Student Data breaches in IOM High Schools - further data required
| Authority | Department of Education, Sport and Culture |
|---|---|
| Date received | 2018-09-20 |
| Outcome | Some information sent but not all held |
| Outcome date | 2018-10-12 |
| Case ID | 603466 |
Summary
The request sought details on student data breaches in Isle of Man high schools, specifically regarding Castle Rushen High School. The authority disclosed a single incident from the 2013/14 academic year involving lost meeting notes containing one pupil's name, noting that no disciplinary action was taken as the responsible staff member had already left.
Key Facts
- The breach occurred at Castle Rushen High School during the 2013/14 academic year.
- The nature of the breach was meeting notes found outside the school containing the name of one pupil.
- An investigation determined the breach resulted from an error in the records management/destruction process.
- No disciplinary action was taken against the staff member responsible because they were no longer employed by the school.
- The parent of the affected pupil was informed after they alerted the school to the discovery of the notes.
Data Disclosed
- 2013/14
- one pupil
- 20 September 2018
- 12th October 2018
- 603466
- 577533
Original Request
Regarding the FoI request on how many times student data has been breached (reference FOI request 577533 - original question: 'Please state how many times student data was breached by Isle of Man high schools' staff over the last five years.'), please state at which school or schools this occurred and what year this breach occurred. Please also state the nature of the breach (what type of information was breached and how many students did this affect/were affected) and whether any action was taken by the school(s) and by the Department of Education Sport and Culture on the staff responsible. If any action was taken, please state the nature of the action taken. Lastly, please state whether parents were informed about the breach and if so, how long after the breach occurred were they notified (total days).
Data Tables (1)
Data Tables (reformatted)
| Question | Answer |
|---|---|
| Please state at which school this breach occurred. | Castle Rushen High School. |
| Please state what year this breach occurred. | 2013/14 academic year. |
| Please state the nature of the breach (what type of information was breached and how many students did this affect/were affected). | Notes taken at an in-school meeting were found outside the school. The notes were not from a meeting about a student but rather a provision within the school and the staff in the relevant area but they did include the name of one pupil. |
| Whether any action was taken by the school(s) and by the Department of Education Sport and Culture on the staff responsible? | The school subsequently conducted an extensive investigation and identified that the breach arose from an omission or error by a staff member in the records management/destruction process at the time. After completion of the investigation process it was identified that the person responsible for the omission/error had since left the school. Therefore no action was taken against the staff member as they were no longer employed by the school. |
| If any action was taken, please state the nature of the action taken. | An apology was made by the school to the pupil's parent. |
| Please state whether parents were informed about the breach and if so, how long after the breach occurred were they notified (total days). | The parent of the pupil named alerted the school to the fact that the notes had been found. |
Full Response Text
Corporate Services Division Department of Education, Sport and Culture Hamilton House Peel Road, Douglas IM1 5EZ Telephone: (01624) 685808 Website: www.gov.im/dec Email: dec@foi.gov.im Our ref: 603466 12th October 2018
Dear ###
We write further to your request which was received on 20 September 2018 and which states:
"Regarding the FoI request on how many times student data has been breached (reference FOI request 577533 - original question: 'Please state how many times student data was breached by Isle of Man high schools' staff over the last five years.'), please state at which school or schools this occurred and what year this breach occurred. Please also state the nature of the breach (what type of information was breached and how many students did this affect/were affected) and whether any action was taken by the school(s) and by the Department of Education Sport and Culture on the staff responsible. If any action was taken, please state the nature of the action taken. Lastly, please state whether parents were informed about the breach and if so, how long after the breach occurred were they notified (total days)."
I have detailed below the information that is held. Please state at which school this breach occurred. Castle Rushen High School. Please state what year this breach occurred. 2013/14 academic year. Please state the nature of the breach (what type of information was breached and how many students did this affect/were affected). Notes taken at an in-school meeting were found outside the school. The notes were not from a meeting about a student but rather a provision within the school and the staff in the relevant area but they did include the name of one pupil. Whether any action was taken by the school(s) and by the Department of Education Sport and Culture on the staff responsible? The school subsequently conducted an extensive investigation and identified that the breach arose from an omission or error by a staff member in the records management/destruction process at the time. After completion of the investigation
process it was identified that the person responsible for the omission/error had since left the school. Therefore no action was taken against the staff member as they were no longer employed by the school. If any action was taken, please state the nature of the action taken. An apology was made by the school to the pupil’s parent. Please state whether parents were informed about the breach and if so, how long after the breach occurred were they notified (total days)." The parent of the pupil named alerted the school to the fact that the notes had been found. Please quote the reference number 603466 in any future communications.
Your right to request a review
If you are unhappy with this response to your freedom of information request, you may ask us to carry out an internal review of the response, by completing a complaint form and submitting it electronically or by delivery/post.
An electronic version of our complaint form can be found by going to our website at https://services.gov.im/freedom-of-information/Review . If you would like a paper version of our complaint form to be sent to you by post, please contact me and I will be happy to arrange for this. Your review request should explain why you are dissatisfied with this response, and should be made as soon as practicable. We will respond as soon as the review has been concluded.
If you are not satisfied with the result of the review, you then have the right to appeal
to the Information Commissioner for a decision on;
1. Whether we have responded to your request for information in accordance with
Part 2 of the Freedom of Information Act 2015; or
2. Whether we are justified in refusing to give you the information requested.
In response to an application for review, the Information Commissioner may, at any
time, attempt to resolve a matter by negotiation, conciliation, mediation or another
form of alternative dispute resolution and will have regard to any outcome of this in
making any subsequent decision.
More detailed information on your right to a review can be found on the Information
Commissioner’s website at www.inforights.im.
Should you have any queries concerning this letter, please do not hesitate to contact
me.
Further information about freedom of information requests can be found at
www.gov.im/foi.
I will now close your request as of this date.
Yours sincerely
Freedom of Information Coordinator