Newsflash - Effect of Coronavirus on our Data Protection obligations
(17)_1000.png "Newsflash - Effect of Coronavirus on our Data Protection obligations")
Effect of Coronavirus on our Data Protection obligations
The Coronavirus Covid 19 pandemic is already starting to have an impact on schools with some having to close down briefly due to cases with staff and students and there is the possibility that the government could shut down all schools to prevent further spread of the virus. You may have already started preparing for this possibility and we should all be checking government guidance which is changing daily. However in the meantime, we thought it would be useful to provide a brief overview of the data protection implications of such an action.
Home working
If select staff are going to work from home, you need to consider firstly whether they will be taking any records home. The legal requirement is, when handling personal data, to put in place “appropriate” security measures – by following the steps below this should help comply with this requirement and limit the possibility of a data breach occurring
Electronic Records
The preferred method for home working is for schools to use cloud-based systems such as one drive and google drive (as the data can be easily accessed and controlled remotely). For those that do have this system, it may be useful to start thinking about who will need access. Where staff have school issued laptops and iPads that they are taking home with them, those devices should have complex passwords on them to limit the risk should they become lost or accessible to unauthorised individuals. In addition, where possible, laptops should be encrypted.
Other good practice measures for electronic devices include: [1] having staff sign acceptable use agreements or statements (and if you have these in place already you may want to remind staff of acceptable use statements prior to them working from home) and [2] implementing two factor authentication to log onto emails or Microsoft/Google networks (this normally means that the user will need to type in a code sent to their mobile device in order to identify it is in fact them who is working from home).
Memory Sticks
There is nothing preventing schools from using memory sticks but they do cause a security risk as they regularly go missing and if there are no security features on the stick this could risk exposure of that data. If you do need to use memory sticks, we would suggest issuing them to staff and ensure they are encrypted. Staff using their own memory sticks should be actively discouraged as there can be no guarantee that they are encrypting them.
Paper Records
If paper files need to be taken off site there should be a heightened sense of security as it is more difficult to keep that data secure as opposed to data stored on cloud-based systems. There is no set guidance on what paper files staff can and cannot take home but you may want to ensure that staff only take the paper files that are necessary for them to complete the required work. Where possible you may also want to limit sensitive data being taken home such as medical and safeguarding data. You could consider getting staff to sign out files they take off site (so you have a record of what has gone off site).
We would also advise reminding staff that they need to exercise caution when taking these files home, not to leave them in their cars and where possible to secure them away (for example in a lockable draw or filing cabinet) at home.
Subject Access Requests
It is possible that if your school closes for a period of time this may affect your ability to comply with a subject access request within the required legal time limit of one calendar month. For the moment this should be judged on a case by case basis – please let us know as early as possible if you are likely to experience any difficulty in complying with the time limit so we can inform the requester in good time for the length and reason for delay.
Do email dataservices@judicium.com should you require advice on subject access requests or remote working.
Related content
.png)
This is a summary taken from Judicium’s HR ‘Sofa Session’ from 30th of April, with Jenny Salero, Kelly Rayner and Suzanne Ravenhall. This session is a Q&A covering all stages of HR grievance processes in education, focusing on effective management to ensure concerns are addressed and staff well-being is supported.
.png)
A practical guide to help UK schools respond to cyber-attacks, meet legal obligations, and strengthen their overall cybersecurity resilience.
Discover why Judicium has been shortlisted for Fire Safety Consultancy of the Year at the 2025 FSM Awards, recognising our expert support for schools and trusts in delivering sector-specific, compliant, and practical fire safety solutions.
This blog deep dives into the everyday life of a Multi Academy Trust (MAT) Designated Safeguarding Lead (DSL). For a DSL, every decision echoes across schools, staff, and pupils. It’s a responsibility that requires a steady hand, sharp focus, and unshakable resolve. With over 22,000 multi-academy trusts in the UK, the role of a MAT DSL has become increasingly serious.
Volume 2 of our ‘A Day in the Life of a DSL’ series takes a deeper dive into the role of the Designated Safeguarding Lead (DSL) within schools. For many DSLs, the reality involves navigating unpredictable, emotionally charged situations that require immediate action. Their role isn’t about ticking boxes — it’s about making decisions that can profoundly impact a child’s life.
Attracting top talent in a school or academy trust’s recruitment process is crucial for ensuring they are staffed with the best teachers, administrators, and support staff. However, attracting the best talent is often easier said than done. In this blog, we will explore effective strategies that school and academy trust leaders can use to attract top talent and sustain a strong, successful team for ongoing success.
Sofa Sessions | HR