When I first started teaching in the mid-1970s, Dave Carter was a long-serving member of staff. He had many duties, but his most important function in the summer break was on the day the exam results were published. He had to open the crucial envelopes and then display the CSE, GCE andA-level lists on the windows of the library. Early arrivals were first to view their fate, but late-comers were often notified of how they had done by their classmates or any passer-by.

Dave would always comfort the under-achievers and offer sound career advice to all. He was, of course, the school caretaker. That was back in the dark ages, before data protection and all it entails. That doesn’t happen in schools today. Or does it?

By the nature of my job - I’m a former teacher who now runs a technology consultancy - I visit many schools, of all types, up and down the country. You would be shocked to hear what I have learnt about some pupils and staff. Just by sitting in staffrooms or management offices and browsing very public noticeboards, I have seen personal medical lists and details. Clearly displayed are staff addresses and telephone numbers, special needs registers and which pupils have nits.

Data protection? Schools hold sensitive and possibly damning information. They are often too complacent about their responsibilities. Performance management, threshold and target-setting mean staff and pupil data will be in more demand for many processes and by numerous organisatons. It has to be treated correctly.

We must not get the whole issue out of context: information promotes proactivity; ignorance is passive. Teachers need quality information to further their professional judgments. They also need external agencies to help them make these judgments. Raising awareness and a few simple checks are a good start to ensure schools are not compromised.

David Grashoff of Capita, whose SIMS software dominates the school market, says there are many third parties who want to access some part of school data - from photographers to online learning companies. His company, like many others in this competitive marketplace, has introduced rigorous evaluation for those wanting to become an approved partner or third-party supplier. It is about time schools were rigorous, too.

Lynne Taylor runs Cogent Computer Solutions, an educational technology consultancy. She writes a monthly column for TES Online. To support data protection, The TES has published free resources and support materials. For more information visit www.tes.co.ukonlineperformit

ARE YOU SAFE? WHO NEEDS TO KNOW?

1 Are there any paper copies of personal details or achievements of any person in school easily accessible or on view?

2 Does your system(s) that stores this data have adequate password protection?

3 Are outside agencies using this on the Data Protection Register?

4 Do they have a policy for data handling?

5 Who on the staff or in the local education authority is directly responsible for data protection?