The Prospect Trust (The Trust), recognises the importance of data protection and is committed to protecting and safeguarding personal data.  This section of the website outlines the handling of personal data at the Trust and its constituent academies and the steps that are taken to mitigate the risk to any individual involved with the Trust.  The Trust strives to provide and maintain policies and procedures to reflect our legal responsibilities and best practice.

Data Security

The Trust takes information security very seriously and the Trust will use appropriate technical and organisational measures against unlawful or unauthorised processing of personal data and against the accidental loss of, or damage to, personal data.

 

Definition of a data breach

A data breach can be defined as the unintended loss of personal data relating to students, parents, staff or anyone connected to The Trust whose details are held on The Trust's systems.  Examples of possible breach scenarios are shown below:

 

• Loss or theft of equipment on which data is stored
• Inappropriate access controls allowing unauthorised use
• Equipment failure
• Poor data destruction procedures
• Human error, including accidental deletion
• Cyber attack/hacking
• “blagging” – where information is obtained by deception

 

In the event of a breach

Should a data breach occur, the Academy Lead and Data Protection Officer will investigate the cause, nature and severity of the breach.  The ICO (Information Commissioner’s Office), the Police and school stakeholders will be informed if deemed relevant.