Recent Cyber-Attack On Council’s: The Impact On Privacy Within Education Explained

Several schools across Bristol have been left without access to their computers and essential personal data – after being targeted by cybercriminals. A spokesperson for Castle School Education Trust and South Gloucestershire Council said: “23 schools in South Gloucestershire have been affected by a ransomware attack that took place on Tuesday (16 March 2021) morning”.

A number of primary schools and secondary schools come under the trust including Marlwood and Mangotsfield secondary schools; Charfield, Severn Beach and Lyde Green primary schools and Downend School. Once the cyber-attack had taken place, none of the 23 schools had access to any of their IT systems resulting in all online sessions being cancelled and sensitive information and data relating to underage children being exposed.

Ransomware is a type of malicious software cybercriminals use to block people from accessing their own data. The digital extortionists encrypt the files on computer systems and add extensions to the attacked data and hold it “hostage” until the demanded ransom is paid. This was a highly sophisticated attack that breached multiple layers of protection of the IT system shared by schools in Castle School Education Trust (CSET) and partner primary schools in South Gloucestershire.

Lessons learnt from the recent attack

On the 19th May we will be hosting a session on the Lessons Learnt From Recent Cyber Attacks on CSET.

Our Director Phil Brining will be joined by 3 well-known names in the world of Data Protection to discuss what could have been done to prevent these attacks and what lessons we can take with us into the future to ensure something like this doesn’t happen to other organisations, or where it does we can help schools get up and running again.

Here are a few ways to prevent potential cyber-attacks:

  • Up-to-date Security Software.
  • Software and personal data management
  • Regular Risk Assessments.
  • Encryption and data backup.
  • Staff training and awareness.
  • Ensure vendors and partners maintain high data protection standards.
  • Specialist Data Security Evaluations.

During our session we will discuss some of the areas above and how they could potentially save your organisation from cyber-attacks, security breaches and loss of personal data.

Guest Speakers

Rowenna Fielding
Data Protection Consultant
Miss IG Geek

Rowenna Fielding is a nerd whose obsessive tendencies have served her well in building a career; first as an information security specialist then an advisor on data protection. Over the 10+ years since switching fields, Rowenna has been helping to bring data protection law to life in commercial and voluntary sector organisations, from in-house and more recently; as a consultant. In 2020, Rowenna established her own company, Miss IG Geek Ltd; providing advice, support, training and guidance on data protection and eprivacy. If she won the Lottery, Rowenna would carry on working in data protection, because its intersection of technology, social order and human rights is just too interesting to miss out on, even if it is a bit of an uphill struggle most of the time.

Tony Sheppard
Presales Consultant

Tony Sheppard has a broad range of experience from play leadership, sports coaching, EdTech, school leadership and information governance. He has long been a contributor of guidance to schools on data protection and information management, through Becta, Northamptonshire County Council, communities such as and PrivTech Nation. As the former Head of Services at GDPR in Schools, Tony supported the creation of the DfE’s GDPR Toolkit for Schools and continues to drive school collaboration by the Data Protection Working Group’s website Education Data Matters ( Tony has recently joined NetSupport as a consultant, working with schools and organisation as they make decisions on how to implement the wide range of IT and Classroom Management tools. Tony is also the founder and principal consultant for My Data Protection World, providing guidance to companies and their customers on suitable technology, and the privacy, data protection and security needs involved. Tony continues to contribute to Information Governance in schools as a contributor to the IRMS Toolkits, via ICO workshops and through advocacy groups, and has just launched an Open-Source project to support the creation of readable Data Processing Agreements between EdTech vendors and schools.

Sarah Harriott
Corporate Governance Solicitor

Coventry City council

Sarah specialises in providing legal advice to Coventry City Council in matters of Data Protection, FOIA and EIR.  She also advises on wider matters of corporate governance. Sarah’s background is in civil litigation and she has transferred these skills to providing advice to the Council by being able to help them interpret the relevant legislation and case law and ensure they meet their data protection obligations.

Joining Information
Time: 12:30-13:30
Date: 19/05/21
Location: MS Teams

If you would like to join this session, please get in touch with [email protected] for a calendar invite.

If you would like to get involved with future events or if you are interested in presenting in partnership with Data Protection People, please contact [email protected]