General Data Protection Regulation (GDPR) , Geo Focus: The United Kingdom , Geo-Specific

Using Student Data for Gambling Apps Is Bad, Says UK ICO

Office Reprimands Department, Says Fine Would Have Been Over 10 Million Pounds
Using Student Data for Gambling Apps Is Bad, Says UK ICO

The U.K. data watchdog reprimanded a government agency for allowing the unauthorized use of a database containing school records of teenagers by a firm verifying the age of online gamblers.

See Also: Expert Panel | Data Classification: The Foundation of Cybersecurity Compliance

The Information Commissioner's Office says the Department for Education violated the data protection law when it allowed screening company Trustopia to use the database for age verification purposes.

An investigation provoked by revelations over Trustopia's access published by The Sunday Times in 2020 revealed that the department had granted 12,600 organizations access to the national Learning Records Service database. That number is now shorter by 2,600 and no longer includes Trustopia, the ICO announced Sunday.

The Learning Records Service contains students' unique 10-digit numbers and tracks the learning records and qualifications of students from the age of 14. It holds the personal information of up to 28 million children and young people.

The reprimand does not include a fine, given a policy instituted in June excusing government agencies from monetary penalties on the grounds that fines create reduced services for citizens.

Without that policy in place, a fine of slightly more than 10 million pounds would have been appropriate, said Information Commissioner John Edwards.

The office says the Department for Education has strengthened the registration process for accessing the Learning Records Service but could do more to improve its transparency.

A departmental spokesperson said in a statement that it worked closely with the commissioner's office to ensure that misuse of the database doesn't reoccur. “We take the security of data we hold extremely seriously," the spokesperson said, vowing a fuller response in the coming months.

In 2020, then-Secretary of State for Education Gavin Williamson told Parliament that the incident occurred because "an education training organisation, in breach of its agreement with us, wrongly provided information on learners."

The commissioner's office said Trustopia dissolved during the course of the investigation, so regulatory action against it isn't possible.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.