School Data Security Incidents Increase After GDPR Implementation

School Data Security Incidents Increase After GDPR Implementation

The number of data security incidents reported by the education sector in the U.K. increased by more than 43 percent after the implementation of the General Data Protection Regulation (GDPR), reports Schools Week.

The number of data security incidents reported by the education sector in the U.K. increased by more than 43 percent after the implementation of the General Data Protection Regulation (GDPR), reports Schools Week.

According to the Information Commissioner’s Office (ICO), there was an increase in reports of incidents of disclosure issues—which involve the accidental sharing of sensitive data—and cyber-attacks between July and September 2018. Overall, the number of data reported security incidents in the education sector increased by 355 in the second quarter of 2017-2018 to 511 in the same period this year.

This is the first data to be released since the implementation of the GDPR this May. GDPR require schools to be more transparent about the data they have about their students, and respond more quickly to requests for copies of that data. Schools must also have a data protection officer in place.

Common disclosure issues include the loss or theft of data or paperwork, information sent to the wrong person via email and accidental verbal disclosure.

The increase in disclosure reports is likely caused by GDPR and work by the ICO to raise awareness, said Mark Orchison, a consultant whose firm 9ine works with schools on data protection.

“Schools are now actually aware of what data breaches are and are reporting these to demonstrate compliance with the law,” Orchison said.

Orchison is concerned about an increase in cyber-attacks on schools, saying that schools “don’t have the internal expertise” on cybersecurity and “haven’t got the skills to understand the risks or what to do when it happens.”

“Schools are seen as an easy target,” he said. “Sending false invoices, for example, is easy money.”

The U.K. government recently published new draft guidance for schools about security, including cybersecurity. The draft guidance advises schools to create firewalls and internet gateways to “prevent unauthorized access to or from private networks.” Schools are also advised to use secure configuration, access level controls and malware and virus controls.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.