“Incompetent” council leaks details of students with special educational needs

Graham Cluley
@gcluley

"Incompetent" council leaks details of students with special educational needs

The good news: Central Bedfordshire Council in the UK responded to a Freedom of Information (FOI) request from parents campaigning for their children with special educational needs (SEND).

The bad news: Central Bedfordshire Council failed to properly redact the details of ‘dozens and dozens’ of pupils with special educational needs, publishing them on a public website.

Oh dear oh dear. Who needs hackers, eh? All you have to do is make a Freedom of Information Request…

Sign up to our newsletter
Security news, advice, and tips.

Campaigners for the Central Bedfordshire SEND Action Group were reportedly unimpressed:

Campaigners released a statement saying: “We were extremely concerned, yet unsurprised to learn about the data breach. It is the latest in a long history of incompetence and disregard for the law in relation to SEND families.

“This catastrophic mistake poses a particular safeguarding risk to fostered and adopted children and demonstrates the ongoing culture of negligence toward SEND children that has been ingrained at CBC for at least a decade.”

Central Bedfordshire Council apologised for the goof, and said it had reported the incident to the Information Commissioner’s Office. It also said it would be making changes to its procedures to avoid a repeat of the incident in the future.

Hopefully some appropriate staff training about the importance of protecting the private personal information of individuals will be one of the enhancements the council makes.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One comment on ““Incompetent” council leaks details of students with special educational needs”

  1. Martin

    I can report something similar. I requested by SAR some medical data for my Mum which I did with full consents from her and as her officially registered carer. When the GP disclosed the data, they'd decided that references to me as her carer were third party data so they redacted them by putting a thin, black biro line through them.

    There were some issues with this:-
    1) I don't think there is an issue with disclosing my own personal data to me.
    2) The context in which my data was included in Mum's records made it easily identifiable to me anyway.
    3) The black line was so thin, you could still read everything anyway.
    4) Oh and did I mention, took them 5 months to disclose it which earned them a breach from the ICO?

    Some organisations just haven't got the hang of this stuff !!

What do you think? Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.