Newsflash - WisePay

We are aware that many schools have been affected by the large data breach that WisePay suffered between 2nd – 5th October. From the communications that many of you have received and shared with us, WisePay have requested schools to help determine who has been affected by the breach and to assist WisePay to reach out to those affected parents.

We have spoken to WisePay about this approach as we feel that, where possible, they should be the organisation to contact those affected and remedy the data breach. Whilst schools can of course assist WisePay, on occasion it appears the level of support they have requested was excessive.

Whilst we have had communication with WisePay their position remains that they are unable to contact those individuals affected. We have queried this position and given some suggestions to assist them in remedying the breach but have not received a satisfactory response.

In the meantime we thought it best just to give some practical guidance to assist those schools affected: -

• WisePay (and not the school) are ultimately responsible for the data breach. Whilst schools can assist them (as they have requested), if this would involve a disproportionate amount of time, you are well within your rights to refuse to assist further.
• Should you refuse to assist, I would suggest communicating this to WisePay. We can assist with this communication.
• You do not need to contact the ICO directly. WisePay have already contacted the ICO and you do not have a separate obligation to do so.
• If you have any queries/questions about this data breach do contact us in the first instance and we will do our best to assist (and where necessary contact WisePay on the school’s behalf).