Dark
Light

UK ICO alerted after technical ‘issue’ exposed college files to student barristers

3 mins read
332 views

A technical issue at the Inns of Court College of Advocacy (ICCA) led to a significant data breach, allowing students to access sensitive files containing personal information of nearly 800 current and potential students. This breach exposed email addresses, phone numbers, educational records, ID images, health information, and other private details. The college promptly reported the incident to the UK Information Commissioner’s Office (UK ICO) and took immediate action to secure the compromised files. The ICCA assured that no financial or log-in details were accessed and obtained written agreements from affected students to keep the information confidential. Despite the breach, the college determined that the incident did not pose a high risk to individuals’ rights and freedoms. However, in compliance with GDPR, they notified the ICO and those whose data was confirmed to have been viewed. This incident underscores the importance of stringent data security measures and adherence to GDPR requirements to protect personal information and maintain trust in educational institutions.

UK ICO: Student Data Exposure Due to Technical Issue

After what the college has referred to as a “technical issue,” students at an elite college for barristers were allowed to access files containing data on hundreds of other existing and potential students.

The Information Commissioner’s Office ( ICO ) has been informed of a breach that allowed sensitive college files to be accessible to students on the college website by the Inns of Court College of Advocacy ( ICCA ), which provides training to aspiring barristers.

Some college students were able to access files containing nearly 800 students ‘ personal and sensitive information, including more than 440 specific email addresses.

Students at the college had access to personal information due to the breach, including email addresses and phone numbers as well as educational information like exam results and past institutions they had attended.

Additionally, the students had access to ID images, student ID numbers, and private information like health records, visa status, or whether or not they were expecting or already had children.

The ICCA provides a year-long training program for aspiring barristers that combines online learning, in-person instruction, and self-study. The first half of the college’s two-part course is “delivered fully online,” according to its website.

Andy Russell, the director of operations for the ICCA, told Computer Weekly that “certain students” could access files that should only be accessible to staff due to an undefined “technical issue.” According to him, the college requested written agreements promising never to divulge the information to anyone else who had access to the files.

ICCA Security Incident: Personal Information Leak and GDPR Compliance Breach

How many students have been able to access the files so far was never confirmed by the college.

According to Russell,” The ICCA experienced a data breach in August 2023.” Some registered students who submitted search requests in their [email&nbsp, protected ] email accounts were returned with results that included some files from the ICCA’s staff-only SharePoint site due to a complex issue.

” Action was taken right away to secure the damaged files as soon as the issue was known,” he continued.

Additionally, the Information Commissioner’s Office has stated that it was made aware of the breach and is thinking about what to do next.

The Council of the Inns of Court has informed us of an incident, and we are evaluating the information provided, according to an ICO spokesperson.

According to Russell, the data breach was contained within the college and did never put the rights and freedoms of the impacted individuals at “high risk.”

He stated that” The ICCA thoroughly investigated the breach and confirmed that no financial information or log-on/password information was accessed.”

Transparency and GDPR Compliance Efforts

Although some files were accessed by a very modest number of ICCA students, it has been determined that no specific data was shared outside of our institution, according to Russell. We got in touch with the students who did access the files and got written guarantees from them that any information they might have seen was private and would never be.

The ICCA” completed a detailed risk assessment once the full facts of the breach were established and after consulting with physical IT and GDPR experts,” he said.

Russell continued by saying that after conducting the necessary tests, it was determined that the situation did not pose a significant threat to the “rights and freedoms” of those affected.

However, he added,” In the interest of transparency and candor, the ICCA actively informed all those whose data had been viewed of the breach’s specifics.”

GDPR Compliance Concerns: Ambiguity Surrounding Notification of Student Data Exposure

According to Computer Weekly, the college’s claim that the data breach did certainly present a “high risk” meant that it was not required to notify all students whose data had been compromised.

The college was required to contact the ICO under the General Data Protection Regulation ( GDPR ) rather than all individuals whose data may have been viewed.

According to him,” The college has stated that it has yet notified those whose data it is informed were “viewed.”

However, since the college has only stated that the breach’s nature was a “technical issue,” it is impossible to tell if this means that all of the people whose data had been accessed have been reached.

Matthew Boyle

Matthew Boyle is a distinguished Smart City Consultant, renowned for his expertise in IoT (Internet of Things) and cutting-edge urban technology solutions. With a deep understanding of Smart City initiatives, Matthew excels in leveraging IoT innovations to transform urban landscapes into efficient, sustainable, and connected environments. His strategic insights and hands-on experience in urban planning, data analytics, and IoT implementation make him a trusted expert in the field. Matthew Boyle is your go-to consultant for navigating the complex world of Smart Cities, ensuring seamless integration of IoT technologies, and unlocking the potential of data-driven urban solutions. With his guidance, your city can thrive in the digital age, enhancing quality of life and fostering a sustainable future.

Leave a Reply

Your email address will not be published.

Previous Story

Data mining and the digital transformation

Next Story

UK Privacy Regulator Issues Black Friday Smart Device Warning

Latest from Other

Don't Miss