Web Filter Breach Procedure - What to do when the filter goes wrong

No online web filtering system can claim to be 100% effective. There will be occasions, however infrequent when a pupil or a member of staff sees something online that they should not. Knowing what to do in these circumstances should be part of every school’s safeguarding procedures.

The information below has been designed to help E2BNProtex users navigate this area. If your school uses a different filter the broad principles will still apply.

Assuming that the inappropriate content has been discovered when other people, especially children, are around. your first task must be to minimise exposure. Flick off the screen or confiscate the device. Deal with the issue discretely. If a pupil is involved remember that they may be upset by the content and fearful of ‘getting into trouble’. The safeguarding of pupils must always take precedent.

You also have a duty to protect yourself and to ensure that the filtering breach is dealt with appropriately.

Follow our step by step guide

If the content could be illegal i.e. contains child sexual abuse imagery or terrorist/extremist material

Whilst this very unlikely it is not impossible so…

  • Quarantine the device. With a PC you need to remove the power supply, on a laptop remove the power supply and battery. If the suspect illegal material is on a tablet switch it off. Remove the device to a secure area – a locked cupboard or the Head teacher’s office.

The device and its contents are potentially a ‘crime scene’ and must be preserved as such.

  • Do not view the material or copy, share, screenshot, disseminate or show the material to anyone. (It is illegal for you to see it)
  • Do not delete or amend the material (it is illegal to tamper with criminal evidence)
  • Do not attempt to ‘investigate’ the source of the material (your actions could hamper any criminal proceedings and make you criminally liable)
  • Do not allow anyone other than the police to remove or access the device (and get a receipt)
  • Contact the police and follow their instructions.
  • Contact E2BNProtex on 01462 834588 to discuss the incident and initiate filter log analysis
  • Follow your school’s appropriate safeguarding and disciplinary procedures

If the material is legal but ‘inappropriate’ (Inappropriate could mean anything from a game site that you don’t want children accessing during lesson time or mild but age inappropriate cartoons to gruesome anti-vivisection sites or pornography)

Make a block page request by going to  http://protex.e2bn.org/listrequest and completing the online form. To have a page or site blocked you will need to add the site(s) URL to the ‘URL to blocked field’ highlighted in red. Use the comment field to describe the circumstances around discovering the inappropriate material and which filter profile was being used e.g. Staff, Student.


  • Make a note of the TrackID number that comes on the screen following your submission.
  • E2BN will receive notification of your block request.  We are usually able to prevent access to the URL in your school (and in all other schools) very quickly. However, it may take up to four hours for the block to take effect.
  • When we have processed your request you will receive an email from This email address is being protected from spambots. You need JavaScript enabled to view it. referring to the TrackID and telling you how we have dealt with the site/URL.
  • If you believe that the nature of the site is such that it needs to be blocked as a matter of urgency please make a note of the URL and ring the E2BN office on 01462 834588 or (if your school has an admin account) speak to the school’s account holder
  • Follow your school’s appropriate safeguarding and disciplinary procedures.

GDPR - It's Not Over Yet


In the run-up to 25th May 2018, someone in your school was very busy making sure that the school’s data policies and procedures where GDPR (General Data Protection Regulation) compliant. Old data was destroyed, current data was scrutinised and 3rd party data handlers’ assurances were sort. You might have received some training about looking after personal data and you were probably told about how your employer handles your personal data.

It would be easy to think that you were now done with GDPR but have you considered all of your data? 

The signing in / out system?

  • All schools collect personal data (name, company, car registration) about people who visit the school but rarely provide a privacy statement at the point of collection.
  • How do you ensure that the paper-based log doesn’t get lost or stolen?
  • What happens to the personal data, which often includes an image, collected by computer/app based sign in/out systems?

Display of photos and names?

  • Many staff rooms have a little display of photos of children who have particular medical conditions or special safeguarding needs. Consider if this display is necessary and whether it poses a potential data breach risk.
  • Do school visitors use the staff room? Why are you sharing this personal data with them?
  • In your next staff meeting cover up the display. Ask staff to name the children and their special medical condition or safeguarding concern. If your staff can’t recall which child has a special medical condition or who isn’t allowed to be collected by their dad the display not achieving its aim.
  • Is there a better way to make all staff aware of individual pupil’s health and safeguarding issues without broadcasting them to every casual visitor to the staffroom?

Computer Display Screen?

  • Do all staff lock or log out of systems when they leave their devices? It's amazing what you can find out by glancing at an unmanned PC or laptop. 
  • Is there a line of sight between the device screen and the door, or worse still a window? Imagine that the Head is typing up your reference or a disciplinary notice, or maybe the SENCo is writing a safeguarding report. Now, imagine someone else is peering in through the window and reading over their shoulder? That's a data breach!

Becoming, and remaining, GDPR compliant is a big task but schools are good at compliance.  However, in the rush to write new policies, clear out the file stores and seek assurances from 3rd-party suppliers of their compliance it is easy to overlook the more human aspects of data protection.  Most data breaches are due to human fallibility. So as well as looking at your office systems take a 'data walk' around your school and actively look for places where personal data is collected or processed. Consider paper-based as well as computerised data. Think about the physical environment as well as the device being used. How and where do your staff handle data? Think about who else could take that 'walk'. What personal data could they see, steal or change? 

For more help on GDPR please see our partner company, Data Protection Education's website






Schools wanted for Times Table trials

The Standards and Testing Agency is looking for schools to trial the new times tables test that will be statutory for all Year 4 pupils from 2020 The STA is particularly interested in working with schools with a high proportion of SEND pupils or with intermittent broadband in order to test accessibility. To get involved in the trial please see the STA's development update


Fraudsters Target Schools

This problem isn't a new one but it seems that schools are facing renewed and sophisticated attempts to obtain large amounts of money through online scams.

Here is a recent example which might help you know what to look out for: A school bursar received an email apparently from the Headteacher asking for an urgent supplier payment to be made. The senders email address was ‘spoofed’ to appear genuine, and after some email correspondence regarding the transfer the Bursar went into the school during half term to establish why this payment needed to be made. The fraud was only identified by the bursar after finally reaching the Headteacher by telephone, who knew nothing of the request.

There is an increase in the volume and sophistication of such attempts which are often targeting individuals using correct names and ‘spoofed’ email addresses making the request seem extremely plausible.

If you suspect an attempt at fraud you should report it to your ISP and to Action Fraud, the National Fraud and Cyber Crime Reporting centre.


CAS National Conference

This year is the 10th anniversary of the CAS National Conference and it promises to be a great event. It takes place in Birmingham on Friday 15th June and Saturday 16th June 2018.

It will a celebration of all things CAS with a range of inspiring plenaries and classroom-based workshops for both Primary and Secondary teachers of Computing.

The conference will be a time to reflect, a time to look forward and a time to recharge the batteries, with new ideas and resources from experienced colleagues.The CAS conference is a great way to experience all that the CAS community has to offer. For full details and to book, visit here.

Latest from the Blog