A survey of more than 1,000 schools has found that inconsistent and non-existent data protection policies could be putting the personal information of children at risk.
The report was compiled by academics from East Anglia and Plymouth Universities and found that ‘nearly half [of the schools surveyed] had policies on children’s data security which fell below recommended levels.’
One of the report authors, Dr Sandra Leaton Gray, presented the findings to the British Educational Research Association’s (BERA) annual conference earlier this month.
She said: “Schools have created large databases with information about where children live, who their parents are, their routes to school, whether relatives are on the sex offenders’ register, whether they have special needs or whether they are known to social services, for example.
“If this information gets into the wrong hands, it can have big consequences for individuals. Yet security levels in schools are inconsistent, and generally not as high as they should be.”
This news comes after concerns last week about the use of CCTV surveillance cameras in school bathrooms.
The report goes on to suggest that the situation could get worse as young student teachers about to enter the profession ‘appear to have a relaxed attitude towards online security themselves.’
The report particularly singles out the use of biometric systems – a technology that is often used to simplify the process of borrowing library books or paying for school lunches. Around 40% of secondary schools and 10% of primary schools currently use biometric systems, according to the BERA.
But Dr Leaton Gray suggests that schools view this form of data collection as a matter of convenience, with ‘little thought about security or the implications for children.’
These findings are detailed in the paper entitled ‘Identity and biometrics – convenience at the cost of privacy in UK schools’.
Dr Leaton Gray describes how in one rural school the computer that contains the identity-checking software for the school library’s iris fingerprint scanner system was stored on a terminal that is publically accessible. The school had received no advice on data protection issues, the report says.
Not a data protection issue
However, in an exclusive blog for info4security, Dave Bulless, a biometrics expert from Ingersoll Rand Security Solutions, argues that there is no danger to students as biometric systems only store a student’s name against a number that the biometric scanner’s algorithm produces from their hand or fingerprint.
Bulless disputes that this is a data protection issue, saying: “Even if someone picked up the PC that the software is stored upon and walked off with it, it would offer up no personal information whatsoever.”
In its conclusion the report is damning of educational establishments saying they “cannot be relied upon to use biometrics responsibly.”
The report states: “Studies highlight the fact that biometrics are being introduced into schools with little consideration of the sensitivity of collection of children’s biometric data and moreover demonstrate that schools are not in a position to store and manage such data safely.”