Six months ago in June of this year, the University of Greenwich found themselves in hot water when a student notified the BBC that a simple google search had revealed private and personal information accidentally uploaded by the University about numerous students.
Hundreds of post-graduate research students at the University were subject to this massive data leak, with a great deal of the information not only sensitive and private in nature, but also financially sensitive, leaving people open to the possibility of fraud.
The personal information leaked about the students included things such as:
- Full Names
- Addresses
- Dates of Birth
- Mobile phone numbers
- Signatures
- Notes about students
The leaked students notes contained university progress reports which included private matters like reasons they were apparently falling behind in their work. Some student’s medical and mental health issues, including disabilities, were in the leaked documents as well. On top of this, there was information about student’s grades, staff feedback, and private emails between staff and students also leaked.
Students were horrified and understandably upset that their personal information was plastered on the internet; easily accessible with just a click of a button. The personal information leaked could lead to huge problems, like helping hackers to impersonate students themselves in order to access even more private information, and commit acts of fraud.
For those with personal sensitive data leaked, there is understandable upset about this.
For most students, it is often difficult enough to address any mental health problems they may have, with sometimes only a small number of people prepared to seek confidential counsel. To have a person’s mental health condition exposed for the world to see, along with staff comments suggesting that it may be the reason they are struggling or falling behind in work, is truly gut wrenching.
The University’s obligations
The University has a duty under the Data Protection Act to safeguard personal information it has on students, and ensure it is always protected.
The Information Commissioner’s Office conducted an investigation which found that the University were in breach of the Data Protection Act, and would be liable to pay hundreds of thousands of pounds in fines.
The University has apologised for the incident, with the University Secretary Louise Nadal saying that she was ‘very sorry’ for what had happened. The uploaded personal information has since been removed, but there are worries that people have already seen the information, and may have even made copies.
So what can be done about it?
We at the Data Leak Lawyers are committed to providing confidential help to our clients in seeking justice for serious data leaks. You shouldn’t have to put up with your personal information being wrongfully broadcast for the entire world to access. We also understand that an apology is not enough for the distress you may have suffered.
We are already involved with bringing claims against the University for compensation, and we are confident we can help you receive the compensation due to you. If you would like our help, please get in touch.