The Information Commissioner's Office (ICO) has hit out at the Student Loans Company after a series of data breaches involving customer records.
The organisation, which deals with a huge amount of personal data from students, had reported several incidents in which information held about customers, including medical details and a psychological assessment, had been sent to the wrong people.
The ICO investigated the matter and found that there were not enough checks carried out when documents were being scanned to add to customer accounts. It even found that documents that were more sensitive received fewer checks.
ICO head of enforcement Stephen Eckersley suggested that the organisation should be looking after student data more carefully.
"For the majority of students, the Student Loans Company represents a crucial service that they rely on to fund their studies," he said.
"Students are obliged to provide personal information to the loans company, both while they receive the loan and in the years when they are paying it back, and they are right to expect that information to be properly looked after."
Eckersley added that that the Student Loans Company had not properly looked after personal data, and outlined the changes that need to be made.
The Student Loans Company has now signed a formal undertaking which commits the organisation to ensuring that proper checks are carried out before correspondence is sent out, as well as making staff better aware of its data protection policy.