Management Information Systems
Data protection and school information systems
The Data Protection Act 1998 states that anyone processing personal data must comply with the eight enforceable principles of good practice. These state that data must be:
- fairly and lawfully processed
- processed for limited purposes
- adequate, relevant and not excessive
- accurate
- not kept longer than necessary
- processed in accordance with the data subject's rights
- secure
- not transferred to countries without adequate protection.
Data Protection legislation applies to the school information management systems (SIMS).
Advice to schools on keeping data secure was produced by the former Government agency Becta and is available on the Becta archive.
Download the good practice note on the individuals' rights of access to examination records from the Information Commissioner’s Office which explains what kind of exam related material parents have the right to seek and be given.
Data protection and biometric technology
A school or institution considering introducing biometric technology (the technology used to measure, analyse and record an individual's characteristics) may be interested in draft guidance produced by the Scottish Government.
School e-Portfolios
Learning environment software may enable schools to hold electronic portfolios on individual pupils and teachers. Data Protection legislation applies to e-portfolios as it does to other learning environment facilities such as notice boards and chatrooms.
Questions for schools include:
- Has the school identified the appropriate levels of privacy on personal data contained within e-portfolios and has guidance been distributed to staff, pupils and parents - that is, who can see what, when and for how long?
- Are systems in place to ensure the ethical use of data collected?
- Are systems in place to ensure the validity of the information contained within e-portfolios?
- Does the school have/require a ‘gatekeeper’ for e-portfolios?
Computer misuse in schools
The Computer Misuse Act 1990 deals with the problem of hacking of computer systems. Legislation recognises three key offences:
- Unauthorised access to computer material.
- Unauthorised access with intent to commit or facilitate commission of further offences.
- Unauthorised modification of computer material.
Use of school systems for commercial purposes
School systems may not be used for unauthorised commercial transactions.
Neither teachers nor pupils should use the IT facilities for private financial gain or for commercial purposes.
Systems must not be used to either offer, provide, or purchase products or services unless prior approval to do so has been given.
Premium Rate Numbers and phone bills
The premium rate regulator, PhonepayPlus, has online awareness materials “PhoneBrain” for KS3 and KS4 pupils on dealing with problems with phone quizzes, online adverts, mobile phone subscriptions and premium rate bills. There is also advice for parents and teachers.
