Advanced search

Breach of GDPR?

(14 Posts)
welshmum3 Mon 22-Jun-20 09:41:08

I received an email today from my child's school. It was sent 'To' me and one other parent, whose name and email address have now been seen by me, so I guessing she has now seen my name and email address. A staff member was CC'd in to the email.
It was a generic email in that it related to school and Covid 19, but outlined arrangements specific to our two children.
Is it a breach of GDPR that I now have access to this parent's name and email address and she has mine?
Just curious really - and wondering if the person who sent it is aware and whether I should alert them in case it happens again to other parents who do want to kick up a fuss.

OP’s posts: |
DamitJanet Mon 22-Jun-20 09:50:35

It is, but a minor breach and most likely a complete accident. No harm in mentioning it to them so they’re more careful in the future, but not worth making a big deal of it in my opinion. ((Unless there’s some really sensitive information in there maybe)

IgetlockeddownbutIgetupagain Mon 22-Jun-20 09:51:18

Yes, breach of GDPR, reply back to the original sender advising them as such and that you'd like reassurance that this will be addressed and not done in the future.

It's not a massive breach, but still, little trip ups here and there could allow complacency...

Pineapple1 Mon 22-Jun-20 09:57:14

They should have used BCC to send it to parents.

No harm though. Let them know and hope they don't do it again.

Wishforsnow Mon 22-Jun-20 09:59:38

Does it really matter? In many schools you get issued a whole class list with parents info

rainbowunicorn Mon 22-Jun-20 10:04:09

Yes it is a breach. I would disagree that it is minor though. You have stated in your post that it was information specific to your child and th eother parent's child. While this information may be the same for both children it is obviously different / additional information to what the rest of the parents got for their children.
This would suggest that perhaps there are some SEN or other vulnerabilities involved (forgive me if I have made this assumption wrongly). If this is the case then two seperate emails should have been sent. Just because the two children may have the same arrangements the fact that these arrangements are different to the rest of the school body means that they should be kept confidential.
Also your email address should not be shared so this is a breach of your personal data however minor.

welshmum3 Mon 22-Jun-20 10:35:30

Thanks to all who replied - some helpful advice. It's not something I want to make a 'big deal out of', but I was just wondering if it was something I should gently alert them to.

OP’s posts: |
rainbowunicorn Mon 22-Jun-20 10:49:53

@welshmum3 I would make them aware so that they can offer training to the staff, just point out the error without making it a formal complaint.

cabbageking Mon 22-Jun-20 10:57:37

Accidents happen but it is what they do to address the error that is important. Let them know so they can make the system tighter and stop more personal data being shared.

Suze1621 Mon 22-Jun-20 12:17:44

I would make the school aware on case this is a wider issue and also to prevent the risk of more confidential information being emailed in this way.

Snigletted Mon 22-Jun-20 12:27:57

I wouldn't bother complaining and I'd keep the email and name. If you ever have any issues regarding the arrangements for your child, you can ask if they have the same!

We also are provided with a class list at the beginning of each school year, child's name and a phone number.

chomalungma Mon 22-Jun-20 12:59:32

We also are provided with a class list at the beginning of each school year, child's name and a phone number

Do the school ask for permission from parents to share that information? It looks like the kind of thing you should have to opt in to.

FinallyHere Mon 22-Jun-20 16:10:16

I'd absolutely mention this, in the first instance in an entirely supportive way. It might have been a mistake or the whole staff or maybe only some may not have twigged the implications of GDPR.

If no one mentions it, they have less chance of putting it right.

In this case, it may have been no harm done but there could easily be cases where that would not be the case. Much better to mention it now and give them a chance to put whatever is necessary in place to avoid any mistakes in future.

They should really be very grateful to you for taking the trouble to raise it with them.

Starbuggy Mon 22-Jun-20 16:18:42

Yes it’s a breach. But I would just politely let them know and ask them to use BCC in the future.

Join the discussion

Registering is free, quick, and means you can join in the discussion, watch threads, get discounts, win prizes and lots more.

Get started »