Data Protection and Transfer Agreement
The data required is to create user accounts in the EDLounge system, the users have chance to create and/ or update information including usernames and passwords.EDLounge is an online e-learning resource that requires the procurement of student and teacher data to help create user accounts effectively and efficiently.
The student data can only be viewed and edited by users who are given access, by the consent of the establishment, i.e. teaching staff. Teaching staff however, can only be defined to particular individuals and/or groups, if desired. All user events are comprehensively logged, allowing an audit trail of what events have been completed and by which user.
The data required is a user’s Forename, Middle Name, Surname, Date of Birth, Year group, Ethnicity, Language, Special Educational Needs, predicted subject levels/grades, achieved subject levels/grades.
The benefits of data being used by the EDLounge system:
- To identify users
- To help mass upload the data to create accurate and correct user accounts
- To help track and monitor attendance and performance of all users
- The data would help with the filtering of user cohorts
- To save time for the end user to input individual accounts
- If schools do not wish to pass on data, there is the opportunity to create user accounts manually in the system; this however can be prone to user error
- Accounts can be manually configured anonymously
EDLounge Data Protection Policy for SIMS Integration
For EDLounge to work effectively the system requires student and teacher information from SIMS to allow the resource to help track each student’s performance, activity and progress.
The data given by schools is fully under their control, and we abide by very stringent policies and procedures in storing and processing any data received. This document highlights and details what data is captured, along with the reasoning for such a capture. This policy specifically targets the account creation on the EDLounge system for both students and teachers who will use the resource.
We capture and store the following student data also highlighting why the system requires this particular piece of data:
- Preferred Forename - Identifying reasons
- Middle Name(s) - Identifying reasons Names help to create a default username to access the system
- Preferred Surname – Identifying reasons
- Gender – To help with filtering and monitoring of performance and progression i.e. filter all yr9 girls in Maths
- Date of Birth – To help with identifying those students with the same name and to create a default password to access the system dd/mm/yyyy
- Unique Candidate/ Pupil Number – To uniquely identify a student record
- Class Groups – For assessment purposes within the system
We can also tag the following data to a student’s account if permitted. This helps to record, monitor and filter when reports generate:
Ethnicity, Free School Meals, Pupil Premium, EAL and SEN status.
The teacher data captured by EDLounge is:
- Title – Addressing communications correctly
- Preferred Forename
- Middle Name(s) Names are used to identify user and help to create username
- Preferred Surname
- Initials - This 2-3 digit code is used as a default value for password generation
- Class – To show and permit teachers to view their own groups, and highlight to SLT who supervises this group. This helps with reports and assessment.
- Subject – Indicates what subject the above class is studying
The student and teacher data is collected via an export from SIMS using a Report Definition File (RepGen), the data is submitted to create accounts on EDLounge. All data is up-to-date according to the SIMS data gathered and stored from the school.
Students and teachers are assigned usernames and passwords that protect access to the EDLounge system and ensure that students only access the relevant area, and that teachers can only access the student data relevant to them and their school.
All data is stored and backed up using a secure server, which features encryption technologies and firewalls to protect the information being accessible by any other party. The EDLounge team are all certified and trained to the latest policies for data protection; certificates can be viewed upon request.
The data will be placed into the EDLounge RDBMS (Relational Database Management System) to create, locate and track user accounts, and nothing more.
The server and RDBMS are securely stored and hosted via a third party organisation (Rackspace), who are ISO 27001/2 recognised (http://www.rackspace.co.uk/about-us/security). The servers are firewall and password protected using a SALT encryption policy. Data is only accessible via a specific static IP address and authorised personnel with access rights to the database. Frequent backups are taken of the data stored on the encrypted server.
The data viewed by the EDLounge team is to locate a student/teacher username and password, should any information be forgotten and help to the user(s) is required. Again, all user events are comprehensively logged, allowing an audit trail of what events have been completed and by which user.
During a mass data upload, a template Excel file is sent through via email, this is then populated by the data manager at the establishment and sent back to the EDLounge team; the data is only required once. When the upload is complete and the user accounts are created and authorised, the original file(s) is/are then destroyed.
EDLounge Data Officers then make sure that information is destroyed under the EDLounge Ltd Data Protection Policy, breach of such policy leads to disciplinary procedures.
The alternative for the educational establishment is to enter data into the system themselves, and/or create anonymous accounts.
The data is not shared with any other party.
Up-to-date Data Protection Act 1998 Certificates can be viewed upon request.
All hardware and software security incidents incurred by users are those set out and adhered to by the establishment’s policies.
Managing Director and Creator of EDLounge Ltd