School Data Security Incidents Increase After GDPR Implementation

School Data Security Incidents Increase After GDPR Implementation

The number of data security incidents reported by the education sector in the U.K. increased by more than 43 percent after the implementation of the General Data Protection Regulation (GDPR), reports Schools Week.

  • By Jessica Davis
  • December 20, 2018

The number of data security incidents reported by the education sector in the U.K. increased by more than 43 percent after the implementation of the General Data Protection Regulation (GDPR), reports Schools Week.

According to the Information Commissioner’s Office (ICO), there was an increase in reports of incidents of disclosure issues—which involve the accidental sharing of sensitive data—and cyber-attacks between July and September 2018. Overall, the number of data reported security incidents in the education sector increased by 355 in the second quarter of 2017-2018 to 511 in the same period this year.

This is the first data to be released since the implementation of the GDPR this May. GDPR require schools to be more transparent about the data they have about their students, and respond more quickly to requests for copies of that data. Schools must also have a data protection officer in place.

Common disclosure issues include the loss or theft of data or paperwork, information sent to the wrong person via email and accidental verbal disclosure.

The increase in disclosure reports is likely caused by GDPR and work by the ICO to raise awareness, said Mark Orchison, a consultant whose firm 9ine works with schools on data protection.

“Schools are now actually aware of what data breaches are and are reporting these to demonstrate compliance with the law,” Orchison said.

Orchison is concerned about an increase in cyber-attacks on schools, saying that schools “don’t have the internal expertise” on cybersecurity and “haven’t got the skills to understand the risks or what to do when it happens.”

“Schools are seen as an easy target,” he said. “Sending false invoices, for example, is easy money.”

The U.K. government recently published new draft guidance for schools about security, including cybersecurity. The draft guidance advises schools to create firewalls and internet gateways to “prevent unauthorized access to or from private networks.” Schools are also advised to use secure configuration, access level controls and malware and virus controls.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

  • Gun Violence Report Finds Retail Spaces, K-12 Schools Most Targeted

    ZeroEyes, the creators of the only AI-based gun detection video analytics platform that holds the U.S. Department of Homeland Security SAFETY Act Designation, today announced the release of its annual Gun Violence Report, offering a deep dive into the landscape of gun-related incidents across the United States. This analysis extends beyond mass fatality events, providing a more nuanced understanding of when, where, and why shootings occur. Read Now

  • Cybersecurity is An Overlooked Threat on K-12 Campuses

    Improving physical security on K-12 campuses is always at the top of mind for decision makers like principals, superintendents, and many others with a focus on surveillance cameras, access control, and emergency drills. But cybersecurity something that needs as much scrutiny as in today’s digital landscape. Read Now

    • Communication

  • Four Fathers Stop School Shooter at Weekend Band Competition in Texas

    An 83-year-old man allegedly injured one during a school shooting at a band competition in a Houston suburb. According to a Facebook post by the Pasadena Police Department, the shooting happened after 6 p.m. at Pasadena Memorial High School on Saturday. Read Now

  • Tennessee School Shooter Partially Livestreamed Attack that Killed One

    The school shooter who killed one during an attack in Nashville, Tenn. partially livestreamed the attack. Read Now

Most   Popular