Feeds

ICO acts on student privacy breach

Slapped wrist for Manchester Uni

Providing a secure and efficient Helpdesk

Manchester University has been censured by the Information Commissioner's Office for publishing personal information about students.

The ICO said it had taken enforcement action against the university for a breach of the Data Protection Act after a member of staff emailed an attachment to 469 students which contained the personal records of 1,700 people.

The records, which included information on some students' disabilities, were published when a member of the university staff had unauthorised access to the information.

The university has now signed a formal undertaking outlining that it will process personal information in line with the Data Protection Act. It said that it will ensure all its staff have adequate training to prevent the inappropriate transfer of data and that it will take measures to safeguard personal data from accidental loss or destruction.

Mick Gorrill, assistant information commissioner at the ICO, said: "The Data Protection Act clearly states that organisations, including universities, must take appropriate measures to ensure that personal information is kept secure.

"This case reinforces the importance that only those authorised should have access to sensitive personal information such as a student's disabilities and other health details. Despite the absence of a justifiable reason, the staff member was able to access the information and send it to students and peers which could cause significant distress to individuals concerned.

"Under the Data Protection Act, organisations must ensure that their policies on the transfer, sharing and publication of personal information are adequate and that staff members are aware and understand those policies. Manchester University recognises the seriousness of this case and has agreed to take immediate remedial action."

This article was originally published at Kable.

Kable's GC weekly is a free email newsletter covering the latest news and analysis of public sector technology. To register click here.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.