This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

School and union's Data Protection Act breach 'inexcusable'

Share this article:
Schoolboy errors in Hampshire school hack attack, 20,000 at risk
Schoolboy errors in Hampshire school hack attack, 20,000 at risk
The Information Commissioner's Office (ICO) has reported that a school and a school union breached the Data Protection Act following the loss of laptops.

It reported that the Association of School and College Leaders (ASCL) breached the act in May 2011 when a laptop was stolen from an employee's home. Enquires found that while the laptop had encryption software installed on it, the decision on whether or not to encrypt individual documents was left to the employee.

At the time of the theft, the laptop included unencrypted personal information relating to approximately 100 individuals, which included details of their membership of the union and, in some cases, details of their physical and mental health.

The ICO also reported that an unencrypted laptop was stolen from an unlocked office at Holly Park School in Barnet. The device contained pupils' names, addresses, exam marks and some limited information relating to their health.

Sally Anne Poole, acting head of enforcement at the ICO, said: “The ICO's guidance is clear: all personal information, the loss of which is liable to cause individuals damage and distress, must be encrypted.

“This is one of the most basic security measures and is not expensive to put in place, yet we continue to see incidents being reported to us. This type of breach is inexcusable and is putting people's personal information at risk unnecessarily.”

Mike Smart, product and solutions director at SafeNet, said: “Two recent stories of serious data breaches at UK educational institutions suggests some school IT administrators need to go back to school on data protection strategies.

“Perhaps that's too strong a line, but it does beggar belief that encryption isn't being used either widely enough or at all. This is especially concerning given the sensitivity of the information at risk and the severe damage to a school's reputation and finances from falling foul of the regulators and the media.”

Chris McIntosh, CEO of ViaSat UK, said: “It still seems that too many organisations are learning to improve their data protection policies through being subject to a data loss: a clear case of locking the stable door even though the horse has not only bolted but wrecked the door in doing so.

“The ICO is right to keep banging the drum on encryption, as we can see from these cases it's not enough to simply place encryption software on a device and hope that workers will automatically know what data needs to be encrypted.

“Organisations need to employ the best encryption they can afford in tandem with rigorous policies to ensure that no sensitive data is left unencrypted, while educating employees on the need for data security and the consequences if it is ignored. Leaving devices unprotected, or protecting them but leaving the decision to encrypt to the individual worker simply isn't good enough: organisations must be able to guarantee that their data is protected at all times.”  

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

New TorrentLocker ransomware trades on fear of CryptoLocker

New TorrentLocker ransomware trades on fear of CryptoLocker

A new breed of ransomware called TorrentLocker that mimics more feared versions like CryptoLocker and CryptoWall has been discovered targeting users in Australia.

UK Ministry of Defence launches £2 million cyber defence competition

UK Ministry of Defence launches £2 million cyber ...

The British government has kicked-off a £2 million contest to find new ways to protect the Ministry of Defence (MoD) computer systems from cyber-attacks using automated threat response.

GCHQ tries to hack every server in 27 countries

GCHQ tries to hack every server in 27 ...

British spy agency GCHQ has been scanning every public-facing server in 27 countries for years to find any weak systems it can hack, according to the latest media reports.