The security of sensitive information about Norfolk children could be at risk after a data security audit revealed a string of failings at schools in the county.

Education chiefs have written to headteachers and governing bodies after a survey of eight 'random but representative' schools found that all but one had a number of shortcomings.

These included electronic data not kept in a secure environment, schools being unaware of how to prevent, discover, record, investigate and report information security breaches, and unencrypted devices and privately-owned computers being used to transfer data.

Schools can hold highly-sensitive information about children, including physical or mental health details, racial or ethnic origin, religious or other beliefs, sexual life, and offences and alleged offences.

Adrian Thompson, the council's chief internal auditor, said: 'Out of the eight schools audited, one had no information security problems at all, but the others had a range of issues to address. It is likely the same wide variation would be found across all schools. I think it is fair to say this is a wake-up call to schools that have not understood their data protection and information handling responsibilities.'

The Information Commissioner's Office, which can impose financial penalties for 'serious contraventions', said it did not know if any complaints had been made about data handling at Norfolk schools, but it had not made any rulings about schools in the county over the past year.

A spokesperson said: 'Information security is an extremely important subject for schools as the loss of or unauthorised access to personal information is likely to cause most harm to pupils, parents or staff and is most likely to result in us taking action.'

Do you have an education story? Email martin.george@archant.co.uk