UK ICO alerted after technical ‘issue’ exposed college files to student barristers

2 mins read

After what the college has referred to as a “technical issue,” students at an elite college for barristers were allowed to access files containing data on hundreds of other existing and potential students.

The Information Commissioner’s Office ( ICO ) has been informed of a breach that allowed sensitive college files to be accessible to students on the college website by the Inns of Court College of Advocacy ( ICCA ), which provides training to aspiring barristers.

Some college students were able to access files containing nearly 800 students ‘ personal and sensitive information, including more than 440 specific email addresses.

Students at the college had access to personal information due to the breach, including email addresses and phone numbers as well as educational information like exam results and past institutions they had attended.

Additionally, the students had access to ID images, student ID numbers, and private information like health records, visa status, or whether or not they were expecting or already had children.

The ICCA provides a year-long training program for aspiring barristers that combines online learning, in-person instruction, and self-study. The first half of the college’s two-part course is “delivered fully online,” according to its website.

Andy Russell, the director of operations for the ICCA, told Computer Weekly that “certain students” could access files that should only be accessible to staff due to an undefined “technical issue.” According to him, the college requested written agreements promising never to divulge the information to anyone else who had access to the files.

a data breach

How many students have been able to access the files so far was never confirmed by the college.

According to Russell,” The ICCA experienced a data breach in August 2023.” Some registered students who submitted search requests in their [email&nbsp, protected ] email accounts were returned with results that included some files from the ICCA’s staff-only SharePoint site due to a complex issue.

” Action was taken right away to secure the damaged files as soon as the issue was known,” he continued.

Additionally, the Information Commissioner’s Office has stated that it was made aware of the breach and is thinking about what to do next.

The Council of the Inns of Court has informed us of an incident, and we are evaluating the information provided, according to an ICO spokesperson.

According to Russell, the data breach was contained within the college and did never put the rights and freedoms of the impacted individuals at “high risk.”

He stated that” The ICCA thoroughly investigated the breach and confirmed that no financial information or log-on/password information was accessed.”

written commitments

Although some files were accessed by a very modest number of ICCA students, it has been determined that no specific data was shared outside of our institution, according to Russell. We got in touch with the students who did access the files and got written guarantees from them that any information they might have seen was private and would never be.

The ICCA” completed a detailed risk assessment once the full facts of the breach were established and after consulting with physical IT and GDPR experts,” he said.

Russell continued by saying that after conducting the necessary tests, it was determined that the situation did not pose a significant threat to the “rights and freedoms” of those affected.

However, he added,” In the interest of transparency and candor, the ICCA actively informed all those whose data had been viewed of the breach’s specifics.”

GDPR requirements

According to Computer Weekly, the college’s claim that the data breach did certainly present a “high risk” meant that it was not required to notify all students whose data had been compromised.

The college was required to contact the ICO under the General Data Protection Regulation ( GDPR ) rather than all individuals whose data may have been viewed.

According to him,” The college has stated that it has yet notified those whose data it is informed were “viewed.”

However, since the college has only stated that the breach’s nature was a “technical issue,” it is impossible to tell if this means that all of the people whose data had been accessed have been reached.

Matthew Boyle

Matthew Boyle is a distinguished Smart City Consultant, renowned for his expertise in IoT (Internet of Things) and cutting-edge urban technology solutions. With a deep understanding of Smart City initiatives, Matthew excels in leveraging IoT innovations to transform urban landscapes into efficient, sustainable, and connected environments. His strategic insights and hands-on experience in urban planning, data analytics, and IoT implementation make him a trusted expert in the field. Matthew Boyle is your go-to consultant for navigating the complex world of Smart Cities, ensuring seamless integration of IoT technologies, and unlocking the potential of data-driven urban solutions. With his guidance, your city can thrive in the digital age, enhancing quality of life and fostering a sustainable future.

Leave a Reply

Your email address will not be published.

Previous Story

Data mining and the digital transformation

Next Story

UK Privacy Regulator Issues Black Friday Smart Device Warning

Latest from Other

The evolution of petrolithium

Brent Wilson, CEO of Galvanic Energy, looks at the development and history of petrolithium exploration. Petrolithium: What is it? With the development of the electric vehicle (EV), lithium has come…

Don't Miss