Got a credit card? use our Credit Card & Finance Calculators
Thanks to DrFfybes,smokey01,bungeejumper,stockton,Anonymous, for Donating to support the site
School duty of care
-
- Lemon Half
- Posts: 9036
- Joined: November 4th, 2016, 9:06 am
- Has thanked: 1347 times
- Been thanked: 3746 times
School duty of care
My son's school has an automated system for paying for school lunches. The parent pays into an online account to top it up and items are paid for electronically by the pupils at school. There is a pin number, thumb print and the pupils face is displayed on the screen to the cashier when an account is accessed for payment.
There is a daily limit of £5 that can be spent. My son yesterday went for lunch and tried to buy items to the value of about £2.50, to be told that his account limit had been reached so he could only have one item. He phoned me to top up the account thinking he had no money left in it but I went online to see he still had over £6 in the account, however I could see that over £4 had already been spent that day. This surprised him since he had not bought anything.
Looking through my sons account, I can see every transaction and it appears that on at least three occasions over the last week he has had items debited from his account that he has not taken. With the systems in place I cannot see how this can happen but I have informed the school and am awaiting a response.
The system is managed by Parentpay and I am wondering who is responsible for ensuring the security of it and who should I claim my money back from...the school or Parentpay.
John
There is a daily limit of £5 that can be spent. My son yesterday went for lunch and tried to buy items to the value of about £2.50, to be told that his account limit had been reached so he could only have one item. He phoned me to top up the account thinking he had no money left in it but I went online to see he still had over £6 in the account, however I could see that over £4 had already been spent that day. This surprised him since he had not bought anything.
Looking through my sons account, I can see every transaction and it appears that on at least three occasions over the last week he has had items debited from his account that he has not taken. With the systems in place I cannot see how this can happen but I have informed the school and am awaiting a response.
The system is managed by Parentpay and I am wondering who is responsible for ensuring the security of it and who should I claim my money back from...the school or Parentpay.
John
-
- 2 Lemon pips
- Posts: 145
- Joined: November 8th, 2016, 8:32 am
- Has thanked: 24 times
- Been thanked: 38 times
Re: School duty of care
who should I claim my money back from...the school or Parentpay
The simplistic answer would be 'whoever is responsible'. As ever in this type of situation it is establishing responsibility that is the tricky bit.
AFAIA your contract for the payment system is direct with Parentpay so I would suggest starting there by disputing the transactions.
-
- Lemon Half
- Posts: 9036
- Joined: November 4th, 2016, 9:06 am
- Has thanked: 1347 times
- Been thanked: 3746 times
Re: School duty of care
That's good, the school finance officer has got back to me today asking for more detail so she can investigate.
John
John
-
- Lemon Half
- Posts: 9036
- Joined: November 4th, 2016, 9:06 am
- Has thanked: 1347 times
- Been thanked: 3746 times
Re: School duty of care
Resolved, top marks to the school finance officer for quick and efficient resolution. She has changed his pin and refunded the money.
Isn't it good when things work out so easily.
John
Isn't it good when things work out so easily.
John
-
- Lemon Quarter
- Posts: 1054
- Joined: November 5th, 2016, 12:26 pm
- Has thanked: 227 times
- Been thanked: 208 times
Re: School duty of care
Excellent!
Is there a plan to check more carefully the face which is apparently displayed to the cashier? As so often there's not a lot of point in providing the safeguards unless people use them.
Is there a plan to check more carefully the face which is apparently displayed to the cashier? As so often there's not a lot of point in providing the safeguards unless people use them.
-
- Lemon Quarter
- Posts: 2941
- Joined: November 4th, 2016, 3:46 pm
- Has thanked: 640 times
- Been thanked: 496 times
Re: School duty of care
redsturgeon wrote:Resolved, top marks to the school finance officer for quick and efficient resolution. She has changed his pin and refunded the money.
Isn't it good when things work out so easily.
John
So somebody other than your son knows his PIN?
That is not good security.
Slarti
-
- Lemon Quarter
- Posts: 2060
- Joined: November 4th, 2016, 10:25 am
- Has thanked: 231 times
- Been thanked: 492 times
Re: School duty of care
Strange - is the suggestion that someone else knew his PIN and therefore was able to charge to his account? Does that mean they had his card as well? And then returned it without him knowing? It doesn't sound like the system is that secure....
-
- Lemon Slice
- Posts: 555
- Joined: November 10th, 2016, 10:04 am
- Has thanked: 65 times
- Been thanked: 158 times
Re: School duty of care
My offspring have the same system. There is no card. The PIN is intended for people who don't want to use the thumb scanner. They also allow a £10 overdraft for those who have not topped up on time.
My main observation is that by not actually handing over money for stuff any more, the children are spending 50% more!
My main observation is that by not actually handing over money for stuff any more, the children are spending 50% more!
-
- Lemon Quarter
- Posts: 2939
- Joined: November 4th, 2016, 11:18 am
- Has thanked: 1365 times
- Been thanked: 795 times
Re: School duty of care
I'm a bit uncomfortable about this - the system is not secure, someone else has used the account, the school is refunding it. Schools are not money pits, their money is my money. So....I'd like to see them taking this seriously and trying to find out what happened so they can get refunded from the perpetrator.
It could be happening all over the place. Ex'stepson' had this system and his mother or father just topped it up whenever he asked, no-one ever checked what he bought or how much was in the account, and they never spoke to each other to know if the other one had topped it up the day before. Sure, they can presumably see that when they log in to top it up, but neither of them would even bat an eyelid at any transactions and I suspect that the majority of people are the same.
So, it could be happening loads and no-one has reported it.
Mel
It could be happening all over the place. Ex'stepson' had this system and his mother or father just topped it up whenever he asked, no-one ever checked what he bought or how much was in the account, and they never spoke to each other to know if the other one had topped it up the day before. Sure, they can presumably see that when they log in to top it up, but neither of them would even bat an eyelid at any transactions and I suspect that the majority of people are the same.
So, it could be happening loads and no-one has reported it.
Mel
-
- Lemon Half
- Posts: 9036
- Joined: November 4th, 2016, 9:06 am
- Has thanked: 1347 times
- Been thanked: 3746 times
Re: School duty of care
melonfool wrote:I'm a bit uncomfortable about this - the system is not secure, someone else has used the account, the school is refunding it. Schools are not money pits, their money is my money. So....I'd like to see them taking this seriously and trying to find out what happened so they can get refunded from the perpetrator.
It could be happening all over the place. Ex'stepson' had this system and his mother or father just topped it up whenever he asked, no-one ever checked what he bought or how much was in the account, and they never spoke to each other to know if the other one had topped it up the day before. Sure, they can presumably see that when they log in to top it up, but neither of them would even bat an eyelid at any transactions and I suspect that the majority of people are the same.
So, it could be happening loads and no-one has reported it.
Mel
Yes this was my thought.
The system which seems widely in use across the country does not require a card but the pupil either scans their thumb (secure I'd have thought, barring mafia type amputations) or they use a PIN...but with no card associated. This means that each pupil has a random four digit number assigned to them.
Type in any four digit number and you have a one in five chance that it is assigned to someone, at my son's 2000 pupil school. The pupils face then appears on the screen in front of the cashier before money is taken off the account...that's as secure as it gets.
My son admits he has typed in the wrong number by mistake before but since the wrong face appeared he was then asked to try again...so there is no ability to tell whether the "mistake" is genuine or an attempt to beat the system.
The only positive thing about it is the ability to interrogate the account down to individual transaction and item level to investigate these things.
I guess in my day we just had to fight off the bullies trying to steal your dinner money to buy fags!
John
-
- Lemon Quarter
- Posts: 2941
- Joined: November 4th, 2016, 3:46 pm
- Has thanked: 640 times
- Been thanked: 496 times
Re: School duty of care
redsturgeon wrote:The system which seems widely in use across the country does not require a card but the pupil either scans their thumb (secure I'd have thought, barring mafia type amputations)
Unless the kids watched the Mythbusters episode where they cracked thumbprint security with a variety of kitchen stuff - in a matter of minutes!
Unless these are the print readers that also read veins, etc to show proof of life then they are horribly insecure.
The ones that do work are horribly expensive.
Also, is the system connected to other school IT systems?
When my son did his year as school IT tech he found that all systems were connected and that the kids could hack most things. He got them to take the teaching machines off the admin network, against opposition from some teachers and the IT manager, by changing the wallpaper on the head's machine to a message about lack of security.
Slarti
Re: School duty of care
Interesting, a quick fix would be to only accept pins from students who had opted out of the fingerprint system, making it far less likely to guess a valid pin.
A spin off of this is my daughter said two pupils who were misbehaving on the school bus were identified by a member of the public from the school meals photos.
A spin off of this is my daughter said two pupils who were misbehaving on the school bus were identified by a member of the public from the school meals photos.
-
- Lemon Quarter
- Posts: 2939
- Joined: November 4th, 2016, 11:18 am
- Has thanked: 1365 times
- Been thanked: 795 times
Re: School duty of care
foundone wrote:Interesting, a quick fix would be to only accept pins from students who had opted out of the fingerprint system, making it far less likely to guess a valid pin.
A spin off of this is my daughter said two pupils who were misbehaving on the school bus were identified by a member of the public from the school meals photos.
Which is surely a breach of the Data Protection Act as images are data and that is not the reason the data was supplied?
Mel
-
- Lemon Slice
- Posts: 555
- Joined: November 10th, 2016, 10:04 am
- Has thanked: 65 times
- Been thanked: 158 times
Re: School duty of care
Which is surely a breach of the Data Protection Act as images are data and that is not the reason the data was supplied?
The "get-out" will be that the meal system photos will be the same as the general photos that the school already had for "general purposes including discipline", or similar.
-
- Lemon Quarter
- Posts: 2939
- Joined: November 4th, 2016, 11:18 am
- Has thanked: 1365 times
- Been thanked: 795 times
Re: School duty of care
DrBunsenHoneydew wrote:Which is surely a breach of the Data Protection Act as images are data and that is not the reason the data was supplied?
The "get-out" will be that the meal system photos will be the same as the general photos that the school already had for "general purposes including discipline", or similar.
Ex-stepson's school do not hold any other photos, only the meal system one. They have a few they take for their website but, again, these are not for that purpose and anyway are mainly groups. I think using them that way is a breach of the DPA and there is no 'get out'. I would certainly complain if my child's photo was shown to a random person - presumably they did not only show the photos of the perpetrators but several others as well until the perps were identified.
Mel
-
- Lemon Quarter
- Posts: 3180
- Joined: November 4th, 2016, 11:12 am
- Has thanked: 3764 times
- Been thanked: 1545 times
Re: School duty of care
melonfool wrote:I would certainly complain if my child's photo was shown to a random person Mel
Why?
RC
-
- Lemon Quarter
- Posts: 2939
- Joined: November 4th, 2016, 11:18 am
- Has thanked: 1365 times
- Been thanked: 795 times
Re: School duty of care
ReformedCharacter wrote:melonfool wrote:I would certainly complain if my child's photo was shown to a random person Mel
Why?
RC
Because it is their personal data and is protected by law for good reason.
Anyone could go into the school and say "two kids in your school's uniform were messing around on the bus and I want to know their names" and then (presumably, as the case mentioned here shows) get shown a load of photos of school kids and their names.
Person now knows names of some kids who go to the school. You don't think this information could be misused in any way?
Mel
-
- Lemon Quarter
- Posts: 3180
- Joined: November 4th, 2016, 11:12 am
- Has thanked: 3764 times
- Been thanked: 1545 times
Re: School duty of care
melonfool wrote:ReformedCharacter wrote:melonfool wrote:I would certainly complain if my child's photo was shown to a random person Mel
Why?
RC
Because it is their personal data and is protected by law for good reason.
Anyone could go into the school and say "two kids in your school's uniform were messing around on the bus and I want to know their names" and then (presumably, as the case mentioned here shows) get shown a load of photos of school kids and their names.
Person now knows names of some kids who go to the school. You don't think this information could be misused in any way?
Mel
Firstly, we don't know any more than:
'A spin off of this is my daughter said two pupils who were misbehaving on the school bus were identified by a member of the public from the school meals photos.'
And it begs the question how 'a member of the public' was able to get into a school and view school meal 'photos. It doesn't necessarily mean that the 'member of the public' could identify those children by name unless either the school volunteered the information which is probably unlikely, or that the names appeared appended to the 'photos.
'You don't think this information could be misused in any way?'
Almost anything can be misused and I do agree that data protection is important but there are much easier ways of finding out the names and pictures of schoolchildren. Such as Facebook.
This sort of 'protection' seems to have become something of a national obsession. Last time I attended one of my children's swimming sport's days one of the teachers nearly had a heart attack when one of the parents began to take a picture of one of her children in the pool. We were also told that we couldn't turn round and look at other children who were in one of the other pools. Complete madness.
Just last week I was told that I couldn't cancel my son's contract for dental care which I pay for. This was because the contract was originally signed by my wife, with whom I share a bank account and many years of marriage, and to do so would have 'contravened the DPA'. I'm not a lawyer but suspect the DPA is probably more used as a justification for obstinacy and general stupidity than any other.
RC
-
- Lemon Quarter
- Posts: 2939
- Joined: November 4th, 2016, 11:18 am
- Has thanked: 1365 times
- Been thanked: 795 times
Re: School duty of care
ReformedCharacter wrote:melonfool wrote:ReformedCharacter wrote:Why?
RC
Because it is their personal data and is protected by law for good reason.
Anyone could go into the school and say "two kids in your school's uniform were messing around on the bus and I want to know their names" and then (presumably, as the case mentioned here shows) get shown a load of photos of school kids and their names.
Person now knows names of some kids who go to the school. You don't think this information could be misused in any way?
Mel
Firstly, we don't know any more than:
'A spin off of this is my daughter said two pupils who were misbehaving on the school bus were identified by a member of the public from the school meals photos.'
And it begs the question how 'a member of the public' was able to get into a school and view school meal 'photos. It doesn't necessarily mean that the 'member of the public' could identify those children by name unless either the school volunteered the information which is probably unlikely, or that the names appeared appended to the 'photos.
'You don't think this information could be misused in any way?'
Almost anything can be misused and I do agree that data protection is important but there are much easier ways of finding out the names and pictures of schoolchildren. Such as Facebook.
This sort of 'protection' seems to have become something of a national obsession. Last time I attended one of my children's swimming sport's days one of the teachers nearly had a heart attack when one of the parents began to take a picture of one of her children in the pool. We were also told that we couldn't turn round and look at other children who were in one of the other pools. Complete madness.
Just last week I was told that I couldn't cancel my son's contract for dental care which I pay for. This was because the contract was originally signed by my wife, with whom I share a bank account and many years of marriage, and to do so would have 'contravened the DPA'. I'm not a lawyer but suspect the DPA is probably more used as a justification for obstinacy and general stupidity than any other.
RC
Neither of your latter two examples/rants have anything to do with the topic in hand. Just because you can give examples of where data protection is misused doesn't mean that my concern is not genuine. Just this week I asked my assistant at work to stop saying we can't do something (very minor) because of 'data protection' (no idea if someone told her to say this) and to just say it is 'company policy'. Does that mean I should tear up our whole data protection policy? No. Funnily enough, we are a company that creates products to ensure data protection!
Mel
-
- Lemon Quarter
- Posts: 3180
- Joined: November 4th, 2016, 11:12 am
- Has thanked: 3764 times
- Been thanked: 1545 times
Re: School duty of care
melonfool wrote:ReformedCharacter wrote:melonfool wrote:
Because it is their personal data and is protected by law for good reason.
Anyone could go into the school and say "two kids in your school's uniform were messing around on the bus and I want to know their names" and then (presumably, as the case mentioned here shows) get shown a load of photos of school kids and their names.
Person now knows names of some kids who go to the school. You don't think this information could be misused in any way?
Mel
Firstly, we don't know any more than:
'A spin off of this is my daughter said two pupils who were misbehaving on the school bus were identified by a member of the public from the school meals photos.'
And it begs the question how 'a member of the public' was able to get into a school and view school meal 'photos. It doesn't necessarily mean that the 'member of the public' could identify those children by name unless either the school volunteered the information which is probably unlikely, or that the names appeared appended to the 'photos.
'You don't think this information could be misused in any way?'
Almost anything can be misused and I do agree that data protection is important but there are much easier ways of finding out the names and pictures of schoolchildren. Such as Facebook.
This sort of 'protection' seems to have become something of a national obsession. Last time I attended one of my children's swimming sport's days one of the teachers nearly had a heart attack when one of the parents began to take a picture of one of her children in the pool. We were also told that we couldn't turn round and look at other children who were in one of the other pools. Complete madness.
Just last week I was told that I couldn't cancel my son's contract for dental care which I pay for. This was because the contract was originally signed by my wife, with whom I share a bank account and many years of marriage, and to do so would have 'contravened the DPA'. I'm not a lawyer but suspect the DPA is probably more used as a justification for obstinacy and general stupidity than any other.
RC
Neither of your latter two examples/rants have anything to do with the topic in hand. Just because you can give examples of where data protection is misused doesn't mean that my concern is not genuine. Just this week I asked my assistant at work to stop saying we can't do something (very minor) because of 'data protection' (no idea if someone told her to say this) and to just say it is 'company policy'. Does that mean I should tear up our whole data protection policy? No. Funnily enough, we are a company that creates products to ensure data protection!
Mel
'Just because you can give examples of where data protection is misused doesn't mean that my concern is not genuine.'
Only you know whether or not your concerns are 'genuine', whether they are justified is another matter.
'Just this week I asked my assistant at work to stop saying we can't do something (very minor) because of 'data protection' '
It sounds as if your company assistant falls into the 'obstinacy and general stupidity' category. But at least you've cleared that one up.
RC.
Return to “Legal Issues (Practical)”
Who is online
Users browsing this forum: No registered users and 74 guests