Blog article
See all stories ยป

Barnet Council loss of personal data about former Students

Barnet Council reports a data loss affecting about 9,000 Students who were in year 11 across 3 Academic Years from 2006 - 2009 which was stolen in a domestic burglary earlier in March.

The computer equipment was encrypted in line with council policies, so cannot be used to access confidential information. But this was not the case with a number of  CDs & memory sticks. This was a clear breach of  policies and the member of staff concerned has been suspended.

Barnet Council has confirmed that the data stored on the CD ROMs and memory sticks included Surname, Forename, Gender, Date of Birth, Address, Postcode, Phone number, UPN (a unique identification number), Ethnicity, free school meals eligibility, in-care indicator, Language, gifted and talented indicator, mode of travel to school, entry date to school, special educational needs indicator, school, attainment data for English, Maths and Science at end of years 6 and 9, attendance rate.

Barnet have carried out a full risk assessment on the information on the stolen CDs, made software changes to prevent staff saving any data onto unsecured memory devices (including CDs), confirmed that every council computer used by staff outside of the office is securely encrypted and ordered a full independent enquiry into how this incident came to take place and how the council protects confidential information.

The data is described as being held for statistical purposes comparing trends amongst all students with the school performance of the children with which they were working.

However, I have to ask if it was for purely statistical purposes, why was the data not scrubbed of any identifying information? They could have relied upon their UPN for tracking purposes, and removed Name, Address, Phone Number, perhaps leaving in Date of Birth (would Month & Year have sufficed?) and Postcode?

Moreover, if this data is being collected on behalf of the Department of Children, Schools and Families, have they issued any guidelines, or is it possible that thousands of other schools are doing exactly the same thing, and there is a time bomb ticking away?

 

 

6276

Comments: (0)

Keith Appleyard

Keith Appleyard

IT Consultant

available for hire

Member since

17 Aug 2007

Location

Bromley

Blog posts

60

Comments

108

More from Keith

This post is from a series of posts in the group:

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.


See all