The Rochester School data breach was caused as a result of a USB stick containing pupil data being lost. The data stick was also unencrypted.
It’s understood that the data for every single pupil – that’s more than 1,000 pupils – at the Rochester Grammar School was exposed on the unencrypted memory stick that was lost. The data included personal and sensitive information which is enough to cause distress to the victims involved.
Rochester School has since apologised for the data breach and the matter has been reported to the UK’s Information Commissioner’s Office (ICO). The Thinking Schools Academy Trust that runs the school has called the data breach “exceptionally disappointing”.
Rochester School data breach: information exposed
The information exposed in the Rochester School data breach includes:
- Birth dates;
- Email addresses;
- House in school;
- Special education needs;
- Grades: targets and attainments.
It’s also understood that the lost USB stick contained information as to whether pupils spoke English as well.
A serious data breach
The Rochester School data breach is serious given the nature of the personal and sensitive information that has been exposed by the school. Any breach of personal information can be serious, and when we’re talking about potentially vulnerable young people, it’s important to recognise how severe this breach is.
The lost USB stick was reportedly found by a member of the public, and the ICO has been informed.
This is not the first case of an unencrypted USB stick being found by the public that contains personal and sensitive information, and it’s astounding that simple measures such as encryption were not taken when handling the data exposed in this breach.
It’s not difficult at all to password-protect and encrypt data for mobile transport. This should always take place before personal and sensitive data is moved around. Further, data should always be recorded and properly monitored when being moved; a problem the police have faced in the past when moving sensitive data between locations.
Anyone who is affected by a data breach where information has been exposed in such a way can be entitled to claim for data breach compensation.
The Rochester School data breach has taken place after the new GDPR came into force. This means that the punishments the ICO can hand out can be massive.
Although the ICO will assess all cases on a case-by-case basis, it will be interesting to see what punishment the ICO decides to hand out given their new powers that the GDPR has afforded them.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.