19 October, 2018
In July 2018, the ICO formally acknowledged a data breach involving the Capita SIMS system. The data breach affected a number of schools who use their services. The report to the ICO was made pursuant to the GPDR, which came into force on 25 May 2018, which confirms that controllers have an obligation to report data security breaches to the ICO unless there is unlikely to be a risk to individuals.
The ICO explained that Capita took steps to update schools in relation to the breach and to help them identify if their data has been involved. It would be advisable for any school using Capita's services to establish if they have been affected by the breach, and if so, assess which pupils' data have been affected and how.
If your school has been affected by the incident and you have enough information to establish that there may be a risk to your pupil, parents or carers, you should report the breach to the ICO. If you are unsure as to whether there may be a risk, you can contact our Education Team at Forbes for further advice.