Increased personal data breaches in education sector

09 March 2017

Author: Aaron Roddy
Sector: Education


The Information Commissioner’s Office (“ICO”) has reported a 40% increase in data security incidents in the education sector[1]. The ICO defines a data breach as being a “breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communication device”.

This statistic demonstrates that instances of unauthorised access to personal data may be on the increase, so any entity which holds personal data as part of its business will need to be aware of the real risk that a potential data breach poses. A data breach can lead to many negative consequences for any business such as a fine being imposed by the ICO for a breach of the data protection regulations, claims being brought by individuals whom have been directly affected by the data breach as well as the negative impact a data breach can have on a business' reputation.

Therefore, any business which handles personal data should ensure they have robust mechanisms in place to combat any potential data breach, as well as a clear plan for how it would respond should a data breach occur.

Such mechanisms could include:

  • Ensuring all staff are aware of the risk of a data breach, and have received training in how to recognise and avoid a potential data breach;
  • Ensuring security software is adequate to combat any potential threats and is current and up to date; and
  • Ensuring any data which does not have to be kept is periodically deleted from the system.

An appropriate plan for responding to any data breaches should include:

  • Notifying the ICO within 24 hours of becoming aware of the essential facts of the breach;
  • Considering notifying those who are likely to be adversely affected by the data breach; and
  • Notifying a legal representative so that they will be able to offer guidance of the steps which should be taken in the immediate aftermath of the data breach as well as helping recovery from the data breach.

Should you require any further information regarding data breaches, or if you have any other general data protection queries, please give our expert general data protection team a call and we would be happy to assist.

If you would like to download the full article, please click here.