The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children.
An ICO investigation found that the DfE’s poor due diligence meant a database of pupils’ learning records was ultimately used by Trust Systems Software UK Ltd (trading as Trustopia), an employment screening firm, to check whether people opening online gambling accounts were 18.
The DfE has overall responsibility for the learning records service database (LRS), which provides a record of pupil’s qualifications that education providers can access. The ICO found the DfE continued to grant Trustopia access to the database when it advised the Department that it was the new trading name for Edududes Ltd, which had been a training provider.
Trustopia was in fact a screening company and used the database for age verification, a service they offered to companies including GB Group, which helped gambling companies confirm customers were over 18. This data sharing meant the information was not being used for its original purpose. This is against data protection law.
The ICO issued a reprimand to the DfE setting out clear measures it needs to action to improve its data protection practices so children’s data is properly looked after.
In June 2022, John Edwards, UK Information Commissioner, announced a new approach towards the public sector with the aim to reduce the impact of fines on the public. Had this new trial approach not been in place, the DfE would have been issued with a fine of over £10 million in this specific case.
Click below to share this article
