How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Ben Jones Your Own Question
Ben Jones
Ben Jones, UK Lawyer
Category: Law
Satisfied Customers: 49821
Experience:  Qualified Solicitor - Please start your question with 'For Ben Jones'
Type Your Law Question Here...
Ben Jones is online now

I have recently left my job in a school due to ill health,

This answer was rated:

I have recently left my job in a school due to ill health, I requested time to sort all of my files and documents held on the school drive through google. The school safe use guidelines define anything on the network as 'private property' however, the IT Department at my Head of Department's request not only shared all of my files with him (including ones I had had to write regarding malpractice of the exams, and then transferred ownership of all those documents over to him. This meant he was shared into - with edit privileges - all the files, documents, music and video that had been sent to me, including exemplar coursework from my last school and had ownership over all my documents. As I also have to fill out forms sent as google docs with bank details etc for admin in school, he and all my personal information handed to him, this is despite my having informed school and him that I was sorting my drive and would make a folder for everything that would be of use to the department. Where do I stand legally?
Hello, my name is***** am a qualified solicitor and it is my pleasure to assist you with your question today. How long have you worked there for?
Customer: replied 2 years ago.
I worked there for 7 years in total, 6 years initially and then they contacted me February 2014 and asked me if I would return.
Hello, sorry I was offline when you replied. Can you please clarify what you are hoping to achieve in the circumstances so I can direct my advice betrer?
Customer: replied 2 years ago.
At the moment I think I just want to be clear about what the law is regarding data protection/ safeguarding of files within the context of a work environment so I can be very clear with the school. Currently they are more focused on damage limitation and as such are not prepared to check whether any of the files were compromised, copied or downloaded, or to give me satisfactory details regarding how this was able to happen - they have returned the files to my ownership. But I don't know whether any of my information and files have been copied or downloaded in the time that has taken them (two weeks) in which they did not restrict the other member of staff's access to the network - despite his already having been demoted because of cheating on exams - which is another issue. I would like them to carry out a more detailed check and investigation into how this occurred, I have been told it was done by 'accident' and not with ill intent, which seems improbable and given I had to report details of the cheating by the member of staff involved I am very concerned that he has had unfettered access to all my personal information, files and work. I also need to know where I stand in terms of responsibility, as in my files I had information on students, as all staff do and video footage of exemplar work by students in another school, which I had permissions to use within the context of my teaching but not to share or make widely available. I hope that makes sense.
The employer will have certain duties and responsibilities under the Data Protection Act 1998. These duties will be against the individual whose personal data is processed. So not all files you created or had access to would give you rights you can apply because the information within them may not have been your personal data, rather someone else’s, like students. In that case it is the student who will have rights.
Only data which meets the definition of "personal data" under section 1 of the DPA is protected and this includes data relating to a living person:
• Who can be identified from that data alone or from that data and other information in the possession of, or likely to come into the possession of, the data controller.
• And is about that living person (whether in his personal or family life, business or professional capacity).
When personal data is being processed, the eight data protection principles set out in Part I of Schedule 1 to the DPA must be complied with. These require personal data to be:
• Fairly and lawfully processed.
• Processed for limited purposes.
• Adequate, relevant and not excessive.
• Accurate and up to date.
• Not kept for longer than necessary.
• Processed in line with data subjects' rights.
• Secure.
• Not transferred to other countries without adequate protection.
Once a person has provided personal data, the data controller is then responsible for the security of that information and needs to take account of the risks of unauthorised access, accidental loss or damage to the information.
The Information Commissioner has published a Practical Guide to IT Security aimed at alerting small and medium-sized organisations to the security measures which they should have in place to protect the personal information they hold - you can access that here:
In terms of your obligations towards students, this duty is likely to be passed on to the organisation as you were employed by them so personally you should not have liability.
This is your basic legal position. I have more advice for you in terms of the next steps you can take to try and pursue this, which I wish to discuss so please take a second to leave a positive rating for the service so far (by selecting 3, 4 or 5 stars) and I can continue with that and answer any further questions you may have. Don’t worry, leaving a rating will not close the question and we can continue this discussion. Thank you
Ben Jones and other Law Specialists are ready to help you
Many thanks for your rating. So at first you should contact the employer over this. You need to remind them of their duties under law, specifically the Data Protection Act principles I mentioned earlier. Whilst you can no longer raise a grievance with them because you are not employed by them, you can try and pursue any complains processes they may still have open to you.
If they do not assist with resolving this query and you suspect that there have been breaches, you can report them to the Information Commissioner's Office, which deals with data protection breaches. They may investigate and either request tat they do something or they could even fine them.
Personally you cannot pursue a claim against them unless you have suffered any losses as a result of their breaches so this may not necessarily be an option.
Hope this helps.
Customer: replied 2 years ago.
Thank you that helps a lot.
You are welcome, all the best