back to article ICO makes school stand in corner over data theft

The ICO has given an Oldham school a stern telling-off after an unencrypted laptop with pupils' details was stolen from a teachers' car. The laptop contained "personal information" relating to 90 pupils at Freehold Community School when it was half-inched from the boot of the corduroy's car, which was parked outside their home …

COMMENTS

This topic is closed for new posts.
FAIL

Contrast with ICO's treatment of BT

who were ordered by a Court to encrypt acutely sensitive personal information before handing it to ACS:Law on physical media.

BT simply ignored the court order, sending the data as an unencrypted email attachment instead (and the result is spread all over the web).

No fine, no undertakings, no warning, no penalties.

12
0
Anonymous Coward

What about a policy of

Not leaving laptops in the boot of cars overnight?

My work laptop is encrypted, but I wouldn't be too popular if it was stolen from my boot because I couldn't be arsed bringing it inside my house.

12
0
Anonymous Coward

Which raises the question ?

why issue laptops, if there's no homeworking going on ? My guess - the "L, LX, GLX, GLX-S" effect of company provided kit, which plagued the car market for decades, because most people had some miltary experience with a very rigid idea of ranks. Basic sales person gets the "L" model. Senior sales person gets the "LX" with 2-speed wipers, Sales manager gets "GLX" with an FM radio, and so on.

Most bosses get laptops because they are bosses, not because they need laptops.

As an aside, firm I used to work for saved on insurance by refusing to cover theft of laptops from cars - the user was liable. All of a sudden, people discovered they didn't need laptops.

11
0
Alert

No home working??

Teachers do loads of work at home, marking, planning, paperwork, etc...

2
6
Grenade

Yes, but

they *weren't* home working. The laptop was in the BOOT OF THEIR CAR OVERNIGHT. So why take it home in the first place.

Clearly, the security policy here was an epic fail even before the issue of encryption was avoided. If there's no need for the equipment, then it shouldn't leave the premises. Bear in mind this story is about a breach of physical security.

8
1
Thumb Down

double standards again?

Once again the ico. go for the small publicly owned target and ignore the pprivately owned commercial leviathans. No doubt this will set the precedent for a really tough response on the ACS:Law/Andrew Crossley case. Not.

As to the BT/PlusNet debacle - I totally agree with the first comment. ISPs are immune to any signficant ico. sanction.

The ico. has been subject to regulatory capture by the industry it is meant to regulate. It should be abolished.

10
0
Z80
Headmaster

a teachers' car

How many teachers owned the car?

11
0
Anonymous Coward

Something about ignorance of the law....

..unless it concerns personal information of course.

2
1
FAIL

And it will only get worse...

My partner's school have now stopped issuing laptops to teachers and instead are expecting them to use their own PCs, with childrens' reports being transferred by USB sneakernet, email etc. So no encryption, malware and anti-virus protection automatically set at 'lowest common denominator level' and loads of cached copies all over the PC inviting a data protection act prosecution. Lovely.

6
0
Anonymous Coward

Just say you don't own a PC ?

not a job requirement is it ?

5
0
Unhappy

Just say you don't own a PC

That was mentioned during the staff meeting when the policy was announced and the official response was to use one of the computer suite laptops i.e. those used by the children during the lessons.

The only thing missing was a sweepstake form on how soon before an angry parent comes in waving a memory stick with the class' details on.

1
0
Thumb Down

Ahh but

Teacher is never wrong, as if you worked in school you would know, it wouldn't matter a jot how often the IT staff told them, if it was in the least bit difficult to understand, they wouldn't do it. A better question is, are the off site tape backups encrypted.?

2
0
Anonymous Coward

Tip of the iceberg...

My wife's been a teacher in quite a few schools now, and not one has had any idea about data security.

As previous people have stated, personal information is routinely emailed around or copied to USB sticks without any thought as to the consequences if it were to be lost.

She's even been emailed unencrypted information on children in preparation for a job interview !

Don't blame the schools here - most are blissfully unaware of their responsibilities. The failing is with the LEAs and the DfE.

1
0
This topic is closed for new posts.

Forums