James Bond fans will remember this classic exchange from The Living Daylights starring Timothy Dalton,
Saunders: “Where are you taking him? How will you get him out?”
Bond: “Sorry, old man, section 26, paragraph 5. Need-to-know. Sure you understand…”
Bond’s reply is something worth repeating in a school environment where there are plenty of important issues and safeguarding matters that only a few people need to know.
Typically, a school is full of sensitive data and restricting access to this is important and certainly not every member of staff should have full access. This will relate to employee information, management information, and business information.
The ‘need-to-know’ is the least amount of data a member of staff requires to be able to do their job. Restricting access is vital for maintaining confidentiality and for protecting all your assets, human resources and obviously pupils and their families.
Personal information about the school community shouldn’t be common knowledge unless there is an over-riding need to know.
Some will argue that withholding information leads to mistrust but keeping others in the dark is necessary as a protective measure. This is not a power-trip because the ‘need to know’ basis exists to ensure that information is guarded and kept from going viral which could lead to irreparable harm.
Every school should have a written confidentiality policy describing both the type of information considered confidential and the procedures staff must follow for protecting confidential information.
At the very least, schools should adopt the following procedures for protecting confidential information:
- All confidential documents should be stored in locked file cabinets or rooms accessible only to those who have a business “need-to-know.”
- All electronic confidential information should be protected via firewalls, encryption and passwords.
- Employees should clear their desks of any confidential information before going home at the end of the day.
- Employees should refrain from leaving confidential information visible on their computer monitors when they leave their work areas.
- All confidential information, whether contained on written documents or electronically, should be marked as “confidential.”
- All confidential information should be disposed of properly (e.g., employees should not print out a confidential document and then throw it away without shredding it first.)
- Staff should refrain from discussing confidential information in public places.
- Staff should avoid using e-mail to transmit certain sensitive or controversial information.
- Before disposing of an old computer, use software programs to wipe out the data contained on the computer or have the hard drive destroyed.
Effective leaders make time and make it a priority to share information but they also go to a lot of trouble to protect it.
The confidentiality and secrecy is there for a reason so don’t question it. Sure you understand…