Data Policy

Sacred Heart Catholic Primary School, Leigh

Data Policy

Live and Learn with Jesus.

We follow Jesus through fairness, kindness, love, friendship and happiness.

INTRODUCTION

Computing in the 21st Century is an essential resource to support learning and teaching, as well as playing an important role in the everyday lives of children, young people and adults. Consequently, we believe pupils need a high-level of understanding with computers as this equips them to approach a problem in a systematic manner and then be able to find a solution using computational thinking and creativity. All our subjects are linked with computing and we ensure that our curriculum works alongside ‘The National Curriculum in England: computing programmes of study’. Our school builds in the use of technology in order to arm our young people with the skills to access life-long learning and employment.

Pupils are taught the principles of information and technology helping them to understand how to use a wide range of digital equipment from surfing the internet to understanding the complex workings of computers and programming. Computing also ensures that pupils become digitally literate – able to use, and express themselves and develop their ideas through, information and communication technology – at a level suitable for the future workplace and as active participants in a digital world (National Curriculum).

Purpose

As we follow ‘The National Curriculum in England: computing programmes of study’, we split our learning into various categories to ensure the children understand all the assorted aspect of computing. This helps them to recognise the difference between what makes each one relevant to their future, as well as their everyday lives.

Aim

Computing covers a wide range of resources including; web-based and online learning. It is also important to recognise the constant and fast paced evolution of computing within our society as a whole. Currently the internet technologies children and young people are using both inside and outside of the classroom include:

Social Networking
Blogs and Wikis
Creating games
Making Apps
Coding
Debugging
Using Algorithms
Podcasting
Websites
Learning Platforms and Virtual Learning Environments
E-mail and Instant Messaging
Video Broadcasting
Music Downloading
Gaming
Mobile/ Smart phones with text, video and web functionality
Other mobile devices with web functionality

Whilst making sure the children cover all the above technology, Sacred Heart teach Internet Safety, Computational Think, Programming, Creativity, Communication/Collaboration, Networking and Productivity, all of which (where possible), are linked to our core subjects. We try to close the digital divide, so that everyone has the opportunity to thrive (digital divide is the division that exists between those people who can use technology and are comfortable doing so, and those who are not).

Vaules

Children at Sacred Heart Catholic Primary School demonstrate the following values whilst learning about Computing by: Democracy

Listen to everyone’s ideas.
Work together as part of a team.
Develop knowledge of lawful computing behaviours.
Demonstrate respect for computing laws and each other.
Take responsibility for our own computing behaviours.
Challenge typecasting and injustice.
Exercise rights and personal freedoms safely through knowledge of E-safety.
Show respect for other cultures when undertaking research using computing devices.
Provide opportunities for pupils of all backgrounds to achieve in computing.
Co-operate with all the rules so computing devices are used effectively and safety.

Internet Safety

Whilst we try our upmost to monitor children inside school by using high levels of security software we are aware not everything is policed and this is even more so outside of school, therefore we do make sure all our children understand what to do and who to go to if they have a concern when using any online equipment, this could be a mobile phone, computer, tablet, etc..

Data Protection

Schools hold personal data on learners, staff and other people to help them conduct their day-to-day activities. We are aware that some of this information is sensitive and could be used by another person or criminal organisation to cause harm or distress to an individual. The loss of sensitive information can result in media coverage, and potentially damage the reputation of the school. Therefore we take every precaution to secure this information and abide by these laws
The Data Protection Act 1998/2018
The Computer Misuse Act 1990
The Copyright, Designs and Patents Act 1988
Creative Commons Licensing
The Freedom of Information Act 2000

Everybody in our school has a shared responsibility to secure any sensitive information used in our day to day professional duties and even staff not directly involved in data handling are made aware of the risks and threats and how to minimise them.

Both this policy and the Acceptable Use Agreement (for all staff, governors, visitors and pupils) are inclusive of both fixed and mobile internet; technologies provided by the school (such as PCs, laptops, tablets, webcams, whiteboards, voting systems, digital video equipment, etc); and technologies owned by pupils and staff, but brought onto school premises (such as laptops, mobile phones, camera phones, and portable media players, etc).

MONITORING

All monitoring, surveillance or investigative activities are conducted by computing authorised staff and comply with the Data Protection Act 1998/2018, the Human Rights Act 1998, the Computer Misuse Act 1990, the Regulation of Investigatory Powers Act 2000 (RIPA), the Lawful Business Practice Regulations 2000, the Copyright, Designs and Patents Act 1988, Creative Commons Licensing and the Freedom of Information Act 2000.

BREACHES

A breach or suspected breach of policy by a School employee, contractor or pupil may result in the temporary or permanent withdrawal of School computing hardware, software or services from the offending individual.

Any policy breach is grounds for disciplinary action in accordance with the School Disciplinary Procedure or, where appropriate, the HCC Disciplinary Procedure.

Policy breaches may also lead to criminal or civil proceedings.

The ICO's (GDPR) newest powers to issue monetary penalties updated on 25^th May 2018, are as follows

There are two tiers of administrative fines that can be levied as penalties for non-compliance: Up to €10 million, or 2% annual global turnover – whichever is higher. Up to €20 million, or 4% annual global turnover – whichever is higher this is for serious breaches of the Data Protection Act.

The data protection powers of the Information Commissioner's Office are to:

Conduct assessments to check organisations are complying with the Act;
Serve information notices requiring organisations to provide the Information Commissioner's Office with specified information within a certain time period;
Serve enforcement notices and 'stop now' orders where there has been a breach of the Act, requiring organisations to take (or refrain from taking) specified steps in order to ensure they comply with the law;
Prosecute those who commit criminal offences under the Act;
Conduct audits to assess whether organisations processing of personal data follows good practice,
Report to Parliament on data protection issues of concern
Staff should avoid leaving any portable or mobile computing equipment or removable storage media in unattended vehicles. Where this is not possible, keep it locked out of sight.
Staff should always carry portable and mobile computing equipment or removable media as hand luggage, and keep it under your control at all times
It is the responsibility of individual staff to ensure the security of any personal, sensitive, confidential and classified information contained in documents faxed, copied, scanned or printed.

Anyone expecting a confidential/sensitive fax or email, should ask the sender for notify before it is sent.

INCIDENT REPORTING

Any security breaches or attempts, loss of equipment and any unauthorised use or suspected misuse of computing must be immediately reported to the school’s e-Safety Co-ordinator. Additionally, all security breaches, lost/stolen equipment or data (including remote access Secure ID tokens and PINs), virus notifications, unsolicited emails, misuse or unauthorised use of computing and all other policy non-compliance must be reported to Mrs C Williams or Miss C Lawton.

DATA SECURITY

The accessing and appropriate use of school data is something that the school takes very seriously.

The school follows Becta guidelines Becta Schools - Leadership and management - Security - Data handling security guidance for schools (published Spring 2009) and the Local Authority guidance documents listed below

HGfL: School Admin: School Office: Data Protection and Freedom of Information

Headteacher’s Guidance – Data Security in Schools – Do’s and Don’ts

Network Manager/MIS Administrator or Manager Guidance – Data Security in Schools
Staff Guidance – Data Security in Schools – Do’s and Don’ts
SIRO/IAO Guidance – Data Security in Schools – Do’s and Don'ts

The Head and Computing leader’s documents contain advice about identifying information assets including an example of school policy that can be displayed at appropriate sites within the school or handed to visitors or guests.

SECURITY

The School gives relevant staff access to its Management Information System, with a unique ID and password
It is the responsibility of everyone to keep passwords secure
Staff are aware of their responsibility when accessing school data
Staff have been issued with the relevant guidance documents and the Policy for computing Acceptable Use
Staff have read the relevant guidance documents available on the SITSS website concerning ‘Safe Handling of Data’ (available on the grid at - https://www.thegrid.org.uk/info/traded/sitss/
Impact Levels and Protective Marking
All our computer equipment is protected by Smartwater.
All learners and staffs personal data is protected
Protect and caveat classifications that schools may use are;

PERSONAL e.g. personal information about an individual
APPOINTMENTS e.g. to be used for information about visits from the Queen or government ministers
LOCSEN e.g. for local sensitive information
STAFF e.g. Organisational staff only

Applying too high a protective marking can inhibit access, lead to unnecessary and expensive protective controls, and impair the efficiency of an organisation's business
Applying too low a protective marking may lead to damaging consequences and compromise of the asset
The sensitivity of an asset may change over time and it may be necessary to reclassify assets. If a document is being de-classified or the marking changed, the file should also be changed to reflect the highest marking within its contents
Reviews are continuing to look at the practical issues involved in applying protective markings to electronic and paper records and government representatives are working with suppliers to find ways of automatically marking reports and printouts

DISPOSAL OF REDUNDANT COMPUTING EQUIPMENT POLICY

All redundant computing equipment will be disposed of through an authorised agency or via the Wigan Business Services disposal scheme. This should include a written receipt for the item including an acceptance of responsibility for the destruction of any personal data
All redundant computing equipment that may have held personal data will have the storage media over written multiple times to ensure the data is irretrievably destroyed. Or if the storage media has failed it will be physically destroyed. We will only use authorised companies who will supply a written guarantee that this will happen
Disposal of any computing equipment will conform to:

Regulations: waste electrical and electronic equipment (WEEE)

https://www.gov.uk/guidance/regulations-waste-electrical-and-electronic-equipment

Dispose of business or commercial waste

https://www.gov.uk/managing-your-waste-an-overview

The Waste Electrical and Electronic Equipment Regulations 2013

http://www.legislation.gov.uk/uksi/2013/3113/contents/made

The Waste Electrical and Electronic Equipment (Amendment) (No. 2) Regulations 2018

http://www.legislation.gov.uk/uksi/2018/1214/pdfs/uksi_20181214_en.pdf

Recycling Electrical Items

https://www.electricalsafetyfirst.org.uk/guidance/safety-around-the-home/recycling-electrical-items/?gclid=CjwKCAjwp-X0BRAFEiwAheRui-5JxU4dnToNvnRAl1jhT-HLLPPRw3rscc07_3FoLvsTw9eEsEUZfRoCuPwQAvD_BwEcms

Home School Links

Our school website promotes the school and children’s achievements as well as providing information and communication between the school, parents and the local community. The website provides links to learning websites so the children can learn outside school, if they wish too. Our school has invested in several learning platforms which are very secure and the children can access these sites via links on the website, providing they have their own personal username and passwords. We also use the dojo platform to communicate to parents and to encourage children. This has had a positive effect as the children love posting all their achievements and parents can see via the rewards system how their child is doing.

Deployment of Computing/ICT Resources

To enable regular and whole class teaching of Computing/ICT, each class has a time slot in our fully equipped computer suite, as well as a bank of ipads for the classes to access and each class has their own computer stations which children can use if they don’t have use of computers at home. Each member of teaching staff has a laptop computer and iPad, which they are able to use at home. Every class has an interactive touch-screen board and they are all linked to our school server and network. All this is monitored via a high security software to ensure safety of everyone and no misuse.