The recent Twickenham school data breach incidents in the news last month highlight the sorts of problems we face when it comes to data protection.
In these incidents, headteacher Darren Harrison was fined £700.00 and ordered to pay costs of £364.00, plus a victim surcharge of £35, for breaching data laws. He’d reportedly taken data from previous schools he’d worked at – Spelthorne Primary and Russell School – for, he says, professional reasons. He then uploaded the data on to the server of the school he’d then been employed with, Isleworth Town Primary School.
An IT audit discovered the movement of the data about the pupils. This kind of breach is not unique at all.
Admission over Twickenham school data breach incidents
Mr Harrison admitted the offences he was accused of over the Twickenham school data breach incidents. He reportedly told the Court that he’d only taken the data for professional purposes, using a USB stick to store it.
But he had no lawful reason to have hold of the pupils’ data he’d taken and uploaded on to a different school’s server. He was subsequently suspended for six months.
What do the Twickenham school data breach incidents highlight?
There are a number of issues highlighted by the Twickenham school data breach incidents reported last month.
First is the ease of data being transferred without anyone knowing about it right away. Persons in positions of authority where they have access to large volumes of data must comply with the law, and ignorance of the law is not an excuse. Yet we often hear of hospital staff illegally accessing medical records, or people taking large volumes of data between employers.
This isn’t allowed but happens so easily. What’s particularly worrying about this case is that the data was for children; i.e. potentially vulnerable young people.
The incidents also show that we really don’t know how well protected our data is. Anyone from a range of industries could do a similar thing. There are bound to be countless organisations that wouldn’t be able to spot such an incident.
The news of the Twickenham school data breach incidents should serve as an important warning to others in the education sector that data protection laws prevent the use of data in such ways.
A spokesperson for the ICO (Information Commissioner’s Office) said:
“The ICO will continue to take action against those who we find have abused their position of trust.”