Cancelled exams and dodgy data

A couple of education news stories to keep an eye on. None of this seems to be getting easier.

Scottish Government confirms National 5 exams won’t take place in 2021 but Highers will go aheadDaily Record
Swinney continued: “In a normal exam year, National 5s constitute more than half of all exams taken. From a public health point of view, not running these exams significantly reduces risk. National 5 pupils will receive awards based on their coursework and the judgement of their teachers, with robust quality assurance. We have learned lessons from this year’s initial SQA gradings – there will be no algorithm for moderating grades in 2021.”

Scotland’s National 5 exams to be cancelled next yearThe Guardian
In England the Department for Education and Ofqual, the exam regulator, are adamant that GCSEs and A-level exams will go ahead in 2021. The education secretary in Westminster, Gavin Williamson, is expected to shortly announce a three-week delay in the exam timetable and other measures.

The DfE’s problems keep coming, it seems.

DfE broke the law on pupil data protectionTes
The audit found that the department has been in “direct breach” of data protection law, as there is “no clear picture” of what data it holds, and therefore “no Record of Processing Activity (ROPA) in place”. It also found that the DfE “cannot demonstrate accountability to the GDPR”, as there is “no formal proactive oversight of any function of information governance, including data protection, records management, risk management, data sharing and information security” within the department.

Department for Education’s handling of pupil data ruled illegalThe Guardian
Sam Grant, the policy and campaigns manager of Liberty, said: “This report displays a shocking failure of privacy protections, which is dangerous for our rights. The type of data collected by the DfE can reveal a huge amount of sensitive personal information about us, and often about children and young people. The government has routinely misused this data to enforce cruel and oppressive policies like the hostile environment. This cavalier attitude to our personal information puts people, including the most marginalised, at risk.”

Flying high with stolen data

The last post I shared about data theft was back in October (that seems like years ago now), but the subject’s not gone away, of course.

EasyJet says hackers stole data of 9 million customers Bloomberg
Cyber-attacks against businesses and their employees have surged this year as hackers take advantage of the disruption caused by the coronavirus pandemic. While the EasyJet breach was discovered in late January, predating the disease’s flare-up across Europe, the company is alerting those whose exposure was limited to email and travel details to guard against a rising number of so-called phishing attempts, a person familiar with the situation said.

It wasn’t just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victimsThe Register
It also warned victims to be on their guard against phishing attacks by miscreants using the stolen records, especially if any “unsolicited communications” arrived appearing to be from Easyjet or its package holidays arm.

You’d think the Information Commissioner’s Office would be busier than ever.

It looks like the UK’s data regulator has given up, blaming coronavirusWired UK
In April, the ICO said it would focus on the most serious cases during the pandemic and consider the impact of the wider situation on companies under investigation, but called for organisations to continue to report breaches as it was still operating. But in reality, observers claim, it has almost completely stopped operating.

But it’s worth noting that that article was subsequently updated to, in effect, completely contradict its own headline.

[F]ollowing the publication of this story, an ICO spokesperson said it “is not true” that the body has stopped work on complaints and investigations. “Since the Covid-19 pandemic started, we have only paused under ten per cent of cases and investigations,” the spokesperson said. “These are specific cases where progressing regulatory activity may not be possible or appropriate during a global public health emergency.” The spokesperson added that it continues to “look into” all complaints and data breach reports it receives. It is “focusing on the information rights issues that are likely to cause the most harm or distress to people and organisations”.