Video: How does data blunder affect battle against Covid-19? (PA Media)
The Department for Education broke the law in its mishandling of the national database containing details of every school pupil in England, the Information Commissioner’s Office has concluded in a highly critical report.
The report marks the second time in less than a year that the DfE has been publicly rebuked by the privacy watchdog for failing to adhere to data protection laws.
After an investigation triggered by complaints from groups including Liberty, the ICO found that the DfE had failed to comply with sections of the general data protection regulation (GDPR). It said there was “no clear picture of what data is held by the DfE” and that its handling of millions of pupil records “could result in multiple data breaches”.
Related: Department of Education criticised for secretly sharing children’s data
“The audit found that data protection was not being prioritised and this had severely impacted the DfE’s ability to comply with the UK’s data protection laws,” the ICO said.
The audit lists more than 130 recommendations for the DfE to improve its data safeguarding, with 32 classed as urgent and 57 as high priority by the watchdog.
Sam Grant, the policy and campaigns manager of Liberty, said: “This report displays a shocking failure of privacy protections, which is dangerous for our rights.
“The type of data collected by the DfE can reveal a huge amount of sensitive personal information about us, and often about children and young people. The government has routinely misused this data to enforce cruel and oppressive policies like the hostile environment. This cavalier attitude to our personal information puts people, including the most marginalised, at risk.”
According to the ICO,