You almost certainly have an AI policy. But do you know if it covers what is happening on your network?
Most independent schools have a written AI policy. Far fewer could tell you what’s being typed into AI tools across the building on any given day. The maths teacher might be running her end-of-term reports through ChatGPT. A Year 11 pupil could be pasting their coursework brief into a free AI assistant after school. None of it goes through IT, and the school carries the legal weight regardless of whether anyone in leadership knows it’s happening.
The Tools You Didn’t Approve Are Already Inside
‘Shadow AI’ is the working term for any AI tool used at work outside the organisation’s official remit. Microsoft-commissioned research from Censuswide found that 71% of UK employees had used unapproved AI tools for work, and 51% were doing so at least weekly. Only 32% expressed any concern about the privacy of company or customer data they were entering into these tools and 29% about the security implications for their organisation’s IT systems. The figures cover UK workplaces broadly, but the dynamic carries over into schools with one important amplifier that shouldn’t be ignored: schools hold a category of personal data that few other organisations match for sensitivity.
There are reasons specific to how schools operate that make the exposure worse. IT is rarely centralised in the way it would be at a similarly sized commercial business. Departments procure tools independently, staff move between personal and school devices throughout the day, and pupils arrive with their own AI habits and their own logins, often more fluent than the adults supervising them. The result is a distributed environment where any teacher in any department can introduce a new tool into the school’s data flow without anyone in leadership knowing, and the school still owns that decision, whoever made it.
Where the Liability Sits
A head of pastoral care preparing for parents’ evening pastes a pupil’s recent behaviour log and SEN summary into a free AI tool to draft a clearer explanation for the parents. The output is genuinely useful, but it also means that the named pupil’s identifiable data is now sitting on a third-party server, visible to the organisation running the model, and potentially retained for future training. The school has lost custody of it. The NCSC has warned that LLM providers and their partners can read queries and may incorporate them into future versions of their models. Once that handover has happened, the school’s ability to recall, delete, or even account for the data has effectively ended.
Under UK GDPR, this does not reduce the school’s obligation. The ICO’s guidance on AI and data protection is unambiguous on the point: when an organisation processes personal data through a generative AI system, it remains accountable for that processing whether it commissioned the tool or not. A teacher’s individual decision to click through a vendor’s terms does not transfer liability away from the school, and the absence of a policy that explicitly bans the tool does not work as a defence either. KCSIE 2025, as analysed by Farrer & Co, now expects schools to address generative AI specifically within their filtering, monitoring, and online safety arrangements. That includes signposting the DfE’s product safety expectations for AI tools, a benchmark most consumer chatbots, the kind staff might paste pupil data into, were never designed to meet.
The practical exposure in independent schools is sharpest where the data is most sensitive: medical histories, EHCPs, family circumstances, and safeguarding records. The kind of information parents hand over at enrolment on the assumption that it sits inside the school’s perimeter. None of that should be travelling through a free consumer chatbot. Without visibility, leadership has no way of confirming that it isn’t.
Visibility Is the Bit That Has to Come First
Most schools we speak to want to do the right thing on AI. The obstacle isn’t appetite; it’s that no one has a complete picture of what is happening. You can’t write a sensible policy for a problem you can’t see, and you certainly can’t enforce one against a tool nobody has named.
The instinctive response, blocking ChatGPT on school devices, and sending round a strongly worded email, tends to make things worse rather than better. Staff carry on using the tools, just on personal phones, personal accounts, and the free consumer tier, where data is most aggressively retained for training. The NCSC’s own position is that blanket bans push usage underground rather than removing it entirely. Without an approved alternative and a clear picture of what’s already in play, a ban is just a paper exercise that moves the risk somewhere harder to see.
A Cyber Risk Assessment is the practical starting point. It maps which AI tools are being accessed across the school’s network, identifies where personal data is flowing into unsanctioned services, and surfaces the configuration choices in your existing Microsoft 365 environment that determine whether tools like Copilot are being used safely or are leaking data through default settings nobody has reviewed. It also flags the gaps that auditors and regulators look at first: filtering and monitoring posture, data classification, and the policies that should be governing how staff and pupils interact with AI in the first place.
The output is a working document. It gives heads, bursars, and DPOs something concrete to act on before a parent complaint or an ICO query forces the conversation in the wrong direction. For the wider picture of what schools further along the AI curve are doing, we’ve written about that separately.
If you’d like to know what’s on your network, our Cyber Risk Assessment for independent schools is the place to start. Or if you’d rather have the conversation in person first, join us at The Long Game, our half-day event for school leaders at Puttshack Lakeside.
