recent work

University 'unlawfully' discloses personal data to Students.

ZNet has reported that The UK’s Information Commissioners Office (ICO) has confirmed that the University of Kent has ‘unlawfully’ disclosed personal data relating to students with disabilities.

The University sent an email to around 616 recipients; a note within the email noted that ‘all recipients of the message had a disability’. The ICO confirmed that, due to mostly human error (lack of ‘BCC’ useage in mass emails), the University had acted unlawfully by disclosing such information which ultimately allowed students to identify other students with disabilities.

Personal apologies were sent from deputy vice chancellor of the universirty, David Nightingale, to all students involved within hours of discovering what had happened. He also confirmed that the “significant breach of data protection” could not occur again due to enforcing policies already in place.

The ICO said it was “unlikely that the University has complied with the requirements of the Data Protection Act” because it “did not take sufficient steps to ensure the security of the personal data“.

The university confirmed within the apology letter, that it will carry out“refresher training for staff on the importance of using the blind carbon copy function when sending emails containing personal data”.

This is the second alleged data breach by a university in almost a week, after York University published lots of student data by mistake, which amounted ‘to one of the largest breaches of personal data in a higher educational institution’.