Privacy
Matthew Lindsay (Information Governance Officer & Data Protection Officer at Wellspring Academy Trust
Information Governance alongside ancillary issues such as data protection is a funny topic. Like many areas of compliance it’s not often viewed as exciting or compelling in any professional vein. The education sector is no different. The information governance role is often absent from the majority of educational institutions including MAT’s. Who wants to get into the nitty gritty of file access controls and data retention when there’s pupils to teach and cake in the kitchen?
Information governance subsequently becomes an area that is often overlooked or if not overlooked, is put to the bottom of the pile in the organisations hierarchy of needs. Strong information governance ensures that data is consistent, trustworthy and doesn’t get misused. This is increasingly critical as organisations face new data privacy regulations and rely more and more on data analytics to help optimise operations and drive business decision-making.
Without effective information governance:
- Data inconsistencies in different systems might not get resolved, resulting in data silo’s that don’t allow the MAT to make full use of system features or integrations.
- Decisions around data retention and disposal may not be taken with an inevitable outcome being the retention of data for excessive periods.
- Statutory requirements such as those under UK GDPR/DPA 2018 may not be possible. For example an academy may be routinely recording data that was an historical requirement but no longer has any purpose contrary to Article 5(1)(c).
- Systems and processes become less effective with academies and Trusts unable to locate data when they need it or accessing historic versions that contain inaccuracies.
- Individual academies incur a greater economic cost both in respect of wasted staff resources and increased storage fees.
These problems would then be compounded as the MAT expands. By having oversight into information governance at MAT level you can proactively reduce these negative possibilities, as opposed to being reactive. Information governance should also be given consideration during the due diligence process as this in turn this allows MAT’s to identify priority areas during the onboarding of new academies. Does that prospective academy have an attic full of old paper files that need to be electronically stored or securely disposed of? Can you be assured that subject access requests are being assiduously processed? Does the current SLT have a true grasp of which staff members have access to which data, both electronically and physically? Can pupils access sensitive information about their peers or teachers?
During the busy work day it might seem like there’s not enough time to consider these type of questions for your own academies and the MAT central team. By putting information governance at the heart of your processes and decision making, these concerns require less daily deliberation. As a result of progress there’s one less question on your mind and other processes become streamlined and less arduous, so much so that you may be surprised there’s still time for that cake.
Who wants to get into the nitty gritty of file access controls and data retention when there’s pupils to teach and cake in the kitchen?
MATTHEW LINDSAY
