Further education and skills

The Data Protection Act 1998 requires all organisations to secure any personal data they hold. This covers data held both electronically and on paper.

Personal data is any combination of data items that identifies an individual and gives specific information about them, their families or circumstances. This includes names, contact details, gender, dates of birth, behaviour and assessment records. The Data Protection Act 1998 specifies additional data items as ‘sensitive personal data’, this includes medical records, criminal convictions and ethnic origin.

Revised good practice guides

Produced by Becta on behalf of the Department for Children, Schools and Families, these revised good practice guides have been reviewed and updated with feedback from a number of cross-sector organisations including DCSF, BIS, JISC Legal, The Information Authority and JANET(UK), as well as from schools, local authorities, RBCs and suppliers.

We have based our guides on the measures contained in the following Cabinet Office documents:

Data Handling Procedures in Government: Final report
HMG Security Policy Framework

These set out the measures central government departments and their agencies must adopt to protect sensitive and personal data. Becta’s guides are a practical interpretation of these measures that should be considered by schools, colleges and universities to help minimise the risk of data being lost or corrupted and any subsequent adverse consequences such as identity theft, news headlines or breaches of statutory/legal obligations.

Information Security is everyone's responsibility and needs to be embedded into culture and ways of working, therefore, we encourage you to contribute to discuss data handling and information security and to feedback on these guides by joining our online community.

Keeping data secure, safe and legal is a summary document for network managers, senior leaders or staff with a responsibility for securing data. It outlines the key measures organisations should adopt.

Keeping data secure, safe and legal is available in Word (159KB) PDF (304KB) and OpenDocument text format (83KB).

Dos and Don’ts is a common sense guide that senior leaders can make available to staff to ensure everyone within an organisation knows how they should be helping keep data secure.

Dos and Don'ts is available in Word (102KB) PDF (194KB) and OpenDocument text format (76KB).

The following documents are more technical good practice guides for network managers and those responsible for implementing technical solutions. Each guide gives details of the measures organisations should adopt together with starting points for putting the measure in place.

Information risk management and protective markings available in Word (224KB), PDF (134KB) and OpenDocument text format (81KB).

Data encryption available in Word (194KB) PDF (355KB) and OpenDocument text format (78KB)

Audit logging and incident handling available in Word (645KB) PDF (844KB) and OpenDocument text format (540KB)

Secure remote access available in Word (205KB) PDF (527KB) and OpenDocument text format (120KB).

These guides describe procedures and possible technical and operational solutions that can help organisations reduce the risks of data security incidents and comply with current legislation. They are not definitive and may not cover the full range of technologies, products and procedures organisations can use to secure data, but are indicative of the types of solutions that should be put in place. Becta will update these guides to reflect new developments when needed.

Discuss

Join our online community to discuss information handling and the good practice guides.

Further information

The Information Commissioner’s Office has more advice on the Data Protection Act.

Further guidance on the application of the Data Protection Act to UK further and higher education institutions is available from JISC Legal information service  website and more information regarding records management can be found at JISC infoNet website.