School caned for losing 20K details
A Hampshire school has been criticised for losing nearly 20,000 people's personal details.
Back in March, Bay House School lost personal details, names, addresses, photographs and some medical information on 7,600 pupils along with details of teachers and parents. In total just under 20,000 people were hit.
An administrator used the same password for the school's website and data management system.
A pupil found out the password while hacking the school website, and then used the same password to get into other databases.
The Information Commissioner's Office said it was important to use different passwords.
The ICO said it was pleased the school had agreed to improve procedures including encrypting information and separating systems. ®
Our policy is
Share your password with anyone and we break your thumbs.
We have to break more teacher thumbs than pupil thumbs though.
I'd like to see actual punishment for these types of problems.
Too often the "organisation" is "criticised" - big whoop. It should be the individual who is penalised; they are the ones in the position of responsibility to secure and protect the data in their charge.
If you're a sysad and you can't even use a complex password yourself, you don't deserve the job.
Fining places like this (and the NHS, quango's, train companies, etc.) doesn't work, because they just recoup their "loss" through higher fares or taxes...
My partner is a schoolteacher. The password on his school laptop is
"password". He says that this is school policy because "the laptops are school property and any teacher can use any laptop".