The rise in the popularity of BYOD in schools raises a number of data security issues for school leaders to consider.
What is BYOD? There has been a huge rise in the popularity of hand-held and tablet devices in the last few years, and some schools may allow staff to use their own personal devices to access school systems. This is commonly known as Bring Your Own Device, or BYOD, and there are advantages in allowing staff to provide their own IT equipment. However, the use of personal devices to access school systems raises a number of questions regarding the school management’s duty under the Data Protection Act (DPA). This is particularly so if the device is used to access the school MIS (e.g SIMS) or to hold any kind of staff or pupil information. It is important to remember that the school, as data controller, is still responsible for the security of the information; regardless of the ownership of the device used to access or process the data.
The risks - that BYOD device is owned and maintained by the user. This means that the school has little or no control over how, where or when it is used.