DfE

DfE apologises to academy finance staff over data blunder

Contact details for staff at an academy finance professionals event were accidentally shared with other attendees

Contact details for staff at an academy finance professionals event were accidentally shared with other attendees

19 Nov 2021, 18:03

More from this author

grade
Exclusive

The Department for Education has apologised after a group of academy finance staff’s details were compromised in a data breach.

More than 850 staff working in trust finance had signed up a virtual event next week, where the DfE will advise attendees on funding levels, the pupil premium, the national funding formula and other topics. Education and Skills Funding Agency interim CEO John Edwards is due to speak at the event.

But attendees received an email on Thursday revealing officials had discovered the calendar invitation “enables people to see the email address of other participants”.

The invite was “immediately cancelled” and officials asked guests to remove the meeting from calendars.

The email also revealed “one incident” saw an attendee add the invite into their calendar, only to trigger a new meeting invitation to everyone else.

“At this stage, we do not know what has allowed this to happen, but we have logged this formally as a ‘data breach’ and would like to sincerely apologise to everyone for the confusion and inconvenience this has caused,” the DfE told attendees.

Organisers confirmed the event would still go ahead as planned. Officials said they had taken immediate action, sent out no further calendar invites and the DfE’s data protection office would review the case and decide whether to refer it to the Information Commissioner’s Office.

Duty to report some data breaches

A spokesperson for the ICO said on Friday morning it had not received a breach report from the DfE, though added that not all breaches had to be reported.

“Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach, unless it does not pose a risk to people’s rights and freedoms.

“If an organisation decides that a breach doesn’t need to be reported they should keep their own record of it, and be able to explain why it wasn’t reported if necessary.”

Pete Woodward, co-founder of Securious, a cyber-security specialist which works with schools, noted “accidents happen”, but said it could suggest a need for better staff understanding and training in the tech they use.

“If users have seen each others’ emails – hopefully that’s not going to result in someone dying, but it is an incident that could cause concern. The bottom line is to learn from it.”

‘Increased risk’ since remote learning shift

Woodward said it was “obvious” such incidents would happen more widely in the sector given the surge in remote learning and tech use during Covid.

The shift meant lots of staff previously unfamiliar with certain software had faced a “steep learning curve”.

“Schools have a lot of children’s sensitive information – so understanding how you share and secure that is key.”

A government survey published earlier this year found 36 per cent of primary schools and 58 per cent of secondaries had identified breaches or attacks in the past year.

The DfE’s 2019-20 annual report said progress had been made on cyber-security, with an “ongoing co-ordinated programme of work to strengthen controls”.

It recorded three “protected personal data-related incidents” at the department in the year which it reported to the ICO, up from two in the two previous years.

The Department for Education has been approached for comment.

Latest education roles from

Student Support and Attendance Officer

Student Support and Attendance Officer

Solihull College and University Centre

Group Director of Information Technology (IT) – The Bedford College Group

Group Director of Information Technology (IT) – The Bedford College Group

FEA

GCSE English Teacher

GCSE English Teacher

Barnsley College

Tutorial Learning Mentor

Tutorial Learning Mentor

Barnsley College

Tutor of Engineering : Fabrication & Welding

Tutor of Engineering : Fabrication & Welding

York College

Lecturer in Construction – Carpentry & Joinery

Lecturer in Construction – Carpentry & Joinery

Castleford College

Sponsored posts

Sponsored post

Bridging the Skills Gap: Recognising Self-Awareness and Wellbeing

ASDAN renews the six core skills at the heart of its learner-led approach and development of personal effectiveness qualifications.

SWAdvertorial
Sponsored post

Cybersecurity in Education: Building Trust and Integrity

Schools, academies, colleges and, universities in particular, are expected to provide state-of-the-art facilities, blending advanced technology with academic excellence...

SWAdvertorial
Sponsored post

Ensuring Learning Never Stops: Portakabin Supporting Schools Affected by RAAC

In recent months, the discovery of reinforced autoclaved aerated concrete (RAAC) in over 230 schools across England has presented...

SWAdvertorial
Sponsored post

Text-based programming tools for young learners

The Raspberry Pi Foundation’s Code Editor helps make learning text-based programming simple for children aged 9 and up. Learn...

SWAdvertorial

More from this theme

DfE

DfE West Midlands regional director to retire

Andrew Warren to depart the DfE after five years

Jack Dyson
DfE

DfE worried about board ‘diversity’ over Collins appointment

Unearthed emails reveal civil servants' concerns non-exec board was 'all white men of a similar age'

Jack Dyson

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *