The Scarborough Sixth Form data breach was another example of an email leak that was caused by a simple administrative error.
It happened in July last year, so it falls within the scope of the new GDPR legislation. The incident was referred to the ICO (Information Commissioner’s Office) for investigation.
As alarming as an email leak sounds, it’s not an uncommon occurrence. We represent a number of people who have been involved in email data leaks, with the most prominent one being the 56 Dean Street Clinic leak of 2015. As easy as these things can happen, there’s no excuse for allowing it to happen at all.
The recent Twickenham school data breach incidents in the news last month highlight the sorts of problems we face when it comes to data protection.
In these incidents, headteacher Darren Harrison was fined £700.00 and ordered to pay costs of £364.00, plus a victim surcharge of £35, for breaching data laws. He’d reportedly taken data from previous schools he’d worked at – Spelthorne Primary and Russell School – for, he says, professional reasons. He then uploaded the data on to the server of the school he’d then been employed with, Isleworth Town Primary School.
An IT audit discovered the movement of the data about the pupils. This kind of breach is not unique at all.
The Rochester School data breach was caused as a result of a USB stick containing pupil data being lost. The data stick was also unencrypted.
It’s understood that the data for every single pupil – that’s more than 1,000 pupils – at the Rochester Grammar School was exposed on the unencrypted memory stick that was lost. The data included personal and sensitive information which is enough to cause distress to the victims involved.
Rochester School has since apologised for the data breach and the matter has been reported to the UK’s Information Commissioner’s Office (ICO). The Thinking Schools Academy Trust that runs the school has called the data breach “exceptionally disappointing”.