Cyber security and data breaches
The BBC recently reported that 14 schools had been hacked with confidential information about pupils, staff and parents being leaked onto the dark web.
Files with names such as ‘contracts’ with staff pay scale and contract details, ‘passports’ with scans of pupil passports and ‘SEN information’ were among the first targeted by the cyber attackers.
Such a breach of security triggers notification to the Information Commissioner’s Office (ICO). Data controllers are required to notify the ICO without undue delay and within 72 hours of becoming aware of the data breach.
Controllers may also need to inform the data subjects (although there are some exemptions). In the reported cases, staff and pupils were informed and support was offered.
Implications for safeguarding
From a safeguarding perspective, para 144 of KCSIE 2022 states that schools are responsible for ensuring that the appropriate level of security protection procedures are in place to safeguard systems, staff and learners. The effectiveness of these procedures should be reviewed periodically.
These incidents come as a timely reminder to schools to update internal breach notification procedures, including incident identification systems and incident response plans.
Check your school’s insurance policy to ensure data breaches are covered and keep the internal breach register up to date.
Further information and support
Links to additional guidance on cyber security, including for governors and trustees, are also cited in KCSIE. (NEN and Cyber security training for school staff — NCSC.GOV.UK)
We offer a range of expert support, guidance and training for staff at all levels to mitigate and handle data breaches effectively and compliantly.
Find out more about data protection and information security for schools
Related expertise
You may be interested in...
Legal Update
High Court dismisses school prayer ban challenge
Online Event - Shared Insights
Shared Insights Data: Strategies for handling cyber attacks and data breaches
Legal Update
School leaders survey Spring 2024 - the results are in
Guide
Revisions to Ofsted’s complaints procedure: what you need to know
Legal Update
OFS Consultation on freedom of speech guidance
Press Release
‘Privacy by design’ approach will help health and care organisations gain public trust in using technology as ICO publishes new guidance
Legal Update
Understanding the ICO's new fining guidance
Legal Update
7 ways academy trusts can prepare for the new Corporate Transparency Act
Online Event
School complaints: handling problem parent behaviour
Legal Update
Unravelling the challenges and opportunities in UK sports governance
Press Release - Firm news
Three newly-qualified solicitors join Browne Jacobson’s education team
Podcast - #EdInfluence
#EdInfluence podcast (series 3) - in conversation with inspiring leaders
Opinion
Can teachers personal and political views amount to misconduct?
Legal Update
ICO consultation on accessing care records: A legal perspective
Legal Update
New leadership for our education team
Press Release - Firm news
Browne Jacobson announces Nick MacKenzie to succeed Mark Blois as head of Browne Jacobson’s education team
Press Release
Browne Jacobson advises European micromobility insurtech Laka on investment from Achmea Innovation Fund
Legal Update
Changes to academy conversion funding
Legal Update
Holiday pay: Government change clarifies treatment of term time only workers
Legal Update
All change at Companies House - Corporate Transparency Act
Online Event
Understanding the changing role of company secretary for academy trusts
Legal Update
Cyber-attacks in UK universities: Why failing to prepare is no longer an option
Legal Update - The Word
The Word, March 2024
Legal Update
Artificial intelligence – shaping a sustainable future
Opinion
School attendance matters
Press Release
Spring Budget 2024: Browne Jacobson reaction
Legal Update
Not quite a blanket ban on mobile phones in schools: DfE guidance insights
Legal Update
Charity law update – March 2024
Opinion
Caregivers at work: Navigating new carer's leave regulations
On-Demand - Shared Insights
Shared Insights: Sexual safety in the workplace — how leaders can help to create a sexual safety culture
Legal Update
Commercial Court considers requests for stay or anti-suit injunction where two competing reinsurance wordings
Legal Update
Updated guidance for collaborative learning delivery in higher education
Opinion
EHRC publishes new guidance on menopause and the workplace
Legal Update
Parametric flood policies - Insurers no longer in uncharted waters?
Legal Update
LockBit unlocked: International taskforce takes down major cyber criminal organisation
Legal Update - Consumer Duty
80% of GAP market pause sales amid Consumer Duty concerns
Legal Update
FCA writes to MPs over car insurance premiums. What do increases mean for fraud?
Legal Update
Biodiversity Net Gain: A new landscape for restoration clauses
Legal Update
The regulators’ pet project
