Thumbs Down

2008

 

Dear Mr Vass,


I would like to thank you on behalf of the Governors of Chalfont St. Giles Infant School & Nursery for bringing the issues regarding the use of biometric data at the school to our attention.


Both our school Committee and Management Committee discussed the issues raised in the document you sent at great length, and I would like to thank you for the time and effort you have spent in researching this and presenting it to us for our consideration.






When we implemented the biometric data system in our school library, it was done so, with two main objectives in mind.


1) To Improve the administration and efficiency of the library, thereby reducing loss of books









2) To provide the children with another way of using ICT technology as part of their day to day school lives to ensure a broader use of ICT within the school















We still believe that these two reasons are just as relevant today...






                                                                                                    ... and given the young age of the children, we are happy that the current fingerprint system works well with this age group versus some of the alternatives.










In order to address some of the data protection issues you raised, we have taken advice from Martin Gibson - Data Protection Officer at Bucks County Council.


He has reviewed the systems we have in place with regards to the data that we store via the library system, and is happy that we are following the correct procedures...





                                                                                                                              ... He has however suggested that it would be advisable for us to inform parents of the use of the biometric data in the school literature...





                                                               ... We did of course inform parents at the time of installing the system, but your enquiry has alerted us to the fact that new parents would not be aware of this, and this is something we will remedy through a newsletter and future inclusion in induction packs.






With regards to the cleansing of records after a child leaves the school, he has confirmed that according to the advice he has received from the Information Commissioner's Office, as long as reasonable security measures are taken, (which we are confident the school does) it is sufficient that we delete the child's records from our PC. We are under no obligation to use a professional data cleansing company to completely remove all trace from the hard drive.





















With regards to the data stored for your children, we have deleted this data from the system...



         ... However we would also like to stress that we are very happy with the current system, and believe that your children's data is being managed in a professional and responsible manner...






                            ..., which we believe does not pose any greater risk to their security than any other data which the school manages.








After reviewing all of the data and advice, we have decided to continue using the current biometric fingerprint system for the library.









                                                                             We are however very grateful that you have raised these issues, as it has allowed us to explore this area fully once more as a Governing Body, to ensure that it still meets our needs, but also as it has highlighted a potential area for improvement regarding the communication to new parents.






We hope this letter is clear in terms of how we have arrived at our decision.







If you are unhappy with our response to your request, you may wish to discuss the contents of this letter directly with the Information Commissioner's Office. The telephone number is 01625 545745.



























The postal address of the Commissioner's office is:

The Office of the Information Commissioner

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF




Yours sincerely

Rafael McDonnell

Chairman of Governors

Chalfont St. Giles Infant School & Nursery

 

The main reason I am writing this blog is to change the policies in the local schools.


I feel that biometrics have no place in schools, that the risks far outweigh any benefits.


I genuinely believe that any person who has considered all there is to consider with regard to biometrics in schools will agree.

 
Comments Widget

Well, considering I only had 48 hours to put something together, it was hardly a full and comprehensive assessment of all the issues! But I made that clear at the beginning. See the brief I gave them, here.







The Junior Librarian System itself may help with reducing the loss of books from the library. In fact, I understand it is quite an effective stock management tool. I do not accept that the biometric system plays an additional role in this.

I wonder if Mr McDonnell and the Governors can explain how providing a fingerprint as identification supports the stock control function better than any of the other three identification methods I know to be available.

Speaking of which...





This may seem laudable, but what is the purpose of increasing the use of the ICT? Some say this is the point of biometrics in schools: Habituation- ensuring a generation of children think nothing of handing over their biometric identities

for trivial reasons. I don’t think the governors of our school are involved in such an endeavour. But if there is no educational benefit to a use of the school’s IT, then it is disingenuous to use ‘increased use’ as a reason for using it.

I cross the road more, not to get to the other side, but because I get better value out of the road the more I cross it. I don’t think that’s valid.

BUT- even if it were valid - how is using a fingerprint interacting more with the ICT than using a PINumber or a swipe card? In fact, if I were being a pedant, I could say that a four digit PIN means you interact four times as much as you do with a single thumbprint.





Well, if you didn’t consider the options properly first time around, and you are the sort of person who is inclined to defend your existing opinions rather than seek new perspectives, you would say this.






Now, tell me, on what basis do you make this assertion?

Have you trialled different systems?

Have you sought properly gathered evidence from other schools?

What were the questions asked in those independent studies?

Do you have personal experience from other schools?

Can you show that your assertion is based on anything other than the vendor’s literature, selective quotes and your own supposition?








This, it should be noted at this stage, relates to the manner in which data is handled: how it is reported to the subject, etc. It does not relate to destruction or security






I suspect he said something about seeking consent, not about ‘informing’ (possibly, seeking ‘informed consent’?








Will those packs, when seeking consent, express your views, or give a balanced assessment of the benefits and risks?









I will be in touch with him. If this is a faithful representation of his advice to you, then he is in error. The recommendations from the Information Commissioner’s Office [see here, line 9/10, page 2] clearly states that data must be destroyed. This is from a bureaucrat, the language is very specific. I shall discuss this with him, and as well as my response, he will contact you to express a correction to the advice he gave.

In truth, I suspect I shall discover this to be an erroneous interpretation of his advice. But we shall see.

As for the school’s security measures, perhaps you might explain what they are. Elen Peal, the Head, thinks that by not networking the computer, or linking it to the internet, the data is secure. Do you concur with this opinion? If not, what other security measures have you taken?

Will you also explain to me your understanding of the process of deleting data from computers?

Do you understand why, from a data retrieval perspective, deleting the files by placing them in the recycle bin as you propose is no better than doing nothing.

I am in touch with one of the world’s leading data retrieval and clearance companies, who will explain this authoritatively.





I require it to be destroyed, as does the Information Commissioner.






This and the previous comment are not compatible. Either the data is being managed in a responsible manner, and it is properly destroyed at the appropriate time, or not. You say not.





This is also incorrect. The biometric data has value throughout the life of the child to whom it relates, as a gold standard of ID. The other data, while of interest and value now, is not something that could be used to fake an identity later.

Your inability to grasp the relevant information and concepts suggests you are not a suitable person to make this assertion.





Limited five year old opinion, anecdote and supposition (rather than data) from a vendor (according to your letter above) and erroneous advice (from an overworked local council official who will be in touch with you to explain his mistake and revise his advice). Well, look, if you want to place your children at risk, that is your choice. You should be ashamed, but it is your choice. But you’ll not be allowed to place my children at risk.









If you have explored this area fully, perhaps you can give me the answers to the 68 Questions I asked? You must have them to hand.




Actually, petulance aside, no. You haven’t explained your thinking at all, merely reiterated it and justified your current decision to continue with biometrics by saying that you made the decision 5 years ago to use them. You didn’t explain why you made the decision then at all.






It’ll come as no surprise that I am not at all happy with your response. Firstly, I made no request. I gave an instruction about destroying the data relating to my children’s biometrics, and I made a suggestion that you might want to review the biometrics policy. There is no request.


I will be speaking to the Information Commissioner’s Office, to confirm their published advice, suggesting I speak to him directly isn’t the coup de gras that you think it is.

I will also be speaking to Martin Gibson, to ask him how he can interpret the advice as he has, and to convince him to change his advice to the governors and school.

I am determined, as I have been all along, that the school and I deal with this manner in a collegiate and co-operative way. If you understood the issues you would agree with me, and your current position is based, I’m sorry to say, on ignorance of the issues and a charming, if naive, trust in the school’s security and the workings of computers.

If it transpires that you are one of those insecure people whose self esteem is based on entrenching your position and clinging to it, however wrong it is seen to be, then I will sadly not be able to achieve the destruction of my children’s data by co-operative means.

I cannot allow the school or the governors to put my children at risk.

There will come a point at which I will have no choice but to campaign. There will be a tipping point at which the biometric system becomes non-viable. 20% refusing, 40%?

At that stage I will also be speaking to the LEA and my MP (Cheryl Gillan) and the local papers.

How many people need to tell you you are wrong before you agree?









Try to palm this off on someone else as much as you want, this is a local issue, and it is on your doorstep, and you’re still wrong.