Data Protecon and E-Safety Policy

Transcription

1 Data Protecon and E-Safety Policy From Staff Policies Contents 1 Relevant legislaon 2Purpose 3 Principles 4Detail 5 Roles and Responsibilies 6 Monitoring and Evaluaon 7 Related Documents and Locaons 8 Related Policies Relevant legislaon Computer Misuse Act (1990) (h-p:// /contents) Copyright Design & Patents Act (1988) (h-p:// /1988/48/contents) Policy Details Legal Status Statutory Adopted May 2012 Version Date April 2016 Last Review April 2016 Next Review April 2017 Responsible SMT NH Data Protecon Act (DPA) (1998)(h-p:// Freedom of Act (FOIA)(2000)(h-p:// Police & Jusce Act (2006)(h-p:// Regulaon of Invesgatory Powers Act (2000)(h-p:// Purpose To ensure that : all aspects of data use at Priory School conform to the relevant legislaon there is no detriment to data subjects and the integrity and security of data is preserved data is used effecvely and for the described purpose e-safety responsibilies are clear and best pracce is followed by all stakeholders Principles The school believes in the welfare of data subjects and the handling of data with cauon, confidenality and sensivity. It will therefore comply fully with the DPA s Data Protecon Principles, which state that

2 personal informaon must be : Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate Not kept longer than is necessary Processed in accordance with an individual s rights Kept secure Not transferred without adequate protecon In addion the school will ensure that : E-safety is treated as both a child protecon issue (rather than an ICT issue) and a partnership concern, not limited to school premises, equipment or hours. Internet access is filtered and monitored, and an E-Safety Working Group meets regularly to review best pracce. Appropriate protecon is in place to protect the computer network against unauthorised intrusion or malicious sogware, and data is regularly backed up to ensure business connuity. Data held on the network is protected by appropriate access permissions, and storage areas for sensive data and equipment are physically secured. Accurate inventories are maintained of sogware/hardware and unauthorized sogware/hardware is prohibited. Security is regarded as paramount in the procurement, implementaon and development of new systems. Users are made aware that the school reserves the right to monitor any informaon on the network for auding, maintenance and security purposes. Detail Data protecon and e-safety are closely linked and the following is a list of current procedures relang to either or both. As new technologies come into use, best pracce may change rapidly and therefore these operaonal documents may be updated as circumstances require, within the principles of this policy but without the need for further consultaon. Data in Transit Data Protecon Guidance Data Retenon Schedule for Schools (ESCC) Guidelines FOI Publicaon Scheme Guidelines for Staff Transferring Data Security and E-safety Incidents Storage, Retenon and Disposal Keeping Personal Safe During Off-Site Visits (ESCC) Markbook Personal Devices Rules for Students Personal Devices Guidance for Visitors Responding to Requests for Social Media Student Misuse of Computers

3 Telephone Security Use of Images of Children Roles and Responsibilies The Governing Body is responsible for reviewing the policy annually The Headteacher has shared responsibility with the Manager for data security and integrity has shared responsibility with the Manager for nofying the Commissioner s Office under the DPA The Manager has shared responsibility with the Headteacher for data security and integrity has shared responsibility with the Headteacher for nofying the Commissioner s Office under the DPA is the designated E-Safety Officer has overall responsibility for managing the network and monitoring compliance with the procedures detailed above The Data Manager will determine access rights to the different SIMS modules and ensure their effecve operaon Staff and other authorised users (e.g. PGCE students, Governors, EWO) must follow the procedures detailed above Staff, Student and other authorised users must sign and follow the AUP Internal Network or the AUP - Student as appropriate must follow the AUP External Services if using external services such as remote access must sign and follow the AUP (BYOD) - Staff or AUP (BYOD) - Visitors as appropriate if using BYOD (Bring Your Own Device) Parents and carers must provide the school with up-to-date informaon as appropriate and when requested must ensure that the data they supply to the school is accurate must follow the AUP External Services if using external services such as remote access Failure to follow the procedures or Acceptable Use Policies (AUPs) referred to above may lead to sancons, disciplinary acon or the involvement of the police or local authority. Monitoring and Evaluaon This policy will be updated as necessary to reflect best pracce and to ensure compliance with any changes or amendments made to the relevant legislaon. The Governing Body will monitor the effecveness of the policy through its Strategic Organisaon Commi-ee, and review it as part of their cycle of Policy Review.

4 Related Documents and Locaons Data Protecon Incident Report Form Discovery of Indecent Material - Guidance for ICT Technicians E-Safety Advice To Students E-Safety and Data Protecon Incidents Guidance E-Safety Incident Report Form ESCC Security Breach Management Plan for Schools FOI Detailed Definions for Publicaon Scheme ICT Support Service Level Agreement Destrucon Log - electronic ( Manager) Destrucon Log - paper (Office Manager) Internet Access for ICT Technicians Personal Data Release Form Privacy Noce Staff Home Computer Service Request Form Year 11 Privacy Noce Related Policies An-Bullying Policy CCTV Policy Child Protecon Policy Student Behaviour Policy This page was last modified on 23 May 2016, at 12:53. Related s Data in Transit Data Protecon Guidance Data Retenon Schedule for Schools (ESCC) Guidelines FOI Publicaon Scheme Guidelines for Staff Transferring Data Security and E-safety Incidents Storage, Retenon and Disposal Internet Access for ICT Technicians Keeping Personal Safe During Off-Site Visits (ESCC) Markbook Personal Devices Rules for Students Personal Devices

5 Guidance for Visitors Responding to Requests for Social Media Student Misuse of Computers Telephone Security Use of Images of Children