York uni rapped for data breach


The University of York breached the Data Protection Act by making student information which should have been restricted available online, the Information Commissioner's Office (ICO) said today.

In March, reports indicated 148 individual student records were mistakenly leaked online by the university.

The actual data breach occurred in September 2009, however, when a member of staff failed to realise they made an error while working on the university's IT system.

For over a year, students could get hold of information about classmates when they should have been prohibited from doing so.

Information published included student addresses, phone numbers, dates of birth and A-level results.

"This breach could have been avoided if the University had properly assessed the risks that this work posed to the security of their students' details," said Simon Entwisle, director of operations at the ICO.

"They also failed to test the security of their IT system once the work was complete, leading to an unnecessary delay in the error being corrected." Entwisle said the university was lucky the information made available "wasn't likely to cause the students substantial damage or distress," so a fine was "not appropriate."

The university has taken action to improve security, with regular testing, the ICO said.

The ICO is planning to raise awareness of information rights issues amongst students.

It will be launching the 2011 Student Brand Ambassador campaign in the coming weeks, offering tips on how to keep personal data safe.

A total of 15 students will be selected as champions for the project.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.