Friday, 19 February 2016

Students hit by University of Greenwich data breach

Students' names, addresses, dates of birth, mobile phone numbers and signatures were all uploaded to the university's website. In some cases, mental health and other medical problems were referenced to explain why students had fallen behind with their work.
In one example, it was disclosed that a student had a brother who was fighting in a Middle Eastern army and references were made to an asylum application. Supervisors' comments about the students' progress were also documented.
In some instances, copies of emails between university staff and individual students were also published.
The University of Greenwich has apologised and said it is in the process of contacting those affected. They believe believe all the documents are now offline and have contacted Google to try to ensure cached copies of the documents cannot be retrieved from its search engine.
They were posted alongside minutes from the university's Faculty Research Degrees Committee, which oversees the registrations and progress of its research students.
The matter was brought to the BBC's attention by one of the students, who discovered the information could be found via a Google search.
They also flagged the matter to the UK's data watchdog. The Information Commissioner's Office has confirmed that an investigation is under way.
One legal expert warned there could be financial consequences.
"It does look as though there has been a significant breach of the Data Protection Act's obligations to process personal data securely, fairly and lawfully," said Ruth Boardman from the law firm Bird & Bird.
"[The university] may face enforcement action by the Information Commissioner (ICO) and claims by affected individuals.
"Under new rules due to be adopted in Brussels later in March, it would face a penalty of up to 10m euros [$11.2m; £7.8m]."
At present, the largest fine the ICO can impose is £500,000.
Cited and more on this story at BBC News

No comments:

Post a comment