Children’s full name and class year data publicly available

Hello,

My child’s primary school (2 – 7 year olds) has implemented a self-service system at reception in which is used to check in your child late or to change your child’s lunch requirements etc.

As part of this process involves the system asking a series of questions in which you have to answer via touch-screen options in order for the system to pinpoint your child’s record on the system for whom your request is regarding.

Two of the last steps in the question process are ‘Which year is your child in?’ followed by ‘What is the first initial of your child’s first name?’. Following answering these questions you are presented a list of ALL children names (full name and last name) matching this criteria in which you have the responsibility to select your child as shown by the first names and last names listed. This information (children first names, surnames and class year) and system is freely open for public use.

Surely this is classed as a serious security breach not to mention a breach in a data protection act of some form?

Any advice on this would be greatly appreciated. I wish to prevent any of my child's information from being made publicly and freely available.