School data breach leaks sensitive information about pupils
SENSITIVE information about pupils was leaked to parents and students following a data breach at a secondary school.
Information such as free school meal status, address, deprivation status, exam dispensation and special educational needs of Year 11 children at Greeensward Academy in Hockley was accidentally leaked by a teacher.
The information was made available to Year 11 pupils and their parents via Google Classroom when a mock examinations timetable was shared by the teacher who was unaware the document also contained sensitive information.
“It’s just unacceptable for this to happen,” a parent who wished to remain anonymous said.
“Some kids might not want other kids to know these things about them, as sadly, when it comes to stuff like free school meals, they might be mocked or looked down upon."
According to a pupil, who also wished to remain anonymous, the document was posted online on January 17 and was removed five days later.
They said: "Kids are going around saying other people are on benefits. Some of my friends are on there and they're not comfortable that other people know their disabilities or if they are getting free meals."
On Tuesday, a letter was sent to parents of Year 11 pupils explaining the mistake and detailing actions taken to rectify the leak.
Education support manager Tom Gibbs-Digby said: “At Greensward Academy, we take the security of personal data extremely seriously and work hard to ensure we work within the GDPR regulations to keep your personal data secure.”
General Data Protection Regulation (GDPR) came into law in 2018 and means individuals and establishments responsible for using personal data have to follow strict rules to keep it secure.
Mr Gibbs-Digby added: “The information was only visible to Year 11 students and their parents/carers registers with Greensward Academy and was not visible to any other outside parties, companies or organisations.
“The incident was reported immediately and has been logged with our data controller as a data breach. An investigation has taken place and the staff involved have been given training and guidance in an effort to ensure that this does not happen again.”
Parents and pupils who downloaded the document have been asked to delete it.