Dealing with confidential information in schools

24 Jul 2018
article 4 minute read

Using a simple traffic light system for categorising types of information commonly found in schools and the classroom.


This isn’t intended to be an exhaustive list but is a good overview of the types of information found in schools and how they should be best handled to ensure data protection and confidentiality.


High confidentiality data (such as that listed below) should only be stored on a secure system, encrypted both in transit and at rest. Access to this data should be secured by two-factor logons and should only be given to authorised users within your organisation, and to outside contractors/individuals only when necessary.

External users should also adhere to equivalent security practices (e.g. restricted access and two-factor logins). This type of data should not be removed from your systems and duplicated, unless under exceptional circumstances.

Most of the data below would typically be held within an MIS system, but there may be other sources, such as a SEN Register or spreadsheet that would also be considered to contain highly confidential data.


Medium confidentiality data should only be stored on a organisation system or device, encrypted both in transit and at rest. Access to this data should be secured by two-factor logons.

This sort of data may be shared with third-party contractors, organisations and individuals where required for the fulfilment of services (e.g. trips and visits) but only where people have been informed (generally via data processing or consent forms).

Typically, medium confidentiality data may reside under the control of individuals within the organisations (e.g. teacher markbooks in their Google Drive) rather than fully centralised systems.


Low confidentiality information should not contain any personal data at all. This means they can be stored on any device, and do not need any special handling or logons.

They can be widely shared with other colleagues both inside and outside your organisation. Continuity of access is more critical with this type of information (e.g. ensuring lesson plans are not lost when staff leave).


Overlaying this information onto your documents is an excellent way to ensure everyone knows what sort of information they are dealing with! You can use Google metadata and this handy Chrome Extension to do just that. Simply install it and sign in with your Google Account. Then you can add tags to your documents to indicate how confidential the information is with them.

Tagged Education, Google, Storage

Related Google Calendars on the Web (01 Sep 2018), Protecting Data with Google Drive (14 Aug 2018), Fundamentals of Web Filtering & Logging (02 Jul 2018)