Only a few days to go: We’re raising £25,000 to keep TheyWorkForYou running and make sure people across the UK can hold their elected representatives to account.Donate to our crowdfunder
To ask the Secretary of State for Education what guidance he has issued to officials of his Department on the use of e-mail accounts not supported by his Government's IT system to communicate with (a) schools considering academy status and (b) individuals, groups, charities, businesses and other bodies applying to establish free schools.
The guidance issued to staff in the Department for Education on the use of personal, non-DFE e-mail accounts for communications relating to their official duties (irrespective of the individual or organisation being communicated with) is as follows:
‘Never use non-DfE email services (such as your own personal internet email account on Hotmail, Gmail, Yahoo Mail, AOL, MobileMe, etc.) to carry out Departmental business.'
A more detailed extract from this guidance for DFE staff, covering the salient points, is as follows:
Essential steps to protect information in DFE
Use only official DFE ICT systems, services and devices to access or store DFE information
Official DFE ICT (Information and Communications Technology), computing and telephony services, systems and devices, have been configured, risk assessed, and tested to ensure they are secure enough for Departmental business. Official DFE mobile devices (Laptops and BlackBerry's) have HM Government approved strong encryption enabled.
You should therefore:
Never use non-DFE e-mail services (such as your own personal internet e-mail account on Hotmail, Gmail, Yahoo Mail, AOL, MobileMe, etc.) to carry out departmental business.
Never set your ‘Out of Office' message or e-mail forwarding rules to direct official e-mail to your personal internet e-mail account.
If you have a compelling requirement to conduct DFE business when away from the office, but do not already have the appropriate DFE remote working tools to support this, talk to your line manager about making the business case.
Why is this so important?
The loss or compromise of personal or otherwise sensitive information that has not been adequately protected can have serious consequences including:
Financial loss, disruption to the work of the Department, or distress to citizens or staff;
Damage to DFE's reputation which could in turn lead to loss of public confidence in the services of our Department or of Government as a whole;
Breach of the Data Protection Act, which could lead to public censure of the Department by the Information Commissioner, whose statutory powers also include the right to impose fines on the Department of up to £500,000.
Use of unapproved ICT systems, services and devices could also put in jeopardy the Department's continued right to use the Government Secure Intranet (GSI) which we rely on for secure intra-government e-mail and data sharing.
As well as breaching security rules the use of unapproved ICT systems, services and devices to conduct Government business also creates Information Management issues. For example: information not held on DFE ICT systems would not be searched when responding to a Freedom of Information (FOI) Request.