How to prevent being the next headline information security breach

Principle 7 of the Data Protection Act 1998, refers to appropriate security measures being in place to protect unauthorised or illegal processing of personal information. All personal data whether manual or electronic must be kept secure to prevent accidental loss, damage or destruction.

This includes emailing personal information in a secure way. Whilst internal messages are generally secure (e.g. within the school), those sent to external addresses are not considered secure enough for personal information. 

There are a couple of secure email systems available to schools:

• S2S System allows schools and the local authority to securely share information.
• Egress Switch allows schools to securely send emails and attachments to any email address external to the school.

Remember if an email containing sensitive personal information is sent to the wrong person or email address, this would be classed as an Information Security Breach and the Information Commissioners Office (ICO) who governs the legislation can issue fines of up to £500,000 for a serious breach.

It is vital that you understand the importance of protecting personal data, so start by reading Information Security Guidance for Schools. There is also lots of very good information on the ICO website.