Waseley Hills High School and Sixth Form Centre in Birmingham has taken remedial action after the Information Commissioner’s Office (ICO) found it in breach of the Data Protection Act after the theft of personal data of over 1,000 pupils and staff.
The school’s previous Headteacher, Mr David Thurburton, informed the ICO of the theft of an unencrypted laptop containing the personal data of 984 pupils and 186 members of staff, including sensitive personal data.
A formal Undertaking has been signed by Waseley Hills High School and Sixth Form Centre committing it to take a number of steps to ensure that personal data is processed in compliance with the Data Protection Act. The school will ensure that any personal data required to be held on a portable device is suitably encrypted where necessary, appropriate staff are fully aware of security procedures and security measures are implemented where the school deems appropriate to ensure that personal data is more effectively protected from theft.
Mick Gorrill, Assistant Information Commissioner at the ICO, said: “Storing large volumes of personal information on portable devices is unnecessarily risky. If personal details fall into the wrong hands, individuals can experience considerable distress. It is vital that personal information is handled securely, especially where so many children and young people are concerned. I am pleased that the school has taken action to guard against security breaches of this nature in future.”
Failure to meet the terms of the Undertaking is likely to lead to enforcement action by the ICO. A copy of the Undertaking can be downloaded here: http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx.