The Information Commissioner’s Office (ICO) has slammed the Student Loans Company (SLC) after a number of data breaches compromised customer records.
SLC has reported numerous instances where the huge amounts of personal information about students past and present, including medical details and psychological assessments, has been sent to the wrong people.
The ICO – which attempts to uphold information rights in the public interest - decided to investigate the organisation, finding that not enough checks were carried out when documents were being scanned and added to customer accounts.
It was also found that more sensitive documents actually received fewer checks than those less so.
Stephen Eckersley, head of enforcement at ICO, claims that the organisation needs to be looking after the data it holds more carefully.
“Students are obliged to provide personal information to the loans company, both while they receive the loan and in the years when they are paying it back and they are right to expect that information to be properly looked after,” Eckersley said.
“Our investigation showed that wasn’t happening. We’ve spoken with the company and made clear that changes need to be made,” he added.
As a response to ICO finding that it had not properly looked after personal data, SLC has signed a formal undertaking, committing it to ensure proper checks are carried out.
These include making staff better aware of the organisation’s data protection policy and ensuring all correspondence is thoroughly checked before it is sent out.
Security measures must also be in place to ensure data is protected against unlawful or unauthorised processing and accidental loss, destruction or damage.