Supporting your work with children and families in East Sussex

You are here:

Home > School management > Information management > Information security > Legal obligations when dealing with confidential information and ICT

Legal obligations when dealing with confidential information and ICT

Your school needs to ensure that the confidential information in your care is protected. You also need to ensure that information and communication technologies (ICT) are used properly and legally.

The following list gives details of some of the relevant legislation.

Human Rights Act 1998

Article 8 of the Human Rights Act gives everyone the right to respect for their private and family life, their home and their correspondence. The right to private life includes the right to have personal information, such as official records, photographs, letters, diaries and medical information kept private and confidential.

Data Protection Act 1998 (DPA)

The DPA regulates the handling of personal information relating to living individuals. Personal information includes their:

  • name
  • contact details
  • gender
  • ethnicity
  • religion
  • date of birth
  • behaviour
  • exam results
  • medical history
  • offending history.

The DPA requires your school to:

  • process personal information fairly and lawfully
  • only collect personal information you need for specific purposes
  • ensure the information is relevant and up to date
  • only hold as much information as you need and only for as long as you need it
  • keep personal information secure.

The Act also gives people the right to find out what personal information is held about them on computer and most paper records. So it is important that you manage personal information carefully and keep it for the right amount of time.

Common law duty of confidence

The common law duty of confidence requires that confidential information can be disclosed only with the permission of the person who provided it, or the person the information relates to, unless there is an overriding public interest in disclosing the information without permission.

Computer Misuse Act 1990

The Computer Misuse Act details certain illegal activities, including:

  • knowingly using another person’s username or password without proper authority
  • impersonating another person using email, online chat, web or other services
  • misusing authorised access
  • using, or helping another person to use, someone else’s system for criminal activities
  • modifying software or files so as to interfere with the system’s operation or to prevent access to or destroy data
  • deliberately introducing viruses, worms or other malware to cause a system malfunction.

Copyright, Designs and Patents Act 1988

The Copyright, Designs and Patents Act gives the creators of material control over how it is used, whether the material is on paper, film, CD, DVD, websites or databases.

Your school needs to ensure that pupils and staff are aware that:

  • all software used within the school must be legally licensed
  • material on the internet is protected in the same way as material on other media
  • unauthorised use, copying or transmission of copyrighted material is a criminal offence.

Education and Inspections Act 2006

Sections 90 and 91 of the Education and Inspections Act provide statutory powers to schools for disciplining pupils for inappropriate behaviour or for not following instructions, both on and off school premises. Section 94 provides a defence for confiscation of inappropriate items from pupils as a disciplinary penalty.

This legislation is important when dealing with e-safety issues. For example, it gives schools the power to intervene in instances of cyberbullying and to confiscate mobile phones and other personal devices from pupils if they are being used to harm the well-being and safety of others.

Further information

For further guidance on a variety of information security topics, go to the information security page.

Related contacts

Your account

A to Z index of Czone


This is a printed version of a page from czone, a website to provide support to schools and children's services in East Sussex. The site is managed by East Sussex County Council. Visit to find more information about what this site offers.

Schools Application Support Team
Phone: 01273 482519 (option 1)

Czone Team
Phone: 01273 481373