Was at a meeting today where I was talking to some colleagues and throwing some ideas around regarding parental portal. It struck me after the chat we had that there are a myriad of issues to think through regarding data security. The government has just released the latest interim report on data security/handling guidelines. Schools fall under this broad banner and also have to comply with these guidelines. It does throw up a few points to consider when shaping our parent portal.
Firstly - according to the guidelines we cannot send a username/password home via the post for parents. This presents a few initial problems. Having had a think about this there are a couple of ways forward. A system of identity verification could be set up that works in the following way:
Parent visits public page - puts in answers to a few personal questions - answers validated against MIS data - e.g. DOB of eldest student in school, postcode, mobile no. etc.... They are also prompted to enter their own personal email address - this information is data mined and attached back in to the parent so we have an additional contact email. FROG the sends user logon details via automated email back to parent with a validation hyperlink to activate account. Parent logs on with system generated password and then must change it immediately. By collecting an external email address in this manner it is easy to integrate a lost password option into the system.
Other method is crude and comes with bigger administration overheads - physically give parents the details at face to face events such as parents evenings - this would only have to happen in Y1. In subsequent years it would be Y7 parents who do not have any older siblings that would go through this process
Similar issues arise with the disseminations of user credentials to users of say, a transition portal.
Posts
No comments:
Post a Comment