BREAKING: Massive ERYC Breach of Kids’ Data on Eve of GDPR
By kind consent of East Riding of Yorkshire Councillor Andy STRANGEWAY [Ind.], the Enquirer shares with readers news of a massive breach of the new General Data Protection Regulation (GDPR) – which come into force tomorrow – by Driffield School, following an unauthorised circulation of hundreds of school childrens’ personal details.
Driffield School Major Data Breach
Ironically the document was attached to an email regarding the changes to Data Protection (GDPR).
First Email From Driffield School
Please find attached two extremely important documents regarding the changes to Data Protection (GDPR):
- Letter regarding the changes, please read carefully as we require an urgent response with regards to photo/video permissions for your son/daughter.
- Privacy Notice
Your urgent attention would be greatly appreciated.
Mr S Ratheram
Second Email From Driffield School
Just over an hour later parents/carers received a second email from Driffield School
“Dear Parent and Carer
We contacted you this afternoon via the InTouch system with the intention of sending a Privacy Notice for family and student information and a letter regarding photo consent. Unfortunately the office spreadsheet for returns for the letter was attached by mistake. We will now re-send the correct attachment.
We are very sorry for this mistake. Please be assured that whilst this information was sent out erroneously, it was limited to parents and carers and has not been shared with a wider audience. An investigation is currently under way and we will take any necessary remedial actions.
Please accept our sincere apologies for this.
Mr S Ratherham
I have copy of the full listing.
Given the obvious safeguarding issues I have referred the matter to Caroline Lacey, ERYC Chief Executive and Kevin Hall, ERYC Director of Children, Families and Schools requesting they address the breach as a matter of urgency.
In addition I have requested a meeting with Kevin Hall in County Hall tomorrow.