Children’s personal data is at risk to cyber criminals as schools are failing to store it properly, an educational conference in Manchester claimed.
The new research revealed that schools are increasingly collecting private information – such as pupils’ fingerprints – but do not consider how to carefully save them.
Of the 1,000 schools studied that belong to the South West Grid for Learning (SWGfL), 48 percent of them rated themselves as having ‘no agreed personal data policy’ or one is being developed.
Up to 40 percent of schools use face recognition and fingerprint technology to allow students to take out library books, record attendance and pay for lunch.
Researcher Dr Sandra Leaton Gray, of the University of East Anglia, claimed schools kept databases with information such as where children live, their parents’ details or if they have special needs.
“If this information gets into the wrong hands, it can have big consequences for individuals,” she said. “Yet security levels in schools are inconsistent, and generally not as high as they should be.”
The findings reveal that 45 percent of schools were below the minimum level in the area of password security and 40 percent were below the minimum standard for technical security – the measures a school puts in place to protect its computer system from problems such as viruses.
A Department for Education spokesman said: “We take the security of pupils’ personal data very seriously.
“We have changed the law so that schools have to obtain parental permission before they take fingerprints or any kind of biometric data. This will come into force in September 2013.
“Under the Data Protection Act all data collected by schools must only be used for its stated purpose, cannot be shared with third parties for another purpose, must be kept securely and be destroyed when a pupil leaves their school.”