Schools need to take more care to stop the personal data they collect falling into the wrong hands, according to research by the University of East Anglia (UEA) and Plymouth University.

A survey of 1,059 schools found that nearly half had policies on data security that fell below the recommended level. Dr Sandra Leaton Gray of UEA, who presented the findings to the British Educational Research Association’s annual conference, said schools have created large databases with information such as where children live, their routes to school, whether they have special educational needs or are known to social services, and whether relatives are on the sex offenders’ register.

“If this information gets into the wrong hands it can have big consequences for individuals,” she said. “Yet security levels in schools are inconsistent and generally not as high as they should be.”

Researchers asked schools to use a self-assessment tool called 360 Degree Safe. Developed by the South West Grid for Learning charity, the tool is used in schools across the South West. It rates schools’ online safety on a scale of 1 to 5, where 1 is the strongest and 3 is the recommended minimum.

Researchers looked at how well schools rated themselves in managing personal data, technical security such as firewalls and viruses, and passwords.

Percentage of schools at each level of data security

Level 1 - 2%

Level 2 - 5%

Level 3 - 45%

Level 4 - 32%

Level 5 - 16%

40% of uk secondary schools and

10% of primaries currently use biometric technologies.