Skip to the content

DfE refers itself to ICO over database access


The Department for Education (DfE) has referred itself to the Information Commissioner’s Office (ICO) over revelations that a database of young people has been made available to a company that works with the gambling industry.

It has confirmed that a breach took place through a third party, and reporting itself to the ICO, following a report in The Times (paywall) that the Learner Records Service, designed to help learning providers verify potential students’ previous educational achievements, had been passed to GB Group.

The company describes itself as a specialist in identity data intelligence and provides age and identity verification services to a range of organisations that include online gambling companies.

A spokesperson for the DfE said: “An education training provider wrongly provided access to this data and broke their agreement with us. This was completely unacceptable and we have immediately stopped the firm’s access and ended our agreement with them. We will be taking the strongest possible action.

“To make sure this doesn’t happen again, the Education and Skills Funding Agency (which operates the Learner Record Service) has begun a full investigation of access to this data and any provider found to be in breach of their contracts will have their agreements terminated.”


According to The Times report, the database was passed to GB Group by employment screening company Trustopia. The DfE said this had not been authorised.

The data has been used to verify the ages of online customers. GB Group told The Times that it had used the database through a third party, that it took the issue seriously and was investigating.

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.