recent work

Educational establishments breach Data Protection Act

Publicservice.co.uk has today reported on the loss of personal information from two educational establishments.

The Data Protection Act was breached by Holly Park School in Barnet after an unencrypted laptop was stolen from an unlocked cupboard; a breach that would and should have been fairly easy to prevent had the correct training, policies and procedures been in place – as it happened, the school had no data protection policy in place at all. The information stolen included pupil’s names, address, exam marks as well as some health-related information.

In a separate incident, an employee of the Association of School College Leaders had a laptop stolen from their home. The laptop contained sensitive personal information, and although encryption software was installed on the laptop, employees were given the choice as to what documents to encrypt. Details lost included union membership details and physical and mental health statuses.

“All personal information – the loss of which is liable to cause individuals damage and distress – must be encrypted,” said the ICO’s acting head of enforcement, Sally Anne Poole.

“This is one of the most basic security measures and is not expensive to put in place – yet we continue to see incidents being reported to us.

“This type of breach is inexcusable and is putting people’s personal information at risk unnecessarily.”

Comment
Both organisations were said to have now taken action to make sure the personal information they handle is protected. Absolute Data is committed to ensuring companies and organisations, regardless of their size, create and follow realistic policies and procedures that are above the law. We can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at info@absolute-data.co.uk, or call us on 01423 790125.