article thumbnail

The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand

Hunton Privacy

On November 2, 2022, the ICO issued to the UK Department for Education (“ DfE ”) a formal reprimand following an investigation into the sharing of personal data stored on the Learning Records Service (“ LRS ”), a database which provides a record of pupils’ qualifications that the DfE has overall responsibility for.

Education 102
article thumbnail

When are schools required to report personal data breaches?

IT Governance

Under the GDPR (General Data Protection Regulation) , all personal data breaches must be recorded by the organisation and there should be a clear and defined process for doing so. In this blog, we take a look at the scenarios in which data protection breaches in schools must be reported. How to avoid data breaches.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Colorado Warns Ransomware Attack Caused Massive Data Breach

Data Breach Today

Information From 2004 to 2020 Exposed for High School Students, Teachers and Others Colorado's Department of Higher Education is warning that it suffered a ransomware attack in June, in which attackers stole personal data on current and past students and teachers, dating from 2004 to 2020.

article thumbnail

Personal Data and docs of Swiss town Rolle available on the dark web

Security Affairs

This group focuses on public school districts and other educational institutions, like other ransomware gangs it implements a double extortion model and publishes data stolen from the victims on a data leak site. The post Personal Data and docs of Swiss town Rolle available on the dark web appeared first on Security Affairs.

article thumbnail

GDPR: How the definition of personal data has changed

IT Governance

On 25 May 2018, the EU’s GDPR (General Data Protection Regulation) superseded the UK’s DPA (Data Protection Act) 1998. With the Regulation expanding the definition of personal data, many organisations were uncertain as to what the new definition includes. The scope of personal data.

article thumbnail

CIPL Submits Comments on Irish DPC’s Guidance on Safeguarding Personal Data of Children

Hunton Privacy

The Draft Guidance, issued on December 20, 2020, adds to a growing body of work carried out by regulators, including the UK Information Commissioner’s Office (“ICO”) in their Code of Practice for Age Appropriate Design for Online Services (the “ICO Age Appropriate Code”).

article thumbnail

Two FTC complaints that over-retention of personal data violates Section 5

Data Protection Report

In both cases, the FTC’s complaint alleged that the companies retained personal data for longer than was necessary, and that conduct violated Section 5 of the Federal Trade Commission Act as an unfair act or practice. Under the proposed consent orders, both companies do not confirm or deny the allegations.