Springboard Data Issue



Maura O'Shea

By Maura O'Shea

Posted: 7 September, 2022

Springboard logo

Updated 5th September

 This is to advise of an issue that was detected on the Springboard system on 2nd September. It arose on the Employer’s Interface, which allows employers to connect with Springboard+ graduates of courses that are aligned with the skills need of the employer. This register is entirely voluntary, and applicants are asked upon registration whether they wish their details to be included.

 We have included some FAQs in relation to the issue below, and we are liaising with the Data Protection Commissioner.

 For further information please contact dataprotection@hea.ie.

FAQs

  • What happened?

The issue arose on the Springboard+ Employer’s Interface, a register which some applicants consented to be included on when they registered for Springboard+.

It came to the attention of the HEA that employers were not being adequately verified when registering for the interface. This oversight resulted in details of applicants being visible to a small number of individuals without a valid connection to the intended use of the interface.

 

  • What data was accessible?

The data in question contained the following fields:

-Name

-Email address & Phone number (provided at time of registration)

-Details of Springboard+ course information (NFQ level, course dates, provider) and degree level.

No eligibility or special category data under Article 9 GDPR was exposed at any stage.

  • Am I at risk as a result of this issue?

While we appreciate this is highly concerning, we have disabled access to this portal we do not foresee any further risks to your privacy as a result of this issue. We undertook a manual check of all registered employers on the system, and there is no evidence that this data was being misused in any way, and there was no further illegitimate attempts to access the system.

  • What has the HEA done in response?

We immediately disabled the portal upon being made aware of the issue on Friday 2nd September.

We reported this as a data breach to the DPC also on Friday, and will follow their recommendations.

We are conducting a Data Protection Impact Assessment in relation to the Springboard+ System. We will share a summary of the outcomes of the DPIA when finalised via the Springboard+ website.

  • What do I need to do?

You do not need to take any further action at this time as the portal has been disabled.

More: data protection, Springboard+

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. We won't set these optional cookies unless you enable them. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Privacy Policy page


Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.


Analytics cookies

We'd like to set Google Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone.