Only a few months ago, the University of East Anglia faced huge criticism when it accidentally sent out private and confidential information about students’ extenuating circumstances to hundreds of American Studies students.
Vowing to do better, the University gave the impression it would improve data protection procedures to ensure a similar incident wouldn’t happen again.
Sadly, it appears they have failed to uphold this, given there are now reports that sensitive information about a staff member was sent to 300 students in a second data leak. How can this have happened?
Second data leak
The University may be swept with déjà vu as students, teachers and the general public slammed the learning institute for the first preventable data breach. In June, the University apologised “unreservedly” and opened an urgent inquiry over the first incident. This time, the University gave the exact same “unreserved” apology and announced that another urgent investigation will be opened.
In allowing a similar data breach to have happened, we can only be left wondering how on earth this has occurred again?
What happened?
An erroneous message was sent to 300 postgraduate research students in the department of social sciences. The email contained personal information about a member of staff.
The University has not confirmed what kind of sensitive information belonging to the staff member was compromised, and a spokeswoman for the University said “steps were taken to immediately recall the message, and the university contacted the member of staff to apologise and offer support.”
Unfortunately, the nature of data leaks means that, once it has occurred, it often can’t ever be fully retracted.
The spokeswoman also referred to the investigations that will look into how the incident happened, and asserted that the University, “will make any changes necessary to the new data protection systems and training currently being rolled out to prevent incidents like this from happening in the future.”
Regulators aware and students demanding answers
The Information Commissioner’s Office (ICO), which didn’t take any action last time, said it was aware of the recent incident and will be “looking into the details”. The data protection watchdog may not let the University off so easily for the repeated offence…
The University’s Student’s Union are demanding answers and “action at the highest levels”. With the last data breach fresh in their minds, the Union seem less than convinced by the University’s statements.
Campaign officer for the Union, Jack Robinson, said:
“Given the earlier revelations about data breaches of this nature last [academic] year, this latest incident is breath-taking and we’d be forgiven for not trusting what are starting to look like hollow reassurances… Students are rightly questioning whether their personal data is safe in UEA’s hands and we’ll be demanding action at the highest levels in coming days.”
The University of East Anglia’s repeated blunders are perhaps an example of an organisation not taking data protection seriously.
Personal data must be protected and used in a safe and secure manner as breaches can have great adverse impacts on victims. The potentially irreversible damage needs to be recognised by organisations and preventive steps need to be put in place so accidental incidents like this can’t happen in the first place.