The National Cyber Security Centre has today upgraded it's advice to schools relating to the prevalence of cybers attacks in the sector:

These protocols aim to ensure that online lessons with pupils when working from home, are safe, secure and continue to provide high-quality education using a virtual platform. 

This is guidance for setting up and managing online lessons using the school’s chosen platform ie  Zoom; Google or Microsoft teams.

Users of Class Dojo will recently have noticed that a requirement to provide consent for international data transfers was included to the login screen.

We've recently had more than one breach reported where physical files have got lost in the post.

In such cases, the sender remains the data controller and is responsible for ensuring that the optimum data security measures are in place during transfer. Where possible, consider whether a physical drop-off (and get a receipt) is a more secure option.

Do I need consent for emergency contacts?

Actually no, and here's why.

We know that we must have a lawful basis for processing any data, and consent is one of the six lawful bases that can be used.

In light of recent ICO reprimands to schools it is important schools remember best practice for managing photos. The formal legal warnings issued by the ICO recently to schools both related to the processing of photos where no consent had been given. 

From the Information Commissioner's Office blog:

A former headteacher has been fined in court for unlawfully obtaining school children’s personal data from previous schools where he worked.