Framework Supplier Guidance: Safe Harbour

Framework Supplier

XMA was awarded the Scottish Government National Framework Agreement for Notebook and Tablet Devices Education Lot in March 2013. The framework enables schools, colleges and universities in Scotland to purchase from a range of Android, Apple iOS and Microsoft Windows mobile devices.

If you are using online services or apps that store personal data, you should consider that the developer may utilise storage that is outwith the UK and the EU. The UK law that governs the storage of personal data is the Data Protection Act 1998 (http:// www.legislation.gov.uk/ukpga/1998/29/contents). In relation to storage of personal data, the act notes:

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

In effect this means that personal pupil data should not be stored with services or apps that are utilising storage outside of the European Economic Area, unless the company providing the service or app agrees to observe the same level of protection for the data as provided within the EEA. There is an agreement between the US and the EU whereby American businesses can adopt the principles of the relevant EU Directive and these companies are listed on the US Government’s Department of Commerce Safe Harbor site or at TRUSTe’s directory. The latter is kept more up to-date than the Department of Commerce site. Apple, Google and Microsoft are all listed at TRUSTe as holding an EU Safe Harbour Seal.

If in any doubt you should contact your Local Education Authority’s Information Officer.

Leave a Reply

Your email address will not be published. Required fields are marked *