Data breaches at the SLC

Pete Swabey made this Freedom of Information request to Student Loans Company Limited

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was partially successful.

Dear Student Loans Company Limited,

Please could you inform me of any data breaches that occurred at the Student Loans Company in the last five years.

Yours faithfully,

Pete Swabey

FOI Publication Scheme, Student Loans Company Limited

Dear Mr Swabey

Thank you for your email dated 09/12/2011 requesting information under the
Freedom of Information Act 2000. Your request has been logged under
reference 137-11. Please quote this reference in future communications.

A full response will be issued in due course.

Yours sincerely

Louise Chapman
Freedom of Information Officer
Student Loans Company
100 Bothwell Street
Glasgow
G2 7JD

Tel: 0141 243 3062

|---------+------------------------------------------->
| | Pete Swabey |
| | <request-96565-77bbb975@whatdoth|
| | eyknow.com> |
| | |
| | 09/12/2011 11:26 |
|---------+------------------------------------------->
>--------------------------------------------------------------------------------------------------------------|
| |
| To: FOI requests at SLC <[SLC request email]> |
| cc: |
| Subject: Freedom of Information request - Data breaches at the SLC |
>--------------------------------------------------------------------------------------------------------------|

Dear Student Loans Company Limited,

Please could you inform me of any data breaches that occurred at
the Student Loans Company in the last five years.

Yours faithfully,

Pete Swabey

show quoted sections

FOI Publication Scheme, Student Loans Company Limited

Dear Mr Swabey

I refer to your e-mail dated 09/12/2011 requesting the following
information under the Freedom of Information Act 2000 (“FOIA”):

“Please could you inform me of any data breaches that occurred at the
Student Loans Company in the last five years.”

Response

I can confirm that there have been 16 data protection breaches at the
Student Loans Company Limited (“SLC”) over the last five years.

This figure includes formal complaints made to the Information
Commissioner’s Office by customers which have been upheld against SLC, and
data protection breaches reported by SLC to the Information Commissioner’s
Office.

Internal review procedure

I trust that my answer to you is satisfactory; however, if you are unhappy
with the decisions made by me in relation to your freedom of information
request, you may ask SLC for an internal review.

Any such appeal would be conducted by Chris Andrew, Company Secretary, 100
Bothwell Street, Glasgow, G2 7JD. You may request a review by writing to
Chris Andrew or by emailing the FOI Office
([SLC request email]). SLC will only consider requests for
internal reviews which are made within 3 months of the date of our original
response (except in exceptional circumstances).

If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner for a decision.
The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Yours sincerely

Louise Chapman
Freedom of Information Officer
Student Loans Company
100 Bothwell Street
Glasgow
G2 7JD

Tel: 0141 243 3062

|---------+------------------------------------------->
| | Pete Swabey |
| | <request-96565-77bbb975@whatdoth|
| | eyknow.com> |
| | |
| | 09/12/2011 11:26 |
|---------+------------------------------------------->
>--------------------------------------------------------------------------------------------------|
| |
| To: FOI requests at SLC <[SLC request email]> |
| cc: |
| Subject: Freedom of Information request - Data breaches at the SLC |
>--------------------------------------------------------------------------------------------------|

Dear Student Loans Company Limited,

Please could you inform me of any data breaches that occurred at
the Student Loans Company in the last five years.

Yours faithfully,

Pete Swabey

-------------------------------------------------------------------

Please use this email address for all replies to this request:
[FOI #96565 email]

Is [SLC request email] the wrong address for Freedom
of Information requests to Student Loans Company Limited? If so,
please contact us using this form:

Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
http://www.whatdotheyknow.com/help/offic...

If you find this service useful as an FOI officer, please ask your
web manager to link to us from your organisation's FOI page.

show quoted sections

Louise,

Please could you provide me with an itemised list of each of the 16 data breaches you refer to, with details of which data was affected and how.

Many thanks.

Yours sincerely,

Pete Swabey

FOI Publication Scheme, Student Loans Company Limited

Dear Mr Swabey

Thank you for your email dated 12/01/2012. I have registered your
follow-up request for an itemised list as a new FOI request as our FOI
requests are recorded on a yearly basis January to December. The
follow-up request has been allocated reference 02-2012.

I have the information you have requested to hand, and a response is
currently being prepared.

Yours sincerely

Louise Chapman
Freedom of Information Officer
Student Loans Company
100 Bothwell Street
Glasgow
G2 7JD
Tel: 0141 243 3062

|---------+------------------------------------------->
| | Pete Swabey |
| | <request-96565-77bbb975@whatdoth|
| | eyknow.com> |
| | |
| | 12/01/2012 16:06 |
|---------+------------------------------------------->
>------------------------------------------------------------------------------------------------|
| |
| To: FOI Publication Scheme <[email address]> |
| cc: |
| Subject: Re: Freedom of Information request - Data breaches at the SLC (SLC ref 137-11) |
>------------------------------------------------------------------------------------------------|

Louise,

Please could you provide me with an itemised list of each of the 16
data breaches you refer to, with details of which data was affected
and how.

Many thanks.

Yours sincerely,

Pete Swabey

show quoted sections

FOI Publication Scheme, Student Loans Company Limited

Dear Mr Swabey

I refer to your e-mail dated 12/01/2012 requesting the following
information under the Freedom of Information Act 2000 (FOIA)

“Please could you provide me with an itemised list of each of the 16 data
breaches you refer to (in your email dated 12/01/2012), with details of
which data was affected and how.”

Response
Please find below a table detailing the types of data affected and how the
data was affected by the data protection breaches over the past five years:

Number of | Type of data | How data was affected
data breach | affected |
--------------+---------------------+------------------------------------
1 | Customer documents | Documents returned to wrong
| | customer
--------------+---------------------+------------------------------------
2 | Customer | Failure to update information
| information |
--------------+---------------------+------------------------------------
3 | Customer documents | Documents returned to wrong
| | customer
--------------+---------------------+------------------------------------
4 | Recording of | Disclosure of customer telephone
| telephone calls | calls to third party in error
--------------+---------------------+------------------------------------
5 | Customer | Removal of customer information
| information | from site
--------------+---------------------+------------------------------------
6 | Customer documents | Documents returned to wrong
| | customer
--------------+---------------------+------------------------------------
7 | Customer documents | Documents returned to customer’s
| | previous address
--------------+---------------------+------------------------------------
8 | Customer | Customer information updated
| information | incorrectly
--------------+---------------------+------------------------------------
9 | Customer documents | Documents returned to wrong
| | customer
--------------+---------------------+------------------------------------
10 | Customer documents | Documents returned to wrong
| | customer
--------------+---------------------+------------------------------------
11 | Customer documents | Documents returned to wrong
| | customer
--------------+---------------------+------------------------------------
12 | Customer documents | Misplaced customer’s documents
| | and returned documents to wrong
| | customer
--------------+---------------------+------------------------------------
13 | Customer | Failure to update information
| information | timeously
--------------+---------------------+------------------------------------
14 | System defect | Wrong address applied to a number
| | of customers’ accounts
--------------+---------------------+------------------------------------
15 | Customer | Disclosure of customer
| information | information to third party
--------------+---------------------+

show quoted sections

Hi Louise,

Thank you very much for the information.

Please could you provide me with all the available details of data breach number 15.

How many customers did the information relate to, i.e. how many customers were affected?
How and why was the information disclosed to the third party?
When exactly did it take place? Who was the third party?
What impact has the breach had on the affected customers?
What impact does the SLC anticipate it might have?
What measures have been taken to prevent this kind of breach happening again?

Many thanks for your continued help,

Pete Swabey

FOI Publication Scheme, Student Loans Company Limited

Dear Mr Swabey

I refer to your e-mail dated 01/02/2012 requesting the following
information under the Freedom of Information Act 2000 ("FOIA"):

“Please could you provide me with all the available details of data breach
number 15.

How many customers did the information relate to, i.e. how many
customers were affected?
How and why was the information disclosed to the third party?
When exactly did it take place?
Who was the third party?
What impact has the breach had on the affected customers?
What impact does the SLC anticipate it might have?
What measures have been taken to prevent this kind of breach happening
again?”

Response

I can confirm that breach number 15 relates to a self-reported data
protection breach which SLC has reported directly to the Information
Commissioner during the current financial year. SLC publishes details of
any self-reported data protection breaches every year in the Directors’
Report section of our Annual Report, with is published on our corporate
website:

http://www.slc.co.uk/media/annual-report....

As breach number 15 occurred during the current financial year, the details
will be reported in our next Annual Report, which is due to be published
around June or July 2012, once it has received Parliamentary approval. The
information you have requested is therefore considered to be exempt from
disclosure under section 22 of the FOIA, as it is intended for future
publication.

Internal review procedure

I trust that my answer to you is satisfactory; however, if you are unhappy
with the decisions made by me in relation to your freedom of information
request, you may ask SLC for an internal review.

Any such appeal would be conducted by Chris Andrew, Company Secretary, 100
Bothwell Street, Glasgow, G2 7JD. You may request a review by writing to
Chris Andrew or by emailing the FOI Office
([SLC request email]). SLC will only consider requests for
internal reviews which are made within 3 months of the date of our original
response (except in exceptional circumstances).

If you are not content with the outcome of the internal review, you have
the right to apply directly to the Information Commissioner for a decision.
The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Yours sincerely

Louise Chapman
Freedom of Information Officer
Student Loans Company
100 Bothwell Street
Glasgow
G2 7JD
Tel: 0141 243 3062


Pete Swabey
<request-96565-77bbb975@whatdoth To: FOI Publication Scheme <[email address]>,
eyknow.com> cc:
Subject: Re: Freedom of Information request - Data breaches at the SLC (SLC ref
01/02/2012 11:57 02-12)

Hi Louise,

Thank you very much for the information.

Please could you provide me with all the available details of data
breach number 15.

How many customers did the information relate to, i.e. how many
customers were affected?
How and why was the information disclosed to the third party?
When exactly did it take place? Who was the third party?
What impact has the breach had on the affected customers?
What impact does the SLC anticipate it might have?
What measures have been taken to prevent this kind of breach
happening again?

Many thanks for your continued help,

Pete Swabey

show quoted sections

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org