Government watchdog alerted after pupils expose data protection blunder at Hampstead School
- Credit: Nigel Sutton
A school has reported itself to a government watchdog after a data protection blunder affecting hundreds of pupils was unearthed by the writers of a student website.
The personal details of more than 400 pupils were accidentally left in a shared folder on the school network at Hampstead School in Westbere Road, Cricklewood.
The admin error, which was the result of a botched mailshot, only came to light when it was discovered by The Hampstead Trash, a self-styled “satirical” blog run by pupils that is often critical of the school’s management.
The secondary, which has a “good” Ofsted rating, has reported the matter to the Information Commissioner’s Office, which can impose fines of up to £500,000 for data protection breaches.
The spreadsheet in question, which included names of pupils along with their parents’ names, addresses, phone numbers and in some cases emails, was available to every pupil at the school for nearly 18 months before anyone realised.
In a blog post published on Monday, an anonymous writer for The Hampstead Trash said it was “highly immoral” to leave personal details “susceptible to copying” and warned of potentially dire consequences.
You may also want to watch:
The blogger said: “Not only is the list available to copy by any student at Hampstead, the students and their parents could be vulnerable to possible blackmailers, who could have had access to the list.
“It is distressing that a school, that is trusted by members of society and children, who are legally entrusted with personal details, would be so lacklustre with such things.”
- 1 Burger King launches its first 'dark kitchen' for north London deliveries
- 2 Arrests made after reports of antisemitic abuse in St John's Wood
- 3 Residents bid farewell to Highgate Station’s beloved black cat
- 4 The Magdala returns as pubs and restaurants reopen indoors on May 17
- 5 Indian variant of Covid-19 - what's the situation in London?
- 6 Barnet councillor leaves Tory group over 'personal matter'
- 7 Zookeeper's sponsored swim as London Zoo reopens indoor areas
- 8 Lane closure scrapped after high pollution readings double
- 9 Singing in a choir can 'change the world and boost mental health'
- 10 Hampstead man jailed for pub 'revenge attack' on Jewish Tory barrister
The document has now been deleted, but the blogger added: “If we hadn’t intervened, it would be only a matter of time before someone, perhaps less mature with the information, would have got their hands on it.”
The school said the document was created in July 2012, but claimed nobody accessed the file until the bloggers did so.
A school spokesman said: “We take security of personal information very seriously and this is the first time that a data protection breach has occurred.
“We have reminded all existing staff of their responsibilities around data protection, and are carrying out refresher training.”