University in hot water for breaching data protection laws
Durham University has been reprimanded by the Information Commissioners Office for wrongly publishing the details of 177 students online
Durham University has breached data protection laws, according to the Information Commissioner’s Office. Such as offense can carry a heavy punishment but The University is expected to get off lightly.
The ICO’s findings concern screenshots that were used in an online training manual.
The screenshots mistakenly reveal the personal details of 177 former students and staff.
Moreover the error which included names, addresses and date of births, was not realised until five months after the publication on the University website.
The ICO also criticised the training regime designed by Durham University to ensure compliance with data protection laws.
In its data protection pledge the University promises to provide specialist training for members of each department, as well as “general data protection awareness training” for other staff members.
However, the ICO investigation found that only 20% of staff had used the online training manual.
Steve Eckersley, Head of Enforcement at the ICO, said “all documents should be checked for personal information before being made available on a website. This case also highlights the importance of organisations having comprehensive data protection training in place for all staff”.
The University recently since promised to be more careful and improve its training policy.