back to article Capita strikes again: Bug in UK-wide school info management system risks huge data breach

Capita has admitted a bug in an information management system used by 21,000 UK schools could have incorrectly linked contact details to the wrong pupils – an incident with huge implications for pupils' data protection. The error, which has been pinned on a December 2017 upgrade to the Schools Information Management System, …

Page:

  1. DJV Silver badge

    Crapita

    Testing - we've heard of it (possibly).

    1. cantankerous swineherd Silver badge

      Re: Crapita

      no need to test anything, matching on name alone was bound to fail. absolute muppetry.

    2. macjules Silver badge

      Re: Crapita

      Hey, at least they admit it now:

      Capita

      Educational

      Support

      Services

      Professional

      Infrastructure

      Team

      Do you really need them to actually spell it out?

    3. Anonymous Coward
      Anonymous Coward

      Re: Crapita

      I once spent six months working for them as a freelance tester - Government stuff. Unfortunately they had not budgeted for kit, so I spent two months scampering around to gather kit to build a test environment so I could get my team working.

      When we started failing applications Capita went ballistic, we were not supposed to actually test it, they had no slack in the budget for fixing defects. I was extremely pleased to reject the renewal.

  2. Anonymous Coward
    Anonymous Coward

    Capita: An exercise in rewarding failure again and again...

    All the wasted money lost to Capita has to be made up somehow.

    Govt / HMRC: Lets recoup it by screwing over indie contractors?

  3. }{amis}{ Silver badge
    Joke

    Kit check

    Flaming torches.. Check

    Pitch Forks ..... Check

    Rope..... Who forget the rope! no matter use the cat5

    Right off to the Capata offices for a chat we go.....

    1. wolfetone Silver badge

      Re: Kit check

      I was rather hoping we'd go to the Windchester instead?

      1. Prst. V.Jeltz Silver badge

        Re: Kit check

        yeah , just till it all blows over

        1. Kane Silver badge
          Thumb Up

          Re: Kit check

          How's that for a slice of fried gold?

      2. Lotaresco Silver badge

        Re: Kit check

        "I was rather hoping we'd go to the Windchester instead?"

        What, *The* Winchester?

  4. Anonymous Coward
    Anonymous Coward

    Bonus cheques?

    > system used by 21,000 UK schools could have incorrectly linked contact details to the wrong pupils

    I bet there won't be any 'incorrect linking' problems when comes to matching bonus cheques to Crapita executives at the end of the year.

    1. Terry 6 Silver badge

      Re: Bonus cheques?

      Or billing.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bonus cheques?

        "Or billing."

        Nope, they are rubbish at sending out invoices or chasing for any sort of payment.

        They gobbled up a company which supported our Cisco Callmanager system, since then we have to ask them for invoices (They just don't send them, so we have saved thousands of pounds for the past few years).

        I am hoping they get dumped, since they can't sell anything either.

  5. Mycho Silver badge

    Their real business is taking the blame for government screwups.

    I thought I'd get that out there before someone asked the inevitable question which requires that answer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Their real business is taking the blame for government screwups.

      The screw-up in question was the government's decision to award a contract to Capita.

      1. Mycho Silver badge

        Re: Their real business is taking the blame for government screwups.

        Exactly my point. Even now you're letting Capita distract you from the arsehole politicians responsible for this mess.

        That, my friend, is what they get paid for.

  6. localzuk

    Gonna be one less school soon

    This is the final nail in the coffin for me - adding this to my push to move away from SIMS in our 6 schools. Capita just really don't seem competent in anything they do!

    1. Scroticus Canis Silver badge
      Holmes

      Re: Gonna be one less school soon

      "Capita just really don't seem competent in anything they do!"

      Oh I don't know, they do seem to excel at getting undeserved business from the government while screwing them for large amounts of money for shoddy products.

      1. John Smith 19 Gold badge
        Unhappy

        "they do seem to excel at getting undeserved business from the government "

        That's simply explained.

        A system costing £10m/ year to support needs a company that can support a £10m contract, right?

        Wrong. In HMG land if the system runs 10 years it needs a company that can support a £100m contract

        Why?

        Because we're the British Government, and we're special.

        Multiply all numbers by 10 or 100 and you see why only "Special" contractors (like Capita, Thales, and the other Usual Suspects) can possibly be considered for this.

        Bit like Carillion.

    2. Lee D Silver badge

      Re: Gonna be one less school soon

      Most MIS providers are no different.

      What are you moving to? I betcha I can point you in the direction of someone with similar/worse horror stories on whatever it is.

      1. paul-s

        Re: Gonna be one less school soon

        Other MIS providers are available - I'd take a look at the others that ex-SIMS users are flowing to, some stats here: http://bringmoredata.blogspot.com/

  7. Anonymous Coward
    Anonymous Coward

    (no names, no flaming pitchforks at dusk)

    I supported education networks for years, and SIMS was a constant problem child. They'd make simple changes with wide reaching consequences and not bother to tell anyone beforehand or specify them clearly in the release notes. In one memorable patch they shuffled lots of the codes used to classify absences, leaving us uncertain if students were away from school by arrangement or needed warning letters to be generated. It'd also hog resources and jam up when stressed... which happened every day at registration. Teachers would often take paper registers and fill in the details later to save time, often a few days worth in one sitting. You can see the issue with that...

    Forgive me for not being at all surprised by the cock-up, or their conservative estimate of the impact.

  8. John70

    Crapita can't even build a simple database just to hold pupil details and contact details of relatives?

    How do they keep getting these contracts?

    1. Prst. V.Jeltz Silver badge

      well , its not that simple - as you well know - schools often have hundreds, of pupils. Theres no database known to man can take that much data! some of the parents have double barreled names too, that dosent help

      1. John G Imrie Silver badge

        It's worse than that

        Some of these parents get divorced or even re married and change their names. And names aren't even unique, just how many children and wives does John Smith have?

      2. cantankerous swineherd Silver badge

        god help them when little bobby drop tables turns up.

      3. keithpeter
        Coat

        "...some of the parents have double barreled names too, that dosent help"

        Names can get tricky [1]. I always ask my adult students to write down what is on their passport/travel documents at enrollment so when they get their certificates at the end of the course there aren't any amusing issues when they go for jobs &c.

        [1] https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/

        I hope whoever dropped the date-of-birth match does not work on further education college systems as well... ten to fifteen times as many enrollments often...

      4. keithpeter
        Coat

        names...

        "...some of the parents have double barreled names too, that dosent help"

        Names can get tricky [1]. I always ask my adult students to write down what is on their passport/travel documents at enrollment so when they get their certificates at the end of the course there aren't any amusing issues when they go for jobs &c.

        [1] https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/

        I hope whoever dropped the date-of-birth match does not work on further education college systems as well... ten to fifteen times as many enrollments often...

    2. colinb

      good question

      It comes down to the commissioner needing scale and have no way to critically evaluate if they are any good and can deliver.

      Why they can't Google the trail of disasters i don't know but again most of the failures are kept well hidden.

      Take Amey for example, they have recently taken to doing council waste services but did not have any capacity to do food or garden waste.

      Still got the contract, guess what, there are a lot of maggot infested bins and uncollected garden waste.

      1. Mike Pellatt

        Re: good question

        Yeah. Amey. West Berks Council.

        You'd think people would have learnt and wouldn't outsource to them. They have form going back well over a decade. And some of us <cough> saw this coming

        https://www.european-services-strategy.org.uk/outsourcing-ppp-library/contract-and-privatisation-failures/west-berkshire-terminates-strategic-partnershi

    3. JohnMurray

      The SIMS software was what started Capita, as SIMS systems....years ago...you'd have thought they would have got it right by now...

      1. localzuk

        @JohnMurray - that's not really true. SIMS was developed by a teacher (Phil Neal), and then further developed by Bedfordshire County Council thing IIRC, which became SIMS Ltd, which was later bought by Capita.

        1. Anonymous Coward
          Anonymous Coward

          Pretty sure it was originally called NEMIS before it became SIMS and then bought by Crapita.

          I remember installing the floppy disks.

  9. TonyJ Silver badge

    That explains...

    ...why I've been getting notifications on the SIMS app on my phone that my son has had 100% attendance at school for the last few weeks...

    ...despite having left in June after his GCSE's.

    I hate the damn app with a passion. Prior to migrating to it, the school used SharePoint. Not everyone's cup of tea but the customisations meant that I could track a LOT of info from my son - from achievement (positive) or behaviour (negative) points, and why they were awarded to whether he was above, on, or below track for a given subject and so on.

    The SIMS app would tell me - well fuck all of any use basically. I'd get a popup on a Friday with a summary of his attendance from two weeks before...I could see if he'd had any of the above points but not in which subject or why etc. Nothing about progress.

    Basically a waste of space on my phone.

    So I do wonder who's kid has been in trouble for not attending the last few weeks :)

    1. 0laf Silver badge
      Childcatcher

      Re: That explains...

      That would be a breach of DP would it not? Retaining information on individuals beyond the time it is required?

      1. TonyJ Silver badge

        Re: That explains...

        You know apart from a bit of semi annoyed bemusement I hadn't given it any real thought but yeah you're right.

        1. Prst. V.Jeltz Silver badge

          Re: That explains...

          I guess a lot of Little Johnnies will be getting undeserved praise or punishment!

      2. Roland6 Silver badge

        Re: That explains...

        >That would be a breach of DP would it not?

        This would seem to be a breech of DP and GDPR, as it seems it is automatically linking the details of the new pupil Joe Smith with parent John Smith, to the pre-existing record of existing pupil Zoe Smith with parent John Smith.

        Interestingly, at both my children's junior and secondary schools, I had to explicitly link my two children's records together, which would seem to indicate they aren't SIMS users...

        1. billat29

          A real example: (names changed)

          Zoe Smith is the child of John Smith and Emily Williams but Emily is now living with Fred Wilson and had a child with him called Joe. Joe Wilson is the brother of Zoe Smith and he has Emily and John down as parents whereas Joe has Emily and Fred.

          Now Fred and Emily have Chloe living with them, Chloe is Fred's daughter with his former partner, Susan Jones and retained her mother's family name. However, Emily has parental responsibility for Chloe Jones and so she should be down on SIMS in that case. So should Susan as although Chloe is not living with her, she still is her mother.

          So. Zoe Smith; Joe WIlson and Chloe Jones are all siblings but different people living at different addresses need to see their records.

          If Emily comes into the school office and says that she has a court order that prevents John seeing Zoe how does that get recorded in SIMS? And does that prevent the school from sending information about Zoe's progress?

          So relationships are more complex than in my day so it easy to see that it can get screwed up. And in education software there are fixed release dates set around events in the school year so the pressure is on.

          However, there is this thing we have all heard about called testing...

          1. Primus Secundus Tertius Silver badge

            Re: A real example: (names changed)

            @Billat29

            Your example shows that some degree of abstraction is required in designing a data system to cope with it. But you don't get good abstract design by contracting out to the lowest bidder.

          2. Anonymous Coward
            Anonymous Coward

            Re: A real example: (names changed)

            Last time I solved an example like that, I ended up being offered a job by Google.

    2. Anonymous Coward
      Anonymous Coward

      Re: That explains...

      This is not linked to this issue, it will be caused by how the school are recording Y11 attendance.

    3. TheTigonCollection

      Re: That explains...

      Obviously, this will do Capita's battered reputation no favours.

      However, if you're talking of the SIMS Parent App, it is actually a good piece of software that provides almost real-time access for parents to attainment, progress, conduct, attendance, homework, timetables and more. Clearly, your experience was not a very good one, but I suspect this was down to inappropriate configuration, either of the underlying SIMS system or of the Parent App coupling. This requires considerable expertise and knowledge if parents are to get a good experience - the software certainly does not "just work" out of the box.

      But this is still not good news.

    4. Dan Watson

      Re: That explains...

      He would have been marked as on study leave. Which counts as ‘in attendance’, as he is where he is supposed to be.

      Otherwise you’d get fined for him being off!

      The app obviously doesn’t recognise the different codes.

  10. Anonymous Coward
    Anonymous Coward

    UK-wide?

    Actually really UK-wide, or just Englandshire?

    (Now, I'm not saying that reinventing the wheel 4 times is necessarily a good thing, but the education system in England is and always has been different from at least one other country in the UK.)

    1. Anonymous Coward
      Anonymous Coward

      Re: UK-wide?

      Yes, local authority managed schools in Scotland mostly (like 95%) use system called SEEMIS which is run by a strange entity which is both owned by and independent from the authorities.

      It's not without it issues either.

      Private schools in Scotland might well use SIMS but more likely Pearson Phoenix.

      1. Anonymous Coward
        Anonymous Coward

        Re: UK-wide?

        Possible being thick but that sounds like the answer is no. Scotland use a different (but also crap) system which is kind of publicy owned (bit like GPASS was for GPs till it was canned).

  11. Anonymous Coward
    Anonymous Coward

    Which bright spark decided not to use a unique ID including the date of birth? Why are we outsourcing to Crapita? Can someone explain it to me?

    1. TonyJ Silver badge

      "...Why are we outsourcing to Crapita? Can someone explain it to me?.."

      Because it works out cheaper in the long run

      Because Capita have such an outstanding record of delivering robust solutions on time, under budget and that perform exactly as required

      Oh yeah - because it lines the pockets of various ministers with their pudgy fingers in the pies of these companies?

      1. TheTigonCollection

        Capita are, of course, big beneficiaries of outsourcing. But SIMS, the MIS in question, is not an outsourced product. It was already the dominant school MIS in England when SIMS (the product and the English company behind it), was bought by Capita, many years ago. Schools are not forced by Government or Ministers to by any particular MIS. However, as more and more schools are absorbed into multi-academy trusts (a trend where there *is* a strong whiff of political leverage being applied), we are seeing those MATs impose a chosen MIS - maybe SIMS, maybe others - onto their schools.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019