Browse Sections

• Education
• Special reports

Data protection was breached at local school

by Stuart Greer
7/ 5/2008

RED-FACED council bosses have been forced to apologise to parents after a security breach allowed web access to data concerning their children.

The blunder enabled web users to see the full name, gender, admission number, school year and ethnic origin of 273 pupils of Werneth Infant and Nursery School via the school’s own intranet site.

On learning of the breach, the council closed the site and began checking all information on its school sites was secure.

A full investigation into the error has been promised, and the Information Commissioner’s Office (ICO) – responsible for regulating and enforcing the access to and use of personal information – has been made aware of the breach and could also launch an investigation.

The alarm was raised by a concerned member of the public who demonstrated to the Advertiser that by typing in a specific computer address, hosted on the authority’s internet servers, Werneth Infant and Nursery School’s intranet could be accessedby anyone without user authentication or security.

Within the site was a list of existing National Curriculum assessments of all three to seven-year-olds at the Coppice Street facility.

The source said: "The council has done some stupid things but hosting the names and data of infant school children on a website with no password or user authentication is potentially very dangerous."

Alun Francis, the council’s director for Children, Young People and Families, said: "On behalf of the council and the school I would like to apologise to parents for any upset caused and would like to reassure them that the authority and local schools take the issue of data protection very seriously.

"As soon as we became aware of this breach the school’s intranet site was closed down and an initial investigation identified that there was a fault with the system. This is currently being rectified.A full investigation is now underway to determine the cause of the fault and to ensure that no other school’s information is vulnerable."

He added that the council and schools have robust data protection policies and procedures to protect information about children and residents.

A spokesman for the ICO said the council has a responsibility to ensure adequate safeguards are in place and will begin an investigation if a formal complaint is made.