• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00
Latest ICO Reprimand. Mr. S. Claus, Chief Executive Officer, North Pole Enterprises


To: Mr. S. Claus, Chief Executive Officer, North Pole Enterprises

Of: North Pole The Information Commissioner (the Commissioner) issues a reprimand to North Pole Enterprises (‘Santa Claus’) in accordance with Article 58(2)(b) of the UK General Data Protection Regulation in respect of certain alleged infringements of the UK GDPR. 
The reprimand
The Commissioner has decided to issue a reprimand to North Pole Enterprises i

Phishing in blue text on a computer screen background which is black

The City of London Police is warning schools across the UK to be vigilant against phishing attacks targeting school networks. Multiple schools have reported receiving suspicious emails containing malicious attachments that have infected their networks with malware.

Once infected, the school's email systems are used to send malicious attachments to other schools.

You don't have a pdf plugin, but you can download the pdf file.

Help and Advice against Phi

The Data Protection And Digital Information Bill (DPADI)

This article is now obsolete - the Data Protection and Digital Information Bill was not passed in the last parliamentary session.

It might seem like only yesterday that GDPR, as part of the Data Protection Act 2018 became law, but already we have another change in the law coming our way.

This has been slow getting here - a consultation 'Data: a New Direction' was launched by the government on 10 September 2021 and since then, a Bill was introduced,

The word reprimand in orange in an orange rectangle on a blue background with the word data breach in blue

The ICO has recently published a reprimand for a multi academy trust.  The reprimand was issued in respect of Articles 5 (1) (f) and 32 (1) (b).  An unauthorised third party utilised compromised credentials to access and encrypt their systems.

Lots of computer screens showing different things on a blue background all linked together

The recent update to the Keeping Children Safe in Education Document obliges schools and colleges in England to “ensure appropriate filters and appropriate monitoring systems are in place and regularly review their effectiveness”.

School children wearing blue shirts and grey skirts in a class room

The IAPP recently wrote an article about how organisations and lawmakers are striving to protect the online safety of children and teens in today's advance digital environment.  They find themselves working to solve a 'puzzle' that tries to balance varying legal jurisdictions and cultural considerations.

Hooded person over a computer. Text Cyber Aware. Blue padlock over a username and password.  Data Protection Education DPO badge

We have previously reported how the Rhysida Ransomware has focused on attacking the education sector.  Recently the CISA, FBI and MS-ISAC have released a new joint Cyber Security Advisory to disseminate known Rhysida ransomware indicators of compromise, detection methods, tactics, techniques and procedures identified through recent investigations.

man in a blue suit with a blue padlock hovering above his hands.  The word governance in white text on a blue background

The Governors and Data Best Practice area has been updated with some new content from the Norfolk and Suffolk Constabularies.  There is a training video: 'Protecting Yourself and Your School from Cybercrime' and a pdf of the slides from the video. There is input for school governors to highlight the risks presented by cyber crime and the resources and support available to help you improve your organisation's cyber security.

Cartoon of a criminal dressed in black with black hat, cyber criminal in orange on their chest, climbing out of a computer carrying a yellow computer folder on their shoulder

As a data protection officer we are seeing a rise in the number of cyber attacks on organisations.  We often find that the fact an actual crime has been committed is sometimes overlooked in the panic and need to recover data and get operations back up and running.  According to the National Crime Agency (NCA) cyber crime continues to rise in scale and complexity, affecting essential services, businesses and private individuals.  Cyber crime costs the UK billions of pounds, causes

NCSC Annual Cyber Review in white text, 2023 in white text on a blue background.  Background is a tunnel of computer screens (like going through a black hole)

The National Cyber Security Centre looks back at it's key developments and highlights over the last year in it's 2023 annual review. The National Cyber Security Centre (NCSC), a part of GCHQ, is the UK’s technical authority for cyber security.

data breach in orange computer text on a computer screen with computer code

The British Computer Society (BCS) has recently published the biggest data leaks of 2023.  The leaks cover worldwide cyber attacks, but the lessons learned apply to organisations of all types all around the world.  The data breaches include The Guardian Newspaper, LastPass password manager, Royal Mail, MOVEit, Microsoft, The UK Electoral Commission.

Hands typing on a laptop. Laptop screen shows view of the Compliance manager which is part of the Data Protection Education Knowledge Bank portal.

We launched our Schools Best Practice area at the beginning of this term which includes specific guides and support for schools.  There is also a specific area for Trusts and the Central Team.  The Trusts Central Team section is a specific area for additional requirements and guidance for the central team of a trust and should be used in conjunction with the other tabs in the best practice area.  

Dark hooded person working on a laptop with a beam of a padlock and a password field.  Be Cyber Aware in white cyber text and the Data Protection Education DPO services badge in the bottom right

Several countries have pledged never to pay cyber criminal ransoms and to collectively work toward disrupting their financial systems.  The members affirmed their joint commitment to building their collective resilience to ransomware.  They will share data on ransomware perpetrators and techniques and establish a blacklist of information about digital wallets used to facilitate rasomware payments.

  1. Google for Education Resources: Helping IT Admins meet DfE digital and technology standards
  2. Resistant Cloud Backups
  3. Top Ten Cyber Security Misconfigurations
  4. Lettings Best Practice and Guidance
  5. ICO Reprimand: company suffered a ransomware attack
  6. October is Cyber Security Awareness Month: 31. On the road to cyber essentials
  7. The UK Online Safety Bill becomes an Act (Law)
  8. October is Cyber Security Awareness Month: 24. Backups
  9. October is Cyber Security Awareness Month: 27. Passwords
  10. October is Cyber Security Awareness Month: 30. Support
  11. October is Cyber Security Awareness Month: 29. Admin controls
  12. October is Cyber Security Awareness Month: 28. Phishing
  13. October is Cyber Security Awareness Month: 26. Physical Security
  14. October is Cyber Security Awareness Month: 25. Server Security
  15. October is Cyber Security Awareness Month: 23. Filtering and Monitoring
  16. October is Cyber Security Awareness Month: 22. Hardware: Printers
  17. October is Cyber Security Awareness Month: 21. Hardware: Asset Control
  18. October is Cyber Security Awareness Month: 20. Hardware: Safe disposal
  19. October is Cyber Security Awareness Month: 19. Anti-virus/anti-malware
  20. October is Cyber Security Awareness Month: 18. Regular Updates
  21. October is Cyber Security Awareness Month: 17. Access Control (Users)
  22. October is Cyber Security Awareness Month: 16. Access Control (Wi-Fi/Network access)
  23. October is Cyber Security Awareness Month: 15. Access Control (working from home/off site)
  24. October is Cyber Security Awareness Month: 14. Access Control (MFA)
  25. October is Cyber Security Awareness Month: 13. Awareness
  26. October is Cyber Security Awareness Month: 11. Policies and Procedures
  27. October is Cyber Security Awareness Month: 12. Training
  28. October is Cyber Security Awareness Month: 10. Assess where you are with cyber security
  29. October is Cyber Security Awareness Month: 9. A guide for education providers
  30. October is Cyber Security Awareness Month: 8. How can your school prevent Ransomware attacks?
  31. October is Cyber Security Awareness Month: 7. What does a Ransomware attack on a school look like?
  32. Considerations when migrating to a new MIS
  33. October is Cyber Security Awareness Month: 6. Cyber Action Plan
  34. October is Cyber Security Awareness Month: 5. Responsibilities
  35. October is Cyber Security Awareness Month: 4. What to do in a cyber attack
  36. October is Cyber Security Awareness Month: 3. Data Security
  37. October is Cyber Security Awareness Month: 2. Privacy Protection
  38. October is Cyber Security Awareness Month: 1. Why is cyber security important?
  39. The importance of software updates (PaperCut vulnerability and Rhysida ransomware)
  40. Public bodies and sensitive data
  41. Adding offline bulk training using the Certificates function
  42. Ransomware, extortion and the cyber crime ecosystem
  43. ICO: 10 Step guide to sharing information to safeguard children
  44. Schools under Cyber Attack: September 2023
  45. Cyber Resource: The Cyber Resilience Centre Group
  46. Schools and Trusts Best Practice Area
  47. Email and Security: ICO recent guidance
  48. Help after a Cyber Attack/Incident
  49. Social Media Policy
  50. Data Protection and Cyber Security (Inset Day) Training Ideas
  51. Changes to Microsoft Free Licensing for Schools
  52. What to do in the event of a Cyber Attack
  53. Cyber Crime: AI Generated Phishing Attacks
  54. Handling Freedom of Information Requests the right way
  55. Cyber Attack: Exam Boards
  56. VICE SOCIETY - Ransomware attacks on schools
  57. Using Tags if you are a group of organisations in the DPE Knowledge Bank
  58. Where's Harry the Hacker?
  59. Be Cyber Aware: USB Sticks
  60. Cyber Insurance in the Public Sector
  61. Types of Cyber Attacks: DDos Attack (Microsoft DDoS Attack in June)
  62. Cyber Attack: Manchester University
  63. Cyber Attack: Leytonstone School
  64. The ICO Reprimands a school
  65. Be Cyber Aware: Firewalls
  66. Subject Access Requests (SARs)
  67. Be Cyber Aware: Cyber attacks and transparency. A no blame culture
  68. Cyber Attack: Dorchester School
  69. Knowledge Bank Role Types: Admin, Staff and Trustee
  70. Types of Cyber Attacks: Password Attacks
  71. Be Cyber Aware: Why regular software updates are important
  72. Cyber Security Breaches Survey 2023
  73. World Password Day - May 4th
  74. Cyber Attack: Wiltshire School
  75. Keeping your IT systems safe and secure
  76. Types of Cyber Attacks: DDoS Attacks
  77. Types of Cyber Attacks: Phishing
  78. Types of Cyber Attacks: The Insider Threat
  79. Why your data is profitable to cyber criminals
  80. Using WhatsApp in Schools
  81. The Changes to Data Protection in the UK
  82. Knowledge Bank Updates
  83. Types of malware and how they are linked to data protection
  84. Striking Data Breach
  85. Windows Server 2012 & 2012 R2 Retirement
  86. How to contact us for support, subject access requests, data breaches and FOI's
  87. YouTube breached child protection laws
  88. How a school fought back after a cyberattack
  89. Types of Cyber Attacks - Credential Stuffing
  90. January Cyber update - How Can Schools Help Prevent Cyber Attacks?
  91. End of Windows 8.1 Support
  92. Assigning courses to staff using to-dos
  93. How the Record of Processing Can Help You
  94. Information Security Basics: What are VPN's?
  95. What does a Data Protection Officer Do?
  96. Are you ready for a Data Breach?
  97. Blog: Best Practice on the Retention of Child Protection Information
  98. Carrying out Supplier Due Diligence
  99. Email and retention periods
  100. How Long Should You Keep Personal Data For?
  101. The Education sector now at highest risk of cyber attacks
  102. How to Assess your Data Security
  103. Schools Blocked from Using Facial Recognition Systems
  104. Sharing this year’s Nativity play online
  105. A quick introduction to the Phishing Simulation tool
  106. The Children's Code
  107. Recording vaccination of staff
  108. B&H FoI: Racist/religious incidents/bullying
  109. Cyber Attacks
  110. Protocol for Setting Up and Delivery of Online Teaching and Learning
  111. Class Dojo International Data Sharing
  112. Model Publication Scheme: Amendments, Improvements and Updates
  113. Child friendly privacy notices
  114. Transparency
  115. Parents and students covertly recording conversations
  116. SAR? ER? FOI?
  117. Secure file transfer of files using Royal Mail
  118. Emergency contacts and consent
  119. Key elements of a successful DPIA
  120. FOI Publication Schemes
  121. SHARE: Avoid disinformation online
  122. Best Practice for Managing Photos and Video
  123. New Drip Feeds: Recognise and Respond to Subject Access Request
  124. When to contact the Data Protection Officer?
  125. National child measurement programme
  126. Make sure DPE is your registered DPO with the ICO
  127. Compliance Manager released
  128. Headteacher fined for breach of data protection legislation
  129. Emails – good practice and minimising the risk of a data breach