Transfer and handling of school data

This document details the data handling policy for Groupcall Limited when working with live school data including students, parents and staff.  It covers movement and storage of data provided by Xporter and Emerge, and data solicited directly from MIS APIs.

Overall Principles

  • Live school data should be protected as if it were your own personal identity
  • Testing data must always be used in preference of live data, and especially for activities such as the following: extract development, resolution of extract issues, demonstrations
  • Whenever possible, through use of remote access and diagnostics, personally identifiable data should not be copied onto Groupcall systems.

Consent to transfer live data

Prior to transmission the following conditions must be met in writing by the school data owner.

  • The purpose of the transfer
  • Why that purpose cannot be fulfilled via remote access
  • How long the data will be retained
  • How it will be deleted
  • That the school consents to the transfer
  • Who at Groupcall holds responsibility for the safeguarding of the data
  • Where else the data may be transmitted

 

 

Working with Xporter extract data

Encryption of data must be carried out using 7-zip AES encryption prior to transfer to Groupcall systems.  A new GUID should be generated and used as an encryption key in each case and note must be kept of any further copies of the data that are made.

When unpacking data to work with it, this must occur on either

  • Appropriately secured Azure SQL or Table Storage
  • An encrypted workstation or laptop

When disposing of data, all copies of it:

  • Must be deleted from Azure SQL or Table Storage
  • Must be securely deleted from encrypted workstations or laptops

Useful links:

Working with Cloud-MIS API access

When working with live data from cloud-based MIS products the same care must be taken as for Xporter data above, including use of encrypted devices.  Data retrieved from the MIS must be purged as soon as work is completed.  When such transfers occur in a browser window Private mode must be used to ensure that credentials and data are not retained in the browser itself.

Working with Emerge data

School consent must be obtained when using Groupcall devices to reproduce Emerge faults and data should only be downloaded onto Groupcall devices and appropriate security measures, including strong password complexity, must be applied.  This data should be removed by logging out of Emerge or uninstalling the Emerge application prior to using devices in public.

When work with Emerge data is completed, you must

  • Delete the Emerge data either by logging out or by uninstalling the Emerge app
  • Remove the Groupcall user account used for Emerge access
  • Remove the device ID used for Emerge access