{"id":178,"date":"2011-08-08T18:46:54","date_gmt":"2011-08-08T18:46:54","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=178"},"modified":"2020-11-27T01:13:25","modified_gmt":"2020-11-27T01:13:25","slug":"schools-breach-data-protection-rules","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/","title":{"rendered":"Schools breach data protection rules"},"content":{"rendered":"<p>Today the <a title=\"Information Commissioners Office\" href=\"https:\/\/www.ico.org.uk\/\" target=\"_blank\" rel=\"noopener noreferrer\">Information Commissioner&#8217;s Office<\/a> announced a data protection act breach at the <a title=\"Bay House School - Hampshire\" href=\"https:\/\/bayhouse.gfmat.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bay House School<\/a> in Hampshire which placed data belonging to nearly 20,000 people at risk.<\/p>\n<p>Reading the ICO report, it appears this breach was the result of an attack on its website and the fact that members of staff re-used passwords for multiple systems.<\/p>\n<p><a title=\"Hampshire school breached data protection rules - ICO.gov.uk\" href=\"http:\/\/www.ico.gov.uk\/news\/latest_news\/2011\/hampshire_school_breached_data_protection_rules_08082011.aspx\" target=\"_blank\" rel=\"noopener noreferrer\">From the ICO website<\/a>:<\/p>\n<blockquote><p>The hack \u2013 which happened in March and involved one of the school\u2019s pupils \u2013 exposed pupils\u2019 names, addresses, photographs and some sensitive information relating to their medical history. Personal information relating to the pupils\u2019 parents and teachers was also compromised during the breach. The problem was identified shortly after the hack occurred and the security of the website was immediately restored. The school reported the breach to the ICO on 17 March.<\/p>\n<p>The ICO\u2019s investigation uncovered that the security of the school website had been compromised by a member of staff who had used the same password to access both the school\u2019s website and data management systems. This password was subsequently discovered during the original hacking incident and then used by a pupil to access other parts of the system. The school had advised staff to avoid the use of duplicate passwords; however, no checks were in place to make sure this policy was being followed.<\/p><\/blockquote>\n<p>The good news, for the school at least, is that the ICO has not issued a monetary fine at this time &#8211; however the school will have to undertake measures to provide significant improvements to its security.<\/p>\n<p>As a result of the <a title=\"Bay House School Undertaking - ICO\" href=\"http:\/\/www.ico.gov.uk\/news\/latest_news\/2011\/~\/media\/documents\/library\/Data_Protection\/Notices\/bay_house_school_undertaking.ashx\" target=\"_blank\" rel=\"noopener noreferrer\">Undertaking<\/a>, the school will have to implement appropriate measures to encrypt and segregate data, ensure staff awareness and carry out penetration tests on at least an annual basis.<\/p>\n<p>Now, all of this really is good practice and you would be right in thinking that anyone handling sensitive personal data (especially 20,000 records including the details of school children) would have already implemented this. We would certainly encourage any organisation which has personal data to do this.<\/p>\n<p>One important thing to bear in mind, is that it is always more cost effective to implement measures like this at the outset &#8211; design them in as part of a long term strategy &#8211; rather than wait until a breach forces you to act. Taking the proper measures in advance gives you much greater flexibility in how they are deployed, how they are resourced and most importantly saves you the inevitable reputational damage.<\/p>\n<p>Halkyn Consulting security team are always available to offer advice and guidance on how to best implement security controls to protect sensitive personal data. <a title=\"Contact Halkyn Security Consultants.\" href=\"http:\/\/www.halkynconsulting.co.uk\/contact\/contact-security-team\" target=\"_blank\" rel=\"noopener noreferrer\">Get in touch today<\/a> to see how we can help your business both comply with the law and properly safeguard the data people have entrusted into your hands.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today the Information Commissioner&#8217;s Office announced a data protection act breach at the Bay House School in Hampshire which placed data belonging to nearly 20,000 people at risk. Reading the ICO report, it appears this breach was the result of an attack on its website and the fact that members of staff re-used passwords for [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1875,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5,21],"tags":[24,38,16,6,140,18],"class_list":["post-178","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-security-risk-management","tag-data-protection","tag-european-union-data-protection","tag-government","tag-infosec","tag-security","tag-security-news","entry","has-media"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Schools breach data protection rules - Halkyn Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Schools breach data protection rules - Halkyn Security Blog\" \/>\n<meta property=\"og:description\" content=\"Today the Information Commissioner&#8217;s Office announced a data protection act breach at the Bay House School in Hampshire which placed data belonging to nearly 20,000 people at risk. Reading the ICO report, it appears this breach was the result of an attack on its website and the fact that members of staff re-used passwords for [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2011-08-08T18:46:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-11-27T01:13:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/08\/bay_house_school.png?fit=1107%2C428&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1107\" \/>\n\t<meta property=\"og:image:height\" content=\"428\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/\"},\"author\":{\"name\":\"Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2\"},\"headline\":\"Schools breach data protection rules\",\"datePublished\":\"2011-08-08T18:46:54+00:00\",\"dateModified\":\"2020-11-27T01:13:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/\"},\"wordCount\":466,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"Data Protection\",\"European Union Data Protection\",\"Government\",\"Information Security\",\"Security\",\"Security News\"],\"articleSection\":[\"Security\",\"Security Risk Management\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/\",\"name\":\"Schools breach data protection rules - Halkyn Security Blog\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2011-08-08T18:46:54+00:00\",\"dateModified\":\"2020-11-27T01:13:25+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Schools breach data protection rules\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security &amp; Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2\",\"name\":\"Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g\",\"caption\":\"Halkyn Security\"},\"description\":\"Halkyn Security Consultants.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\/\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/halkyn-consulting\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Schools breach data protection rules - Halkyn Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/","og_locale":"en_GB","og_type":"article","og_title":"Schools breach data protection rules - Halkyn Security Blog","og_description":"Today the Information Commissioner&#8217;s Office announced a data protection act breach at the Bay House School in Hampshire which placed data belonging to nearly 20,000 people at risk. Reading the ICO report, it appears this breach was the result of an attack on its website and the fact that members of staff re-used passwords for [&hellip;]","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/","og_site_name":"Halkyn Security Blog","article_published_time":"2011-08-08T18:46:54+00:00","article_modified_time":"2020-11-27T01:13:25+00:00","og_image":[{"width":1107,"height":428,"url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/08\/bay_house_school.png?fit=1107%2C428&ssl=1","type":"image\/png"}],"author":"Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@HalkynSecurity","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Halkyn Security","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/"},"author":{"name":"Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2"},"headline":"Schools breach data protection rules","datePublished":"2011-08-08T18:46:54+00:00","dateModified":"2020-11-27T01:13:25+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/"},"wordCount":466,"commentCount":0,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["Data Protection","European Union Data Protection","Government","Information Security","Security","Security News"],"articleSection":["Security","Security Risk Management"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/","name":"Schools breach data protection rules - Halkyn Security Blog","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2011-08-08T18:46:54+00:00","dateModified":"2020-11-27T01:13:25+00:00","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2011\/08\/schools-breach-data-protection-rules\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Schools breach data protection rules"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security &amp; Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2","name":"Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g","caption":"Halkyn Security"},"description":"Halkyn Security Consultants.","sameAs":["http:\/\/www.halkynconsulting.co.uk\/"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/halkyn-consulting\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/08\/bay_house_school.png?fit=1107%2C428&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-2S","jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=178"}],"version-history":[{"count":3,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/178\/revisions"}],"predecessor-version":[{"id":1876,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/178\/revisions\/1876"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media\/1875"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=178"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}