Flu jab email mishap exposes hundreds of students' personal data A clumsy data breach has affected hundreds of children at a Birmingham secondary school. The school said in an email to parents that students in Year 7, up to and including Year 11 (ages 11-16), had their names, gender, dates of birth, and their parents' contact details exposed via a spreadsheet mistakenly shared with other …
"the school sent an email ...
... contacting our management information ... and ensuring that the SMS message was removed and recalled."
...so, was it an e-mail or an SMS? And how do you "recall" an SMS (or a sent e-mail) ? Do they know what is the difference between the two ?
This is obviously "damage control in panic mode", but is also indicative of the knowledge (or lack of) about the systems they are supposed to use.
You would have to wonder whether their whole system might be more efficiently managed by a purely paper based system.
Send the the paper consent form home with the student or via snail mail. Personally with vaccinations make it opt out, consent by default. No one ever asked anyone when we got the polio vax and TB shots at school when I were a lad. ;)
My son's school managed to have the following communication channels in order of roll out without retiring any previous channel: paper, e-mail, news page on website (no notification), message via online portal (no notification) Classroom (notification to the children but no notification to parents), other homework websites, Instagram stories (just no), and a dedicated instant messenger app.
I didn't download the app, however the school cottoned on to the fact their spam was annoying parents and causing them to uninstall it, so only then did they start moving important communications to the app to make people install it again.
If schools really do care about children's screen time and social media use, they can start leading by example. E-mail or paper if it's a legal requirement, everything else is surplus to requirements.
Hmmm, and what are the permissions for the app? Run at startup, track your location, unfettered web access? Like that's not ripe for abuse.
Have you tried it on one of those fake-VPN firewall apps to see what it tries to connect to?
What is their recourse for people without smartphones (yes, it can happen, there are a few people at work younger than me that want nothing more than a solid Nokia that does calls and texts and runs for *days* on a single charge).
What, in fact, are the legal requirements giving that shoving a notification on an app is hardly going to pass as an appropriate level of communication for actually important matters?
What happened to 'take this letter home to your parents'?
Now this was a long time ago and the school was quite small but my primary school handed out a little booklet to every parent at the start of the year that had the names of every pupil, their class number, their parents names and parents contact details. Always seemed overkill!
"Now this was a long time ago and the school was quite small but my primary school handed out a little booklet to every parent at the start of the year that had the names of every pupil, their class number, their parents names and parents contact details. Always seemed overkill!"
It would have been pretty hard for an information mining company to get those little booklets and enter the contents into a paper database. These days with the Big Data companies, any personal information they can hoover up in digital format keeps the machine fed even if it's just empty calories. It's still scary if it means some third party has the school your child goes to, their phone number, their grade and teacher's name since that could be used in many bad ways.
Indeed, times have changed drastically since then. People didn't worry too much about their info being 'in the public domain' as there wasn't a huge number of companies desperate to profit from that info while also giving bad actors easy access.
It is either Switzerland who used to publish a book of EVERY car registration with the owner and contact details.
Both of my boys went to the same secondary school and parent communications was lamentable.
At first (2013) they used SharePoint with a custom app - whilst it had its issues (primarily a lack of teacher training on it), at least it was a single point of information.
Then they moved to an app by another company (can't recall off the top of my head) as well as switching to Facebook. The app itself was ok (again mostly problematic due to a lack of teacher training) but often they would put different information - sometimes even contradictory information - on each of them.
Then they added Twitter.
Then they swapped to another app but that had zero details in it. They eventually shut down their FB and Twitter accounts and moved to yet another hot mess of an app.
And between all of the options they had, they still didn't get it right. Often didn't send out the right information or in good time - and of course it was the parents' fault! I tried to explain, many times, to the many different headmasters and principals that if me, working in IT, found it a confusing, hot mess, then how about parents who don't work in IT?
I am amazed, given their decisions and the constant moving from one app to another etc that they didn't ever experience a breach.
