Tomlinscote School is committed to maintaining the confidentiality of information held within its systems about staff, students, finances and operations. The Prospect Trust updated it's Data Protection Policy in December 2021 to reflect the importance of providing privacy and security for our students, staff, and parents.
Whilst we take all measures possible to ensure the protection of data, the School has put in place procedures to mitigate and reduce the impact of any data privacy issues. These are outlined below:
The Trust takes information security very seriously and the Trust will use appropriate technical and organisational measures against unlawful or unauthorised processing of personal data and against the accidental loss of, or damage to, personal data.
Definition of a data breach
A data breach can be defined as the unintended loss of personal data relating to students, parents, staff or anyone connected to the school whose details are held on the school systems. Examples of possible breach scenarios are shown below:
- Loss or theft of equipment on which data is stored
- Inappropriate access controls allowing unauthorised use
- Equipment failure
- Poor data destruction procedures
- Human error, including accidental deletion
- Cyber attack/hacking
- “blagging” – where information is obtained by deception
In the event of a breach
Should a data breach occur, the Data Protection Officer and Principal will investigate the cause, nature and severity of the breach and complete the attached three-part form. The ICO (Information Commissioner’s Office), the Police and school stakeholders will be informed if deemed relevant.
You can contact the School Data Protection Officer via email at firstname.lastname@example.org
The Data Protection Officer and Principal will examine the school’s Risk Register and identify if any further action can be taken to prevent further data loss and recover lost or damaged data.
This procedure is designed to be read in conjunction with the school’s Data Protection and e-Safety Policies and the following legal framework:
The Data Protection Act 1988
The Computer Misuse Act 1990
The General Data Protection Regulations (GDPR) which came into effect on 25th May 2018.