Legal Updates

Data Protection – Breach of Data Protection Act – Information Commissioner’s Office

The Information Commissioner’s Office (“ICO”) has found that Bay House School in Hampshire breached the Data Protection Act 1998.

The school’s website was hacked by a student after a member of staff used the same password to access both the website and the data management system. The school had advised against using duplicate passwords, but this was not checked.

As a result of the hacking, details of pupils, their parents and teachers were exposed. Examples of data stored on the data management system included names, addresses, photographs and sensitive information relating to medical history.

According to the ICO’s website, the school has agreed to sign an undertaking to ensure that all reasonable measures are taken to encrypt and separate sensitive and confidential information held on the school’s management system. The school will ensure that all of their staff understands the school’s guidance on the use of passwords. The school’s website will also be regularly tested to ensure that the personal information they hold remains secure.

How can we help?

RT Coopers are specialists in data protection and regularly advise individuals and organisations in this regard. We provide tailored advice to clients in a variety of sectors including, but not limited to:-

• Education:
  • Disclosing children’s details to organisations, e.g. social services, police.
• Local Authority
  • Data exchange between departments of local authority.
  • Disclosing employee information to organisations, e.g. police, anti-fraud.
• Healthcare
  • Sending patient details to doctor’s surgeries and local hospitals.
  • Sharing employee information between health authorities.

We also provide specific advice to organisations on the following:-

• Whether an organisation’s operations are compliant with the law by way of legal opinion and/or conducting due diligence;
• Reviewing and advising on data sharing operations or strategy;
• Drafting various agreements, including data sharing, data processing and joint data controller agreements;
• Ancillary legal considerations which should be taken into account (aside from data protection):

o   Confidentiality

o   Copyright

Visit http://www.rtcoopers.com/practice_dataprotection.php

© RT COOPERS, 2011. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances