Matthew Arnold & Baldwin LLP | Giving you a lot more than just law... » Schools

School and Union sign undertakings with Information Commissioner after unencrypted laptops with sensitive personal data on them are stolen

Paul Gershlick — Mon, 17 Oct 2011 21:10:30 +0000

The Association of School and College Leaders and Holly Park School have signed separate undertakings with the Information Commissioner’s Office after laptops containing sensitive personal data had been stolen. The sensitive personal data in each case included details of health, including trade union members and school pupils respectively. The laptops were unencrypted. The School did not even have a data protection policy in place. The ICO – the UK’s data protection regulator – has once again emphasised the importance of taking appropriate security measures to protect data, particularly with encrypting portable devices. The organisations at the centre of the breaches have agreed to take better steps to encrypt, as well as raising awareness and training amongst its users. The undertakings can be found here: http://www.ico.gov.uk/news/latest_news/2011/laptop-thefts-highlight-the-need-for-encryption-05102011.aspx.

Hospital agrees to improve data protection procedures after medical student loses dozens of patients’ sensitive health records on unencrypted memory stick

Paul Gershlick — Fri, 16 Sep 2011 11:20:10 +0000

The University Hospital of South Manchester NHS Foundation Trust has given formal undertakings to the Information Commissioner’s Office – the UK’s data protection regulator – to improve its data protection practices after a medical student lost an unencrypted memory stick containing 87 patients’ health records. Data controllers are obliged under data protection law to take appropriate steps to keep personal data secure, but even greater steps are needed if it involves sensitive personal data such as health records. The University Hospital has agreed to ensure that all students now have appropriate data security training and there will also be regular monitoring to ensure compliance with the data policies. The ICO sent out a warning to people who are involved with use of health data. It said: “Medics handle some of the most sensitive personal information possible and it is vital that they understand the need to keep it secure at all times.” It added that it would continue to work with healthcare bodies and education providers to ensure that data protection training is a mandatory part of people’s education.

Information Commissioner’s Office advocates students to examine the examiner’s comments

Simon Weinberg — Sat, 27 Aug 2011 15:27:37 +0000

Exam results were generally very good again this year. But the Information Commissioner’s Office has offered hope for people whose results were not quite as desired. The ICO has issued a statement encouraging students or their parents to obtain information about what the examiner thought about their work. Under the Data Protection Act, data controllers must provide people’s personal data if they request it. Accessing the information may help students and their parents decide on whether to go through a re-sit or go through a different path. The ICO’s statement can be found here: http://www.ico.gov.uk/news/latest_news/2011/students_can_request_examiners_comments_under_data_protection_laws_18082011.aspx.

ICO tells school to learn lesson of avoiding passwords for duplicate purposes after 20,000 people’s personal data compromised by hack attack

Mark Weston — Thu, 25 Aug 2011 15:26:34 +0000

Personal data belonging to 20,000 pupils, parents and teachers have been hacked after hackers (including one school pupil) on a school website managed to access the rest of the school’s systems. This was achieved by gaining entry after discovering that one user had used the same password for both systems. The data included names, addresses, photographs and medical history (and therefore included sensitive personal data). Although the school had advised users to avoid duplicate passwords, no checks were put in place to check that this recommendation was followed. Bay House School in Hampshire has now signed undertakings promising to the Information Commissioner’s Office that it will separate and encrypt sensitive personal data from basic identification and contact details, and to use different passwords for accessing different parts of the system. The ICO said that although it was hard to remember more than one password, it was vitally important to use different passwords to access different systems so that the databases can be kept secure. This is particularly important when young people are involved. The ICO’s statement can be found here: http://www.ico.gov.uk/news/latest_news/2011/hampshire_school_breached_data_protection_rules_08082011.aspx.

Information Commissioner tells parents to take photos as normal at seasonal school events

Paul Gershlick — Fri, 10 Dec 2010 17:32:20 +0000

The Information Commissioner has advised parents to continue taking photos for the family albums when their children appear in school plays and other seasonal performances. He says that the event is often a proud moment and should not be spoiled by people mis-quoting data protection laws as a reason to stop families taking photographs for their albums. In most cases, the Data Protection Act does not even apply if the photos are taken for private use. Even if it is the school that takes the photos, it can still ensure compliance with the Act by obtaining parents’ consent to photos being taken.

Boundaries – Financial Ruin v Compromise?

Faiza Ahmad — Tue, 01 Jun 2010 10:21:17 +0000

£30,000, £40,000, £75,000, £100,000 – significant amounts of money? Yes and these are all examples of the legal costs people across the country have recently spent on fighting boundary disputes with their neighbours. Would you spend £60,000 fighting your neighbour in Court over the colour they chose to paint their garden railings? Neighbour disputes can quickly escalate. Such a case ended up in the Court of Appeal last month and left one party a reported £60,000 poorer because they wanted garden railings to painted blue rather than black. A simple search on the internet reveals the reality of neighbours, who once lived in harmony, fighting tooth and nail, reaching the Court of Appeal , fighting over small strips of land which in monetary terms are often worth very little. Even more alarmingly, there was a report last month that Police are investigating a fatal stabbing which it is claimed was caused by a dispute between neighbours over a fence.

Legal costs in dealing with and fighting boundary disputes are notoriously out of line with the monetary value of the issues in dispute and the effect on neighbour relations and stress high. “Principles” take over and costs mount to £1000s before you know it. The alternative is for the parties to try to resolve matters by agreeing terms with eachother on the best terms possible for both parties. There might be no winner and no loser, but a solution which both parties can live with without incurring huge costs and without further souring relations.

Alternative dispute resolution can help at the outset once solicitors are involved. Parties coming together on site with a mediator and solicitors can often focus the parties’ minds on the reality of the situation. On site resolution seems the most sensible and cost effective method of dealing with such a dispute rather than lengthy correspondence, compliance with Court procedure, the associated costs and growing animosity. A day long mediation will be money well spent if not to resolve matters entirely then to at least narrow down the issues remaining in dispute. If matters cannot be resolved at such a meeting, then the parties can decide whether or not they wish to litigate and proceed with litigation but should be fully aware of the potential costs liability they may incur. This is not to say neighbours who wish to fight a boundary dispute should not, nor does it trivialise the importance of issues relating to someone’s property. It can be a commercial approach to dealing with what is otherwise an expensive and emotionally exhausting experience.

Employers demand greater skills for our 21st Century economy

Michael Delaney — Wed, 03 Mar 2010 18:14:55 +0000

Matthew Arnold & Baldwin’s employment team launched its HR Forum for local employers at lunch time today. We were delighted to hear from Sal Brinton a Director of the Association of Universities in the East of England and Chair of the East of England Regional Assembly Employment and Skills Panel. The talk explored the concerns of local employers ranging from sme”s to multi national corporations about the shortage of highly skilled employees available for recruitment in the east of England. There was also a discussion as to whether our Universities and other educational establishments are properly preparing our students for life in the work place, and whether University establishments should make it a requirement of their courses for students to undertake work experience before graduating.

Sal has already written about the event on her blog, http://www.salbrinton.org/

The deleagtes were drawn from the local HR business community and were able to net work with fellow HR collegues to share ideas and experiences. Our next meeting will be in June. Please email Heloise Paull (heloise.paull@mablaw.co.uk) if you work in the HR sector and would be interested in attending.

Mike Delaney

Partner – Employment

School admits to loss of laptop containing sensitive personal data of over 1,000 pupils and staff

Paul Gershlick — Tue, 22 Dec 2009 21:49:06 +0000

A school has admitted storing sensitive personal data of about 1,200 pupils and staff on an unencrypted laptop, which was subsequently stolen. The Information Commissioner’s Office – the regulator in charge of enforcing data protection laws in the UK – has decided not to issue an enforcement notice for breaches of the Data Protection Act 1998 against Waseley Hills High School and Sixth Form Centre in Birmingham. The ICO was satisfied with the school’s undertakings to increase security held on portable devices, use encryption where appropriate and train staff on data security issues.