Earlier today Driffield school put 1,377 children at risk by sending a list of every child at the school. The information included the childs first name, surname, year group and form.
Ironically the document was attached to an email regarding the changes to Data Protection (GDPR).
First Email From Driffield School
Please find attached two extremely important documents regarding the changes to Data Protection (GDPR):
- Letter regarding the changes, please read carefully as we require an urgent response with regards to photo/video permissions for your son/daughter.
- Privacy Notice
Your urgent attention would be greatly appreciated.
Mr S Ratheram
Second Email From Driffield School
Just over an hour later parents/carers received a second email from Driffield School
“Dear Parent and Carer
We contacted you this afternoon via the InTouch system with the intention of sending a Privacy Notice for family and student information and a letter regarding photo consent. Unfortunately the office spreadsheet for returns for the letter was attached by mistake. We will now re-send the correct attachment.
We are very sorry for this mistake. Please be assured that whilst this information was sent out erroneously, it was limited to parents and carers and has not been shared with a wider audience. An investigation is currently under way and we will take any necessary remedial actions.
Please accept our sincere apologies for this.
Mr S Ratherham
I have copy of the full listing.
Given the obvious safeguarding issues I have referred the matter to Caroline Lacey, ERYC Chief Executive and Kevin Hall, ERYC Director of Children, Families and Schools requesting they address the breach as a matter of urgency.
In addition I have requested a meeting with Kevin Hall in County Hall tomorrow.