In December 2022, a Devon school trust suffered a significant data breach that exposed the sensitive personal information of staff members to unauthorised access. While details of the breach remain limited, it has been reported that both staff and students were able to access a range of personal data relating to teachers employed by the trust, including their addresses and ID documents.
The trust in question, Dartmoor Multi Academy Trust (DMAT), has confirmed the data breach took place and stated they have begun an internal investigation. The incident has also been reported to the Information Commissioner’s Office (ICO), the UK’s independent regulatory office for data protection.
This incident is one of a number of recent cases in which schools have suffered significant data breaches leading to highly sensitive information being exposed. It clearly demonstrates the ongoing risks that we all face when it comes to keeping our data safe and secure, as well as the potentially harmful consequences of losing control of our data.
Details of the Devon schools data breach
The incident was first reported on the local news website Devon Live on December 12th 2022. According to the report, the breach had occurred the previous week, and resulted from a Microsoft Teams site being unintentionally made accessible to both staff and students.
According to an unnamed source quoted by Devon Live, the site contained sensitive personal information relating to teachers employed by DMAT. This included:
- Health details
- Criminal convictions
- ID documents
While it is not clear exactly how many teachers were affected, the trust itself employs more than 850 staff.
Needless to say, this is particularly sensitive information with the potential to cause serious repercussions. Those affected could be exposed to identity fraud, reputational damage, loss of earnings, and a range of other potential damages.
In a statement, DMAT stressed that they “remain fully committed to the safety, security and privacy of our students, families and staff” and noted that “any of those with specific individual concerns are able to contact the Trust directly with any questions”.
The UK’s data protection regulations
This incident is a powerful reminder of just how much personal data we share with our employer and other organisations, much of which we would not want to be widely shared. Unfortunately, it is increasingly difficult to ensure our data is fully protected, whether this be from accidental exposure or from the deliberate attacks of cyber-criminals.
However, it’s important to be aware that there are regulations in place to help keep your data safe. The Data Protection Act (DPA) 2018 and the UK General Data Protection Regulation (GDPR) are designed to ensure that any organisations storing or processing personal data are held to a high standard of data security.
Among other requirements, organisations must protect your data from unauthorised access. If they fail to do so, you are entitled to seek compensation to offset any damages you may have experienced as a result.
HNK Solicitors can support your data breach claim
If you have been the victim of a data breach, it’s important to consider seeking compensation to help you move past the incident. But in order to have the best chance of getting the result you deserve, you’ll need the support of experienced data protection solicitors with detailed knowledge of the relevant legislation.
Here at HNK Solicitors, our expert team have support a wide range of clients with their data breach claims – take a look at our case studies page to see some of our recent successes. We also offer free consultations, so if you’d like to discuss a potential claim, get in touch today. If we do think you’re owed compensation, we can offer to take up your claim on a no-win, no-fee basis.