ICO acts on student privacy breach • The Register

• ICO acts on student privacy breach • The Register

  tags: no_tag

  • Mick Gorrill, assistant information commissioner at the ICO, said: "The Data Protection Act clearly states that organisations, including universities, must take appropriate measures to ensure that personal information is kept secure.

    "This case reinforces the importance that only those authorised should have access to sensitive personal information such as a student's disabilities and other health details. Despite the absence of a justifiable reason, the staff member was able to access the information and send it to students and peers which could cause significant distress to individuals concerned.

    "Under the Data Protection Act, organisations must ensure that their policies on the transfer, sharing and publication of personal information are adequate and that staff members are aware and understand those policies. Manchester University recognises the seriousness of this case and has agreed to take immediate remedial action."

  This is a clear reminder to all data processing outfits to recognise that DPA rules extend to schools, colleges and Universities. The complaint was made to the ICO following the unintentional publication of a spreadsheet which contained the personal data of some 1,755 students. The personal data was emailed in error to some 469 students.Professor Alan D Gilbert, President and Vice-Chancellor of The University of Manchester has had to provide an undertaking to the effect that the University agrees to comply with the seventh data protection principle.
  

View PDF of the University of Manchester undertaking