Durham University breached the Data Protection Act by publishing personal information about former students and staff on its website… in screenshots used to demonstrate university systems .
The names, addresses and dates of birth of up to 177 people were shown in screenshots that should have been anonymised before being published in tutorial material on the University’s site.
This investigation found that just 20 percent of the university’s staff were aware of the organisation’s data protection guidance and learnt that one to one training was provided for a limited number of staff who were then responsible for distributing the information to colleagues. It also discovered that the university failed to keep track of which employees received this training.
Durham has signed an undertaking which commits it to improving the way in which it handles personal data. Staff whose work involves access to sensitive information will be required to undertake training as a matter of priority by 30 September, and the university has promised never to publish documents with this information on its website ever again.
“All documents should be checked for personal information before being made available on a website,” commented Steve Eckersley, head of enforcement at the ICO. “This case also highlights the importance of organisations having comprehensive data protection training in place for all staff.”
“It is vital that schools, colleges and universities introduce robust systems to handle their pupils’ information on electronic and paper based systems in compliance with the Data Protection Act and we will continue to work with those in the education sector to ensure they are keeping young peoples’ details secure.”
Earlier this month, the ICO fined Cheshire East Council £80,000 for failing to have adequare security measures in place following a serious breach of the Data Protection Act in May 2011. The ICO taken a keen interest in a number of aspects of education, saying that school children should be taught how to protect their own privacy and has also made inquiries into claims that the education secretary Michael Gove uses Gmail to conduct official government business.
How well do you know Internet security? Try our quiz and find out!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…