Back to school: information security in the education sector
September is well underway and with it so is the school term. In a few weeks, students will be back hard at work at University as the semester starts. Those of you working in the education sector – whether in a school or higher education facility – probably have a lot on your mind at the moment with new student intake to deal with as well as all the associated paperwork and data comes with that. But in the midst of registration and updating pupil records, are you fully aware of your information security responsibilities?
It’s highly likely that you have sensitive information in your files that includes student, pupil and staff names, addresses, medical information and birth dates, as well as reports, banking and financial data. Any of this information would be very tempting to data thieves who could potentially cause great harm to those in your care.
Did you know that last year the education sector reported the third highest number of data breaches to the Information Commissioner’s Office (ICO)? And you certainly don’t want to become another statistic, not least because the costs associated with security breaches are increasing, not just in terms of financial penalties but also in terms of reputation. While a fine of up to £500,000 would be a hard blow for your educational institution, just think of how your pupils, students, parents, governors and others key stakeholders would feel if they knew a security breach had happened. And think of the negative media that would follow.
For this reason, it’s critical to put in place robust information security policies which outline how confidential documents and data should be disposed of and stored before secure destruction by a reputable document destruction firm. This is the best way for those of you in the education sector to protect the confidential information of the children and young people in your care, as well as your adult stakeholders, of course.
Shred-it has put together some helpful advice to ensure that you can focus on delivering outstanding education to those in your care rather than having to deal with the negative effects of a security breach.
Tips for safeguarding information in their education sector:
- Stay informed: Learn about current laws and legislation that impact your organisation, and how to stay compliant.
- Establish a security plan: Make sure you have formal security policies in place.
- Educate and enforce: Everyone in your school, college or university needs to know, understand and follow your information security policies. Update staff, governors and other key stakeholders on a regular basis and post your policy and guidelines around your facility.
- Limit access: Only authorised personnel should handle confidential information.
- Create a retention policy: Determine which documents you must keep and for how long. Clearly mark a destruction date on all records in storage.
- Eliminate risk: Introduce a “shred-all” policy for ALL documents (confidential/sensitive and general) so that individual members of staff don’t have to decide what is – or isn’t – confidential. All shredded paper is recycled, so you’ll be doing your bit for the environment!
Interested in finding out more about how to protect the confidential information of your students, pupils and employees? Join the conversation on information security with Shred-it on Twitter @Shredit_UK. For more information, check out our handy factsheet on information security and document destruction in the education sector.