We are seeking to deliver critical services during a period of unprecedented challenge due to the spread of Coronavirus. Given the current circumstances it has been necessary to consider the impact on our normal year end processes and some key changes have been made to the approach set out in our letter to you on 14 February. We are currently liaising with DE regarding our yearend financial reporting approach and timetable and will update you as soon as possible.
A significant number of schools have now recorded their schools’ stock on the EA stock portal and we welcome the engagement of school leaders in this important process.
To enable the valuation process to begin for 2019/20 stocktakes, the schools stocktake portal closed on Friday 3 April 2020. Whilst we acknowledge that the current pandemic will have impacted on many schools’ ability to fully contribute to this process, it is important that information that is currently on the system is verified and valued.
If your school has submitted a stock take (or input partial information to the stocktake portal), EA will value and review the information submitted over the coming weeks.
If your school did not participate in the 2019-20 stock take process, there will be a further opportunity to contribute in the 2020-21 financial year. If you have any queries about the stock take process or the impact on your school’s financial position, please contact email@example.com.
The current coronavirus pandemic will impact on EA’s ability to ensure that all year-end financial data is on the system before year end close on 10 April. As a result, there will be a change to the year-end processes for 2019-20 and EA is currently working to establish a new timetable and process.
Furthermore, following the closure of schools it is unlikely schools will be in a position to complete yearend processes, in line with the yearend letter issued to schools on 14 February 2020, e.g. receipting items received, verifying capital items (fixed assets) and identifying coding errors.
We are currently liaising with DE regarding our year-end financial reporting approach and timetable and will update you as soon as possible.
If you have not been able to complete the year end processes required by the year-end letter issued to schools on 14 February 2020, e.g. receipting items received, verifying capital items (fixed assets) and identifying coding errors, it is unlikely that EA will be in a position to confirm your school’s 2019-20 financial position.
We are currently liaising with DE regarding our year-end financial reporting approach and timetable and will update you as soon as possible.
You have an obligation to protect the health of your pupils and staff, but that doesn’t necessarily mean you need to gather lots of information about them. It is however reasonable to ask people to tell you if they are experiencing COVID-19 symptoms. Don’t collect more health data than you need and ensure that any information collected is treated with the appropriate safeguards to ensure confidentiality.
Yes. It’s unlikely your school will have to share information with authorities about specific individuals, but if it is necessary then data protection law won’t stop you from doing so.
During the pandemic, my school is worried that our data protection practices might not meet our usual standard or our response to information rights requests will take longer. Will the Information Commissioner’s Office take regulatory action against us?
No. The ICO has confirmed that it understands that resources, whether they are finances or people, might be diverted away from usual compliance or information governance work and that it won’t penalise organisations that it knows need to prioritise other areas or adapt their usual approach during this extraordinary period.
The ICO has also confirmed that whilst it can’t extend statutory timescales, it will tell people through its own communications channels that they may experience understandable delays when making information rights requests during the pandemic.
The ICO has also confirmed that it will be taking the same pragmatic approach in relation to any delays in responding to FOI requests during the pandemic.
More of our staff will be homeworking and arrangements will have to be made to facilitate remote learning during the pandemic. What kind of security measures should my school have in place for homeworking and remote learning during this period?
Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.
Due to the security provided by C2K it is, as always, recommended that staff use C2k email addresses to email any personal information or sensitive documents – the C2K file management system is also recommended for transfers from work to home.
In the event of a decision to close all schools and educational settings on a longer term basis, the priority will be to ensure that teaching and learning continues. Vital aspects of the work of your school can be maintained by logging in to the MySchool portal via www.c2kschools.net and using the following C2k on-line Learning and Teaching Services:
- C2k Exchange (information portal for Staff only)
- C2k Newsdesk and Seomra Nuachta (daily news stories and curriculum linked activities plus much more)
- Fronter (Online learning environment where staff can create their own rooms and a range of ‘Ready-to-Go’ rooms are also available. See further information below.)
- Office 365 (opt-in service providing online collaboration space and productivity tools)
- G Suite (opt-in service providing online collaboration space and productivity tools)
- Equella (library of resources)
- C2k Media Library (online video resources)
- MyFiles (access to Documents and Shared Resources drives in school);
- Video Conferencing services: Collaborate Ultra
- Eclipse and Junior Librarian (links to curriculum related websites)
- Learning Exchange (service information and guidance for staff and students)
SIMS/FMS (Staff only) via https://remote.c2kschools.net from a C2k Laptop
For more information and guidance on how schools can use C2k services to ensure that teaching and learning continues in the event of schools having to close please refer to ‘Information Sheet EN091 – Extending teaching and learning beyond the school.pdf’ which is available on the C2k Exchange.
For further details on SIMS view Information Sheet EN088 and for FMS view EN128 which are available on the C2k Exchange.
Any member of school staff working remotely is responsible for ensuring that they work securely and protect personal information about pupils (and their families) or school staff from loss or unauthorised access.
What responsibilities do school staff have when working remotely using computers or mobile devices?
You must take care when working on any document or system containing personal information about pupils (and their families) or staff. In particular, you should ensure that you are not in a place where anyone could overlook your screen.
You must not allow non-school staff (including family and friends) to access personal information about pupils and their families.
Working remotely on any document or system containing personal information about pupils (and their families) or staff using a computer or mobile device is a significant information security risk if you are not careful when doing so. If you are working on any document or
system containing personal information about pupils (and their families) or staff but move away from your screen for any reason, you should lock it.
Are there likely to be any increased cybersecurity and Coronavirus-related Phishing threats when working remotely?
School staff, parents and pupils should remain vigilant of increased cybersecurity threats, some of which may specifically target remote access arrangements. Unfortunately, cybercriminals will not be curtailing their efforts to access valuable data during the pandemic, and in fact, will likely seek to take advantage of some of the confusion and communication issues that might arise under the circumstances.
School staff, parents and pupils should also be vigilant of phishing emails with malicious links disguised as coronavirus information or updates.
Can school staff take paper files containing personal information out of the school for homeworking and what kind of security measures should we have in place for homeworking with paper files?
The use, transportation or storage of hard copy documents containing personal information is a high information security risk when working remotely. Therefore, where possible, the use of paper documents containing personal information outside of your school should be kept to a minimum.
However, where it is necessary to take paper files out of the school, a log should be kept recording when any paper file is taken out of school. This log must record a file reference or a description of the nature/contents of the file, the member of school staff that has taken the file out of the school, the date it was taken out of the school and the date the file is returned. The staff member that takes the file from the school should sign the log entry when they remove the file from the school and when the file is returned to the school.
Where there is a need to take paper files out of the school, the papers should be securely bound within an appropriate folder – not a loose bundle of papers. Paper files should be carried in an appropriate bag or box so that they are not on display and there is less risk of them being dropped. The staff member taking the papers should go straight home with the papers.
Steps should be taken to store papers securely at home, locking them away either during the day whilst not working on them and at the end of each working day.
When working from home you should ensure that you are not in a place where anyone could overlook the papers you are working on.
If school staff have to rely more on the use Skype, video conferencing or telephone calls during the pandemic, is there any advice which we should follow in this respect?
Where you are using Skype, video conferencing or telephone to enable you to work remotely, you should ensure that you cannot be overheard by members of the public, other members of the household or any visitors.
What else should my school do to ensure that it does not breach its data protection obligations during the pandemic?
Whilst the advice issued by the ICO referred to above highlights that it may not be possible for data controllers to meet their usual standards in all respects (e.g. it may not be possible to respond to information requests received within the usual statutory timeframes), schools should adhere to the usual standards of data protection during the COVID-19 pandemic to the extent reasonably possible.
In particular, schools should continue to exercise the usual standard of care when processing personal information relating pupils (and their families) and staff. Any personal information relating to pupils (and their families) or staff should continue to be communicated in a way that ensures that there is no unauthorised access to such information.
As always, schools should take care to ensure that the contact details which they hold for pupils and parents (e.g. home addresses, email addresses and telephone numbers) are accurate and up to date, and that care is taken to ensure that all communications containing personal information are correctly addressed.
Also, when putting arrangements in place to provide parents and pupils with resources and online links to enable children to continue their education in a home setting, schools should be mindful that the personal information of pupils or parents should not be disclosed to other pupils or parents. For example, if textual resources or links to online resources are being emailed to all parents in a particular class or year group, the email should be blind copied to all recipients so that the other recipients’ email addresses are not disclosed.
Can my school use mobile messaging apps (such as WhatsApp) to communicate with parents during any school closures caused by the pandemic?
Whilst parents may choose to establish their own private groups on mobile messaging apps (such as WhatsApp) to communicate with each other during any school closures if they wish, the Authority would advise against schools using such apps for official school communications. Firstly, when such groups are set up every person in that group usually has their phone number, and possibly a profile photograph if they have one, shared with every other person in the group (and usually without giving their consent for their personal data to be shared in this manner). Also, the lack of auditing and editing ability the school would have over such groups would make it difficult for the school to comply with a Subject Access Request or a request for deletion if one were received. There may also be an issue with such groups as to the location of the storage of information within them. In addition to these data protection issues, there is also the risk of unsuitable material (or personal information) being posted to such groups.
What should staff do if a Personal Data Security Incident is confirmed or suspected when working remotely?
All staff must report any loss or suspected loss, or any unauthorised disclosure or suspected unauthorised disclosure, of any personal data relating to pupils (and their families) or school staff immediately to the school principal and the school’s Data Protection Officer (DPO). If your school has appointed EA to be its DPO then the confirmed or suspected personal data breach should be reported to EA’s Information Governance Team by emailing firstname.lastname@example.org followed up immediately by a phone call to the EA’s Information Governance Team on 028 8241 1300.
Under GDPR and the Data Protection Act 2018, the exam scripts exemption means candidates do not have the right to copies of their answers to exam questions. They can however request the information recorded by the person marking the exam. If an individual makes a subject access request for information recorded by the person marking the exam before the results are announced, special rules apply to how long you have to comply with the request.
Due to the coronavirus pandemic many pupils will not be sitting exams this year. Instead, teachers will be conducting and submitting pupil assessments, which will be used to award grades. The Information Commissioner’s Office (ICO) has confirmed that the exam scripts exemption will still apply to the information used to award students’ grades in these unusual circumstances.
If an individual makes a request for access to pupil assessment information before the official results are announced, the special rules under the exam scripts exemption referred to above allow for longer response times. The timeframe for responding to requests received before the official results are announced are either:
- within five months of receiving the request; or
- within 40 days of announcing the exam results, whichever date is earliest.
Requests for such information made after the results are announced need to be dealt with as normal subject access requests (although the ICO understands there may be delays during the COVID-19 pandemic).
The Authority’s ‘Think Data’ online resource hub provides support materials, detailed guidance documents and useful templates that schools can use to ensure they are compliant with data protection legislation - www.eani.org.uk/thinkdata. The Authority’s Information Governance team is also available to advise and assist schools in this respect.
If you require further advice and guidance you can call 028 8241 1300 or email email@example.com.
A number of tools and applications can be accessed from home. These include:
- Email via Office 365 icon.
- Schools documents via the MyFiles icon provides access to a user’s personal documents as well as Shared Resources. In addition, Private Folders are also available for those users with appropriate permissions.
- Fronter (virtual learning environment).
- G Suite for Education, including Google classroom (where a school has opted in).
- Office 365, including Microsoft Teams (where a school has opted in).
- Collaborate Ultra – videoconferencing and virtual classroom.
A more detailed guide to services available outside school can be found in Information Sheet EN091 on C2k Exchange.
SIMS is available from home on a C2k laptop. Detailed instructions on how to set this up can be found in Information Sheet EN088 on C2k Exchange and most modules are available using this solution.
Currently only nominated Exams Organiser and Opera Payroll users have access to a device in school.
Users setup for SIMS Teacher App can view personal timetabled lessons, record attendance, behaviour, achievements and assessment.
All Payroll schools have been contacted to nominate a user for accessing their school device.
FMS is also available from home on a C2k laptop. Detailed instructions on accessing FMS can be found in Information Sheet EN128 on C2k Exchange.
At present, password resets can be carried out for all users by C2k Managers from your school and by members of staff for students.
In cases where it is not possible to contact your school a new process is being put in place to facilitate the resetting of pupil passwords. Details of this new process will be provided to all schools shortly.
I am unable to log in to Office 365 or G Suite with my normal C2k username and password. What can I do?
Office 365 and G Suite are only available to schools that have opted in to these services. If your school has not opted in, you will be unable to access them.
If your school has opted in to one of these services, you must log in with your C2k username in the format firstname.lastname@example.org.