Skip to main content

Schools: Internet

Question for Department for Education

UIN 62140, tabled on 27 January 2017

To ask the Secretary of State for Education, whether schools are required to inform her Department if their websites and servers are hacked.

Answered on

1 February 2017

Through the Edubase register, the Department for Education is aware of 19,885 schools with websites.

All schools, as independent public bodies, are directly responsible under the Data Protection Act 1998 for the collation, retention, storage and security of all information they produce and hold.

The Department provides guidance to schools on how to protect data including the key principles, obligations and duties in relation to the Data Protection Act. Schools are not required to notify the Department if their website or servers are hacked, but in the event of a suspected serious breach or loss of personal or private information, schools should report the incident to the Information Commissioner’s Office.

Named day
Named day questions only occur in the House of Commons. The MP tabling the question specifies the date on which they should receive an answer. MPs may not table more than five named day questions on a single day.