The UK's privacy watchdog has investigated a school in Wales after a teacher posted the name, address, phone number and behaviour record of a pupil on YouTube.
The Information Commissioner's Office (ICO) took action when it received a complaint that Eirias High School in Colwyn Bay had uploaded the student's information on to the video-sharing website as part of a training film for staff.
The school was fortunate to escape with a slap on the wrist as the privacy watchdog has the power to issue fines of up to #163;500,000 for contravening data-protection laws.
The three-minute video was uploaded by Eirias High to show teachers how to record bad behaviour and bullying, using the school's internal computer system.
A running commentary accompanied the film, which showed the confidential record of an 11-year-old pupil being opened. It stated that the boy was well known for his poor behaviour while displaying all of his personal information, including mobile phone number and home address.
The school was forced to remove the video from the website by the ICO, which said it was in breach of data security and the Data Protection Act.
Eirias High headteacher Phil McTague said the issue had been settled, adding: "The Information Commissioner said it was a low-level disclosure and the situation has now been resolved in line with and to the satisfaction of the ICO."
An ICO spokesperson confirmed that an investigation had taken place, but considered the case closed.
In a statement, the watchdog said: "The school has given assurances that it has put in place security measures to stop this type of incident happening again. No formal regulatory action has been taken, but the matter may be revisited if there is another incident of this nature involving the school."
Schools are expected to keep increasing amounts of information on pupils, from names and addresses to medical conditions and parents' jobs.
A growing number are also holding pupils' biometric information in the form of fingerprints in a bid to create cardless canteens and libraries.
Last year, headteachers were warned that their data-protection policies needed to be watertight after the ICO was allowed to increase the fines it issues from #163;5,000 to up to #163;500,000.
The announcement came after a number of incidents in which sensitive information on pupils was lost or stolen.
Last year, an employee at Barnet Council in north London lost personal data on 9,000 pupils when a laptop was stolen from their home.
And in 2009, Waseley Hills High School in Birmingham was given a warning by the ICO when an unencrypted laptop containing details of 1,000 pupils and staff was stolen.
SECURITY - Data disasters
The ICO was handed greater powers after a raft of data-security incidents involving teachers and pupils.
In 2010 a worker at Barnet Council lost personal data on 9,000 pupils when a laptop was stolen from their home.
In the same year, education union the ATL was ordered to tighten up its data-protection procedures after a USB stick and laptop containing details of 7,000 members went missing.
In 2007 the Howard School in Rainham, Kent, apologised when a confidential report containing derogatory remarks about its pupils was found in the street. The booklet, which had "Do not leave lying around" written on the cover, described one pupil as a "wally", another as a "dingbat" and a parent as "a bit rough".