The Information Commissioner’s Office (ICO) has criticised the Student Loans Company Limited after a series of data breaches involving customers’ records.
The business reported several incidents where information held about customers, including medical details and a psychological assessment, had been sent to the wrong people.
An ICO investigation found that not enough checks were carried out when documents were being scanned to add to customer accounts, and more sensitive documents actually received fewer checks. ICO Head of Enforcement, Stephen Eckersley, said:
“For the majority of students, the Student Loans Company represents a crucial service that they rely on to fund their studies. Students are obliged to provide personal information to the loans company, both while they receive the loan and in the years when they are paying it back, and they are right to expect that information to be properly looked after.
“Our investigation showed that wasn’t happening. We’ve spoken with the company and made clear that changes need to be made, and a formal undertaking is now in place.”
The Student Loans Company Ltd has signed an undertaking committing the organisation to ensure proper checks are carried out before correspondence is sent out, as well making staff better aware of its data protection policy.
SOURCE: Information Commissioner’s Office