Breach of confidentiality

[Cheecheemonkey]

Can't believe I've received an email from a teacher accidentally attaching a risk assessment form for a recent overseas trip naming pupils and detailing their behavioural issues etc. My own son was named with another three as having possible emotional difficulties (he has Aspergers but no issues of behaviour only disbelief at others' behaviour!). Have obviously reported it to the highest level, but cannot believe this has happened.

Just need to offload really. Waiting for them to get back to me. Unbelievable.

[marriedinwhiteagain]

I could have told you the names of the five or six children in dd's year who were likely to be a cause for concern with respect to behaviour on an overseas trip at secondary school. I didn't need to be sent confidential information about it; the children's behaviour meant everyone knew who they were anyway.

Recently my GP sent me a letter and attached to it were referral letters for four other patients - I took them back to the GP and handed them back to the receptionist. Can't even remember the names and I certainly didn't read the letters in detail. It was an error.

[camptownraces]

"I in fact tried in the first instance to contact the teacher concerned, had no luck, and because I was concerned at a possible error in the system rather than human error (as this email had other anomalies) I let a deputy know in case this was duplicated and sent out to others (as my son's name is included I really don't want this circulated)."

So, the OP has reported the offending teacher to the deputy (head). OP was unable to contact the teacher concerned.

I'd guess the lovely teacher will be involved in disciplinary proceedings by now.

Chances are that she won't get involved in any kind of extra-curricular activity in future.

[tiredaftertwo]

My children's school uses password-protected emails for confidential information, but that would not have helped here. The emails arrived at their correct destination, but they had the wrong information attached. It is perfectly possible to set up a system for checking attachments by a second party.

If a company chooses not to protect its business information other than by a footer (no confidentiality clauses in contracts, no secure servers, no staff training?????), that is up to it, if it stays within the law.

I don't think those criticising the OP for reading on have read the first post: her own son was named in the attachment. She absolutely should have read on, to find what what personal information about him has been wrongly disseminated.

[ll31]

You need to raise it with school,in the interests of other pupils. It is a serious matter. Fact that it was a mistake doesn't alter that. Yanbu.

[Vivacia]

I know you say they are lovely, but I hope this teacher has learned their lesson and never, ever gets involved with offering your children extra-curricular opportunities such as a foreign trip again(!).

[BackforGood]

I agree with TeenandTween and DeWE - I can't believe your indignation at this mistake / human error, whilst clearly demonstrating that you read the whole document. Surely as soon as you realised it wasn't to do with your dc, you should have closed it straight away ?
Strikes me the teacher has made a mistake (about which I'm sure they will be mortified) but you have consciously chosen to read the confidential information that you could have left as confidential.

[Blissx]

Sorry, meant to say 'irrelevantelephant'!

[Blissx]

OP, this part of one of your posts did seem to be attacking teachers; "No I don't want anyone to lose their job or cause them to be off with stress (although that wouldn't be unusual), "

I hate to break I to you incredibleelephant, but schools do not use password protected email and there is no 'validation' in place to physically stop this from happening. My original question to the OP of, 'what measures would you want to see in place?' is a serious one and I think highlights just how technology has not caught up with personal data, (anyone worried about Google glasses?) I don't think posters are saying that this is ok to happen, just that, in the grand scheme of things, worst things can happen (and the OP is partly complicit in opening the attachment and reading it in the first place) based on the context of the situation given.

OP-you defended this by saying 'everyone would do it', but couldn't the same argument be used to say, 'everyone makes mistakes'? Or is it one rule for some.....?

[IrrelevantElephant]

The fact is, this WAS a breach of data protection, accidental or not. The information commissioner's office fines people for data breaches, including
£95,000 to Leeds City Council in Nov 2012 for sending information about a child in care to the wrong person.
£60,000 to Plymouth Council in Nov 2012 for the same reasons as above
£90,000 to Devon Council in Dec 2012 because a social worker sent the wrong report to the adoption panel
£70,000 to the London Borough of Lewisham in Dec 2012 because a social worker left her bag with confidential documents on a train.

Regardless whether it was a mistake or not, the school would be in huge trouble for not having better security measures in place. In this day and age, secure or password protected emailing is so simple, I hardly know of any bodies who deal with sensitive information relating to children who are still permitted to email.

I would definitely highlight this error to the Head or Chair of Governors, they need to be sure this won't happen again, to protect themselves as much as anything.

[DeWe]

But surely you opened the attachment, realised that it wasn't something for you and stopped reading?

I've received things in error, and you stop reading as soon as you realise it's not for your eyes, and alert the person who sent it to you.

Reading it all them then complaining that now you know XYZ is surely hypocritical.

[tiredaftertwo]

Shocked at some of these comments. The OP has not made it personal at all. I can't believe the casual attitude both to the law and safeguarding shown here. If a body has a legal and professional duty to do something and it fails to do that it is not up to the people affected to suggest solutions. The school needs proper professional advice on data protection. It is not some one man band being run out of a shed. Good luck in sorting it out OP.

[BeckAndCall]

Whilst it clearly was a mistake, that doesn't mean you don't alert them to the mistake!

There should be a 'confidential data handling policy', acknowledging the Data Protection act, which should have procedures to prevent this happening. If they don't know it's happened, and therefore that their procedures have broken down or not been followed, then how can they learn for the future.

It's not a question of complaining it's a question of reporting and allowing them to learn from mistakes and then amend their procedures.

[cory]

If it's the second time it's happened then I would suggest you point that out and suggest they may want to look over their procedures/training of staff.

As other posters have said, human error will happen. If human errors of the same kind happen repeatedly in an organisation, that is when they need to look over their procedures.

If pupils misbehaved repeatedly in one particular manner, the head would give a training assembly on that aspect. A training session for teachers in double-checking procedure might be the answer. Not naming and shaming, just working with reinforcing.

[Cheecheemonkey]

Of course they didn't intend to breach confidentiality, that is utter nonsense. However to say something is just human error doesn't alter the situation and there is quite obviously some room for mprovement. Do we stand back and accept that these sensitive and confidential documents occasional get sent out in error, or do we look at how to improve things?

I am not a computer geek but would happily and readily suggest preventative measures if I were. I am merely a lowly parent who would really prefer her children's private information not be accidentally sent to any Joe Bloggs.

No, for the record, I do not have expectations of perfection in all aspects of my life as life itself is imperfect. Why you should ask that is beyond me really. What I have said, and shall say for the last time is that children's personal and private data should be treated with the utmost care and caution. If mistakes happen then there is usually room for improvement or better training. If these issues go unreported then improvements may not be deemed necessary.

I shall leave it there as I am now more concerned at the ignorant and accusatory comments on this site than I was at the original issue.

[Ladymuck]

This sort of error happens in every type of organisation. It is simply human error. Until you get rid of the humans, you can only take some preventative steps but you can't guarantee this won't happen.

If there was an easy way to prevent this, then why don't you suggest it? The only one that I can think of is to essentially put a firewall around the school netwrok so that they cannot send any messages to anyone outside of the network including parents. Do you think that will improve things? It is how elements of the security forces work (where these breaches could cost lives). Whether any school could afford it is another matter.

Do your expectations of perfections extend to all aspects of life?

There seems to have been no intention to breach confidentiality, and possibly the teacher is completely unaware that they have done so, much less that a parent has now divulged that fact on a public site.

[tiredaftertwo]

OP, just chiming in to say I agree with you. Systems only improve when people have high expectations and challenge bad practice. But this is more than bad practice and is possibly illegal (and no, I am not suggesting the OP sues the school). The school has a duty to keep personal information about your children confidential and it has failed. It is nothing to do with the teacher involved, it could happen to anyone, but the system needs reviewing, and it is perfectly reasonable that you are angry.

If I hadn't read this, I think I would have assumed that emails with attachments to parents have some sort of check in schools, just because it is so easy to select the wrong document and press send. I wonder if the Information Commissioner's Office (just looked it up) or anyone has any standards about this (waves hand vaguely)?

This is more than just a technicality: those who think it doesn't really matter - personal and health information can be used to victimise, bully, and blackmail people - and no-one has a crystal ball to see how it will be used. The organisations entrusted with it MUST keep it safe. ico.org.uk/for_organisations/sector_guides/education

[Cheecheemonkey]

Firstly, I never said info couldn't be sent by email. If you read my message I said better care should be taken with sensitive docs. Someone attached a sensitive doc to an email to myself. Of course people can't stop using email, that's ridiculous. All I said was that when schools deal with personal info about their pupils such info should stay personal, I.e. not be sent to other parents.

I am not attacking teachers here - most do a very good and very difficult job, and yes they work long hours and organise many trips and other events all in their own time. I only pointed out that a school's Confidentiality Policy should be taken seriously as that is the reason it exists, and as a parent one believes that their child's private, medical, emotional and educational details will not be put into the public domain, I.e. mistakenly sent to another parent. I'm not talking about sharing with hospitals, doctors and the like as I know they can and do with permission or without it if a child is thought to be at risk. Just not sent to another parent.

Sorry, I seem to have upset a lot of you. God only knows why?

[sitzonhandz]

Cheechee, with two sn kids, there's a shedload of confidential emails that fly back and forth between doctors, paed's, consultants, health professionals, social services.

It's hard enough to coordinate support between external (even internal) organizations even using emails - I can't imagine how much harder it would be if suddenly it wasn't allowed because one in a thousand emails ended up with the wrong recipient.

I think it's about the big picture, really. And irrelevant elephant, I really hope you don't ever get to influence the policy of any organization that I or my children rely on for support. The entire system would grind to a complete halt.

[BriansBrain]

It may be a case of the teacher scanning into email and picking up the other paperwork at the same time without knowing.

It isn't great but as long as you are discreet I am sure the teacher will never just scan and send without checking ever again, it's human error.

[IrrelevantElephant]

Totally agree- children's details should NOT be sent via email,
Especially since it is so easy to send it to someone else. I think the school should have some sort of secure messaging service, or password protect all external emails.

[Cheecheemonkey]

Oh yes, I let Mr Gove know and David Cameron, just to be on the safe side!!! Back to the real world now and I in fact tried in the first instance to contact the teacher concerned, had no luck, and because I was concerned at a possible error in the system rather than human error (as this email had other anomalies) I let a deputy know in case this was duplicated and sent out to others (as my son's name is included I really don't want this circulated).

I have been angry that this is the second time we have experienced a breach in confidentiality, and errors are still being made. To say, oh well ... the poor teacher will be mortified isn't good enough. This teacher is a lovely teacher in fact, however schools must take great care with sensitive documents and every precaution should be in place in order these breaches do not occur. If a social worker leaves documents regarding an individual on a park bench for anyone to read would you say, don't make a fuss, mistakes happen, bet they're sick with embarrassment. I don't think so. Would anyone be happy for their doctor to accidentally send their medical notes to another patient, and would you feel that an understandable human error? I don"t expect anyone would....... or maybe it's just me.

[MisForMumNotMaid]

I agree with you that I want private personal information to stay private. In the circumstance I interpret from your original post I was a little surprissed by the reported to the highest level, awaiting their response comments.

What is the highest level... Chair of governors, head of education at the LEA, Mr Gove?

Is this one incident, that I agree is unfortunate and I understand you seeking assurance that it doesn't happen again, the thing that you feel their efforts are best focused on?

Glad to hear that you're feeling less annoyed.

[Cheecheemonkey]

There wasn't a great dealt to read really - but enough to say that it is wrong on every level. Should I have read it? Well, I'd be amazed at anyone who wouldn't although there are probably plenty who'd say they wouldn't but I think they'd be lying. Will I tell anyone? Of course not. I have already deleted it. Point is, if it has happened to me then it's probably happened to someone else, and would someone else keep quiet on what they'd read? Maybe not.

As a parent I want to know that private info I share with the school stays private. Can't quite believe no-one agrees with me, but hey ho! Must just be me. I'm not annoyed anymore, so job done. Thank you!