top of page
  • dpadviceservice

Data Protection and remote working

As most schools remain open for the children of key workers and vulnerable children, there has been a move to staff working part of their time from school and part from home. You may have staff that are working from home whilst self-isolating or administrative staff who are now based at home throughout the duration of the lockdown. Whatever your school’s position, there is an increased amount of remote working and it is important to consider what impact this has on your compliance with data protection legislation.

This article considers the best type of device to use when working remotely and whether USB sticks are a good idea!

The first thing to say is that the following considerations are only relevant if a staff member is working on/using personal information.

What device are your members of staff using?

The best-case scenario is that staff should use a school issued laptop, have secure remote access to the school server and require multi-factor authentication to login. This offers the most secure method of remote working but is the most expensive to set up if you do not already have laptops for staff and remote server access set-up.

The next best scenario is that staff use their personal devices at home and login to the school server/software remotely using multi-factor authentication or, at least, a good password. The things to watch out for with this are keeping personal work separate from schoolwork and limiting access to the device for other family members.

A common scenario that I have come across is where staff have school issued laptops but do not have remote access to the server. In this instance, it is imperative that staff have set up secure/strong passwords/encryption to secure any data saved on the laptop. The best thing to do in this scenario is, to save work onto the laptop to work on remotely and then when back in school save the work back on to the network and permanently delete it from the laptop.

The worst-case scenario that should be avoided, is staff using personal computers with no remote access to the school server. The issues with using personal devices without access to the school server are that there is no guarantee that the device will have up-to-date anti-virus software, the device is often shared with several different family members, the device is not often secured by a strong password and there is an increased likelihood that data will be saved on the personal laptop and/or USB sticks.

If you have staff that fall into the worst-case scenario you will need to think about the level of risk involved. You should carry out a risk assessment and consider the personal information that the staff member is working on and what measures can be put in place to protect that information.

Should staff use a USB stick to save personal information?

Staff should always consider the most secure way of storing/working on personal information and USB sticks should not be the first choice. If it is necessary for staff members to use a USB stick then it should be encrypted/password protected.

The best-case scenario is that it should be a school issued USB stick so you are able to guarantee that it is secure. If staff members are to use their own USB stick, then you should consider making it a requirement that they bring it in to school so that you can encrypt/password protect it.

When storing personal information on a USB stick consider the risks involved and how easily the information may be accessed by someone else if the stick was lost.

If you require advice or assistance carrying out a risk assessment, you can contact

15 views0 comments


bottom of page