University of Greenwich data breach
The University of Greenwich has apologised after personal details of hundreds of students were posted online. The university’s website displayed students' names, addresses, dates of birth, mobile phone numbers, medical problems and signatures alongside minutes from the Faculty Research Degrees Committee.
The Information Commissioner's Office (ICO) has confirmed that an investigation is under way and that the university may face enforcement action if it is shown that there was a breach of the Data Protection Act’s obligations to process personal data securely. The university could face a penalty of up to £7.8 million if it is found that they have breached these obligations.
The university has now taken all of these personal details off their website and are working with Google to try and recover any copies of the documents that have been cached.
Louise Nadal, the university’s secretary said, "I am very sorry that personal information about a number of postgraduate research students has been accessible on the university website."
"This was a serious error, in breach of our own policies and procedures. The material has now been removed. This was an unprecedented data breach for the university and we took action as quickly as possible, once the issue came to light.
We are now acting urgently to identify those affected. I will be contacting each person individually to apologise and to offer the support of the university.”
"At the same time, I am also conducting an investigation into what went wrong. This will form part of a robust review, to make sure that this cannot happen again. The findings and recommendations of the review will be published.
"We are co-operating fully with the Information Commissioner and we will take all steps necessary to ensure that we have the best systems in place for the future."
This highlights the importance of data protection and that everyone who collects, uses and saves personal and sensitive data does so appropriately to protect individuals’ rights and to also uphold an organisation’s reputation.
To help organisations understand the options for storing data, and what the legal implications are International Workplace has created a short interactive eLearning Data Protection in the Workplace designed for all employees who work with data to introduce the key principles of the UK’s Data Protection Act 1998 (DPA) and the practical steps that can be taken to ensure compliance.
If you have one learner the cost is £25 + VAT however If you are looking to train your team we offer multi user discounts with prices starting from as little as £1 per learner, more learners = lower cost, this can be can be delivered via our online learning management system (LMS) which provides real-time progress tracking and comprehensive records management for all your learners. To book your free demonstration of this course call us on +44 (0)871 777 8881.