Springboard Data Issue
By Maura O'Shea
Posted: 7 September, 2022
Updated 5th September
This is to advise of an issue that was detected on the Springboard system on 2nd September. It arose on the Employer’s Interface, which allows employers to connect with Springboard+ graduates of courses that are aligned with the skills need of the employer. This register is entirely voluntary, and applicants are asked upon registration whether they wish their details to be included.
We have included some FAQs in relation to the issue below, and we are liaising with the Data Protection Commissioner.
For further information please contact email@example.com.
- What happened?
The issue arose on the Springboard+ Employer’s Interface, a register which some applicants consented to be included on when they registered for Springboard+.
It came to the attention of the HEA that employers were not being adequately verified when registering for the interface. This oversight resulted in details of applicants being visible to a small number of individuals without a valid connection to the intended use of the interface.
- What data was accessible?
The data in question contained the following fields:
-Email address & Phone number (provided at time of registration)
-Details of Springboard+ course information (NFQ level, course dates, provider) and degree level.
No eligibility or special category data under Article 9 GDPR was exposed at any stage.
- Am I at risk as a result of this issue?
While we appreciate this is highly concerning, we have disabled access to this portal we do not foresee any further risks to your privacy as a result of this issue. We undertook a manual check of all registered employers on the system, and there is no evidence that this data was being misused in any way, and there was no further illegitimate attempts to access the system.
- What has the HEA done in response?
We immediately disabled the portal upon being made aware of the issue on Friday 2nd September.
We reported this as a data breach to the DPC also on Friday, and will follow their recommendations.
We are conducting a Data Protection Impact Assessment in relation to the Springboard+ System. We will share a summary of the outcomes of the DPIA when finalised via the Springboard+ website.
- What do I need to do?
You do not need to take any further action at this time as the portal has been disabled.