The BERA also found that 45% of schools offered less than the minimum level for password security and 40% were below the minimum standard for virus and firewall protection in school IT networks. And in fact, as many as 20 schools may already have been targeted by hackers, according to the Times Educational Supplement (TES).
Most worryingly, the data also includes information on children’s parents, income level, interactions with social services, whether they have special needs, whether they have relatives on the sex offenders registry and other sensitive information that could be used by predators to target at-risk kids.
Secondary concerns to personal safety are myriad, including identity theft, biometric data becoming accessible by strangers and confidential student information being shared with the wrong parents or teachers.
In the plus column, about 40% of U.K secondary schools and 10% of primary schools use biometric systems like fingerprint, iris or palm recognition software for library services and payment for school lunches.
“If this information gets into the wrong hands, it can have big consequences for individuals,” said researcher Leaton Gray, of the University of East Anglia. “Yet security levels in schools are inconsistent, and generally not as high as they should be.”
There may be some relief on the horizon: the Data Protection Act is slated to take effect September 2013, which says that all data collected by schools must only be used for its stated purpose, cannot be shared with third parties for another purpose, must be kept securely and be destroyed when a pupil leaves the school. Also, it requires parental consent before schools can take fingerprints or any kind of biometric data.