The Scarborough Sixth Form data breach was another example of an email leak that was caused by a simple administrative error.
It happened in July last year, so it falls within the scope of the new GDPR legislation. The incident was referred to the ICO (Information Commissioner’s Office) for investigation.
As alarming as an email leak sounds, it’s not an uncommon occurrence. We represent a number of people who have been involved in email data leaks, with the most prominent one being the 56 Dean Street Clinic leak of 2015. As easy as these things can happen, there’s no excuse for allowing it to happen at all.
What happened in the Scarborough Sixth Form data breach?
The Scarborough Sixth Form data breach was an accidental leak of personal information in an email. A spreadsheet was somehow attached to an email that was sent to hundreds of applicants to the Sixth Form.
The spreadsheet contained personal data about fellow applicants, which included names, phone numbers and addresses.
A follow-up email was sent where an apology was issued for the initial data leak. The college has been criticised by some for reportedly handling the data breach badly as well.
What’s being done about the Scarborough Sixth Form data breach?
As is required by the law, the Scarborough Sixth Form data breach has been referred to the ICO. The email was about a summer messaging service, so it’s unknown as to how the attachment ended up on the email.
Clearly, whatever system had been used for sending out mailshots to people hasn’t been effective enough in ensuring data leaks wouldn’t happen. The college has confirmed that their processes are to be reviewed to ensure this doesn’t happen again.
Speaking about the Scarborough Sixth Form data breach, the Principal acknowledged that an “administrative error” had led to the inadvertent leak of information.
He went on to say:
“I cannot emphasise enough our genuine apologies and understanding of the seriousness of protecting data, and concern about data breach.”
The Scarborough Sixth Form data breach was the result of yet another simple email leak. Data handling can be a messy business when it goes as horribly wrong as it has done in this case.
This isn’t the first time, and probably won’t be the last time, we hear about an email leak of personal information. We will be interested to see the kinds of precedents that the new GDPR may set in terms of fines for such offences as well.