software that is more security conscious which would be our recommendation as well. Having said that, it is hard to find any product that is doesn’t have any privacy or security concerns at all!

The key thing is to risk assess your decision and record all of the actions you have taken to mitigate all of the risks.

 

 

Resources for Schools

We’ve produced a number of resources for schools during the school closure period so far which we have included in previous emails and on our blog. Here are the key ones we’ve created so far:

Covid-19 Continuity Planning for School Closure

Covid-19 Continuity Planning for Hub Schools

Covid-19 Daily Risk Assessment for Schools and Hubs

Safe Remote Learning Infographic

Live Lesson Streaming Infographic

Data Protection in the News

Don’t get caught out when it comes to pupil photos – ICO

Smart camera and baby monitor warning given by UK’s cyber-defender – BBC

Rail station wi-fi provider exposed traveller data – BBC

UK Home Office ‘repeatedly breached GDPR’ – TechRadar

Amazon’s Ring logs every doorbell press and app action – BBC

UK data watchdog slaps a £500,000 fine on Cathay Pacific for 2018 9.4m customer data leak – The Register

Boots Advantage and Tesco Clubcard both suffer data breaches in same week – Which

Virgin Media data breach affects 900,000 people – BBC

Polish school hit with GDPR fine for using fingerprints to verify students’ lunch payments – VentureBeat

Dutch government loses hard drives with data of 6.9 million registered donors – ZDNet

Coronavirus-tracking smartphone apps don’t invade privacy says data watchdog – ZDNet

Using Zoom while working from home? Here are the privacy risks to watch out for – CNet

Council employee fined £400 for illegally deleted audio file – ICO

Marriott hit by second data breach exposing “up to” 5.2 million people – Verdict


Please contact us if you do have further questions at GDPR@schoolpro.uk.

SchoolPro TLC Ltd (2020)
SchoolPro TLC is not responsible for the content of external websites