Student loan company rapped after data breaches
28 May 2014 12:28 PM
TheInformation
Commissioner’s Office (ICO) has criticised the Student Loans Company
Limited after a series of data breaches involving customers’
records.
The business reported several
incidents where information held about customers, including medical details and
a psychological assessment, had been sent to the wrong people.
An ICO investigation found that
not enough checks were carried out when documents were being scanned to add to
customer accounts, and more sensitive documents actually received fewer
checks.
ICO Head of Enforcement, Stephen
Eckersley, said:
“For the majority of
students, the Student Loans Company represents a crucial service that they rely
on to fund their studies. Students are obliged to provide personal information
to the loans company, both while they receive the loan and in the years when
they are paying it back, and they are right to expect that information to be
properly looked after.
“Our investigation showed
that wasn’t happening. We’ve spoken with the company and made clear
that changes need to be made, and a formal undertaking is now in
place.”
The Student Loans Company
Ltd has signed an
undertaking committing the organisation to ensure proper checks are
carried out before correspondence is sent out, as well making staff better
aware of its data protection policy.
Notes to
Editors
1. The Information
Commissioner’s Office upholds information rights in the public interest,
promoting openness by public bodies and data privacy for
individuals.
2. The ICO has specific
responsibilities set out in the Data Protection Act 1998, the Freedom of
Information Act 2000, Environmental Information Regulations 2004 and Privacy
and Electronic Communications Regulations 2003.
3. The ICO is on Twitter, Facebook and LinkedIn, and produces a
monthly e-newsletter.
4. Anyone who processes personal
information must comply with eight principles of the Data Protection
Act, which make sure that personal information is:
- Fairly and lawfully
processed
- Processed for limited
purposes
- Adequate, relevant and not
excessive
- Accurate and up to
date
- Not kept for longer than is
necessary
- Processed in line with your
rights
- Secure
- Not transferred to other
countries without adequate protection
5. If you need more information,
please contact the ICO press office on 0303 123 9070.