The Information Commissioner’s Office (ICO) has recently published the latest statistics on reported data breaches. Between November 2019 and January 2020 a total of 2,795 data breaches were reported, with just over 15% of the occurrences originating in the education sector.
The Information Commissioner’s Office (ICO) has recently published the latest statistics on reported data breaches. Between November 2019 and January 2020 a total of 2,795 data breaches were reported, with just over 15% of the occurrences originating in the education sector.
In this article Dai Durbridge reviews the data and highlights some lessons learned that could be implemented in your school to help you reduce risk and avoid unnecessary financial penalties.
Over the three-month period, 429 data breaches were reported across the education sector. Of the 24 different business areas recorded, only the health sector reported more – with 542 individual cases reported.
We should not, however, read too much into these numbers, as they could tell us very different things: on the one hand yes, there are still a lot of breaches in the sector; but on the other hand, education institutions could just be much better than others at reporting them. Or what is more likely, it could be something in between. What is of interest – and extremely useful – are the types of breach reported.
Data breaches are divided into 20 different breach categories, covering everything from malicious cyber threats to the incorrect disposal of data. The list below includes the top five types of breaches reported in the education sector, along with a couple of other interesting ones:
|
Type of breach |
Number of breaches |
|
Data emailed to wrong recipient |
48 |
|
Loss of paperwork |
41 |
|
Phishing attacks |
39 |
|
Posted/faxed to wrong address |
26 |
|
Loss of devices |
24 |
|
Unauthorised access to data |
20 |
|
Failure to redact information |
15 |
You probably recognise these are risk areas in your school. The two interesting ones are, well, interesting: 15 reported breaches for schools failing to redact information, and a further 20 breaches caused by unauthorised access to data.
Over the last couple of years we have advised many clients following data breaches. If you asked me to guess the top three behaviours likely to cause a data breach in schools, I would say:
The wider sector statistics reported by the ICO are certainly in line with what we are seeing from our clients.
Now you know what the key risks are, you should consider the extent to which they are risks in your school or trust and what steps you may need to take to minimise them. You should consider the following:
Given that the top three types of data breach account for over a quarter of all education breaches, you can improve your GDPR compliance by simply focussing on these issues.
Partner
dai.durbridge@brownejacobson.com
+44 (0)330 045 2105
Regardless of the outcome of ballots on industrial action, unless there is drastic change to funding for schools in relation to pay increases, it will be unusual to find any organisational budget that is not impacted by the current economic situation.
There’s been little evidence of interventions or financial management reviews this year and it appears the Education and Skills Funding Agency (ESFA) has re-focussed on financial delivery. It’s also telling that there were no discernible changes to the reporting of financial irregularities in the Academies Trust Handbook 2022.
The Children’s Commissioner, Rachel De Souza, has recently published a report “Beyond the labels: a SEND system which works for every child, every time”, which she intends to sit alongside the DfE’s SEND Review (2019) and SEND Green Paper (2022) and which she hopes will put children’s voices at the heart of the government’s review of SEND system.
Official statistics show that 15,336 claims which included a complaint of age discrimination were received at the Employment Tribunals between March 2020 and March 2021.
As well as providing day-to-day support to help you focus on managing your settings, we also provide training and professional development on a range of topics to keep you and your staff up-to-date.
There’s greater opportunity than ever for parents, carers and guardians to voice any concerns they have relating to their child’s education and for their concerns to be heard and to be taken seriously. While most staff in schools and academies are conscious of their legal duties relating to complaints management, many are struggling to cope with such a significant increase in the volume of complaints they must manage.
We’re pleased to collaborate with Lloyds Bank, who recently asked us and audit and risk specialists Crowe UK to offer guidance that academy trusts would find helpful when considering setting up a trading subsidiary.
The World Cup kicks off in Qatar on Sunday 20 November 2022, with the final taking place on Sunday 18 December 2022. Undoubtedly, this is a huge sporting event, and many employees will be keen to show their support for their favourite teams. However, due to the time difference, start times for the matches are between 10 a.m. and 7 p.m. UK time, which could have an impact on employers if employees who wish to watch the matches are scheduled to work.
The DfE has published new guidance and opened the application process for window two of the Trust Capacity Fund (TCaF) for 2022/2023, with a fund of £86m in trust capacity funding focused particularly on education investment areas.
The Independent Inquiry into Child Sexual Abuse was established in March 2015. We now have its report. As you would expect with such a broad scope, the report is long and makes a number of far-reaching recommendations. In this article, Dai Durbridge highlights seven of the 20 recommendations, sets out how they could impact on schools and suggests what steps to take now.
Browne Jacobson’s education team has been named as winner of the ‘Legal Advisors to Education Institutions’ category at the Education Investor Awards 2022 for a record sixth time.
Since the new Suspensions and Exclusions Statutory Guidance was published, we have received a lot of questions about the use of managed moves. For the first time, the Statutory Guidance does explain what a managed move is, but in relatively broad terms and does not cover the mechanics of how a managed move should operate.
Over 3000 young people from across the UK and Ireland took part in a virtual legal careers insight event, aimed at making the legal profession more diverse.
Holly Quirk, an associate barrister in Browne Jacobson’s Manchester office, was awarded the Legal Professional of the Year Award at this year’s Manchester Young Talent Awards.
The risk of assault against staff is, sadly, something that all schools need to consider carefully. Here one legal expert explains what they can do to protect staff and ensure they fulfil their duty of care.
Browne Jacobson’s education team has again been confirmed as a national powerhouse after securing five Tier 1 rankings relating to Education in the latest edition of Legal 500 and maintaining a Band 1 UK-wide ranking for Education in Chambers & Partners UK 2023.
