AUDITORS have found big gaps in the way York schools deal with personal information about pupils and staff.
A survey of 20 schools was carried out by council auditors Mazars, and revealed that many schools are running the risk of serious data leaks, because they are not protecting, backing-up or keeping track of important information.
Mazars reported to City of York Council’s audit and governance committee last week, and warned councillors that major improvements were needed.
The surveys were sent to 20 York schools at random, but five failed to reply despite reminders.
Responses from the rest showed schools do not always know who is responsible for information security, and often are not using proper encryption to protect sensitive information if, for example, laptops are lost or stolen.
Max Thomas from Mazars told the committee: “We have discussed the issues with Lorraine Lunt, who is the council’s lead for information governance. She is very clear about the significance of the issues we have identified.
“It is very disappointing that five schools failed to respond despite reminders. That is something I am not happy with. The 15 surveys that did return provided enough information to allow us to draw conclusions about the state of arrangements in York schools.”
Among the problems spotted were the fact that a third of schools do not have encrypted memory sticks or laptops, and around the same number either do not check, or do not know, whether their backed-up data could be restored.
At the same time, many were not keeping proper records of when records are destroyed, and did not have agreements with other people they may have to share information with.
All the schools had the right anti-virus software and firewalls in place and they all made sure to get permission from parents before children were photographed.
Mazars gave only “limited assurance” on schools’ information governance, the second lowest level, and set out eight actions that had to be taken to improve the situation. A follow-up audit will check whether they have been implemented, and Mazars will report back around September 2017.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereLast Updated:
Report this comment Cancel