The study has exposed gaps in data disposal provisions that could potentially leave educational establishments open to “problematic data breaches and identity fraud”.
There is certainly no room for complacency, as 79% of those individuals surveyed said that the threat posed by lost or inadequately disposed of data had either increased or stayed the same over the past 12 months.
In addition, 34% of school staff reported that they did not receive training or guidance regarding data protection issues.
The BSIA research surveyed the experiences of head teachers, deputy heads, teaching staff, bursars and administrators from nearly 100 schools across the UK, and revealed that their biggest concern was – perhaps not surprisingly – student records (at 79%).
Some way behind this was financial data at 11.5%, while staff details were selected by 5.2% of those who replied.
Professional solutions providers working to EN15713
Crucially, a concerning fact unearthed by the research is that only 34% of schools confirmed that they were using a professional company to oversee the destruction of their confidential data, which means that 66% either were not or did not know about such services.
For those who are using a professional provider, just over half knew if this sensitive task was being undertaken by an operator that meets the key European standard in this area, namely EN15713.
Looking at what material was most challenging for schools to dispose of, the survey results were nearly equally split between paper on 47% and data processing related media – CDs, DVDs and memory sticks – on 46%, showing that traditional materials like paper still account for a significant proportion of schools’ data disposal requirements.
The survey also aimed to identify where responsibility lay within schools for ensuring compliance with information destruction requirements like those laid down in the Data Protection Act. For this, head teachers held a substantial lead at 57%, more than everyone else combined.
Bursars also were prominent, being highlighted as the key figure in 9.4% of cases.
Renewed focus on information destruction
Anthony Pearlgood, chairman of the BSIA’s Information Destruction Section, commented: “The results of this survey serve to underline the fact that educational establishments need to place a renewed focus on how they deal with information destruction. Given the repercussions when things go wrong it’s imperative that this process is handled in a professional manner and, where it’s being outsourced, that searching questions are asked to ensure that any provider is actually working to the pivotal EN15713 standard.”
He added: “In addition to the findings from the school-focused survey, we also conducted parallel research to find out what members of the BSIA’s ID Section are seeing ‘on the ground’ in their dealings with a wide range of education providers in this security-critical area. The education sector is certainly a key market for our members, with 87% confirming that they have supplied services to this area over the past year. Of these, 71% stated that they had seen their business increase or stay the same in this time. Where there was an increase, this was attributed by members to a greater awareness of the risk of data breaches.”
Section members also said that the key decision-makers in schools on this issue are the head teacher and bursar, paralleling the separate BSIA school survey.
“With the sector survey we also wanted to find out how education customers had been handling information destruction prior to using a BSIA member company. Interestingly, our members reported that in their experience 43% of cases involved local authority or general waste for disposal – far from ideal – and, worryingly, only 14.3% of educational establishments were actually relying on a provider of a similar quality level to a BSIA member company. Again, these findings are in line with the school-specific survey.”
For more information on secure data destruction and Best Practice click here
- The BSIA’s Information Destruction Section consists of companies that securely destroy a range of confidential information, including paper, DVDs and computer hard drives. The Section’s members also destroy items that could potentially cause problems if they fall into the wrong hands, such as branded products and uniforms, and have extensive experience of supplying solutions to a wide range of customers.