Rochester School data breach

The Rochester School data breach was caused as a result of a USB stick containing pupil data being lost. The data stick was also unencrypted.

It’s understood that the data for every single pupil – that’s more than 1,000 pupils – at the Rochester Grammar School was exposed on the unencrypted memory stick that was lost. The data included personal and sensitive information which is enough to cause distress to the victims involved.

Rochester School has since apologised for the data breach and the matter has been reported to the UK’s Information Commissioner’s Office (ICO). The Thinking Schools Academy Trust that runs the school has called the data breach “exceptionally disappointing”.

Rochester School data breach: information exposed

The information exposed in the Rochester School data breach includes:

Names;
Birth dates;
Email addresses;
Years;
House in school;
Special education needs;
Grades: targets and attainments.

It’s also understood that the lost USB stick contained information as to whether pupils spoke English as well.

A serious data breach

The Rochester School data breach is serious given the nature of the personal and sensitive information that has been exposed by the school. Any breach of personal information can be serious, and when we’re talking about potentially vulnerable young people, it’s important to recognise how severe this breach is.

The lost USB stick was reportedly found by a member of the public, and the ICO has been informed.

This is not the first case of an unencrypted USB stick being found by the public that contains personal and sensitive information, and it’s astounding that simple measures such as encryption were not taken when handling the data exposed in this breach.

It’s not difficult at all to password-protect and encrypt data for mobile transport. This should always take place before personal and sensitive data is moved around. Further, data should always be recorded and properly monitored when being moved; a problem the police have faced in the past when moving sensitive data between locations.

Anyone who is affected by a data breach where information has been exposed in such a way can be entitled to claim for data breach compensation.

GDPR

The Rochester School data breach has taken place after the new GDPR came into force. This means that the punishments the ICO can hand out can be massive.

Although the ICO will assess all cases on a case-by-case basis, it will be interesting to see what punishment the ICO decides to hand out given their new powers that the GDPR has afforded them.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.