INSUBCONTINENT EXCLUSIVE:
Image copyrightUniversity of GreenwichThe University of Greenwich has been fined £120,000 ($160,000) by the Information Commissioner.The
fine was for a security breach in which the personal data of 19,500 students was placed online.The data included names, addresses, dates of
birth, phone numbers, signatures and - in some cases - physical and mental health problems.It was uploaded onto a microsite for a training
conference in 2004, which was then not secured or closed down.In 2013 it was compromised and the information, which had been published
alongside committee meeting minutes, was posted elsewhere.In some cases it included individual students' study progress, including reasons
why they had fallen behind, and copies of emails between them and staff
In one example, it was disclosed that a student had a brother who was fighting in a Middle Eastern army and references were made to an
asylum application.The breach was discovered by one of the students, who brought the matter to the attention of the TheIndianSubcontinent
and the Information Commissioner Office (ICO)..The Information Commissioner said Greenwich was the first university to receive a fine under
the Data Protection Act of 1998 and described the breach as "serious"."Whilst the microsite was developed in one of the University's
departments without its knowledge, as a data controller it is responsible for the security of data throughout the institution," said Steve
Eckersley, head of enforcement at the ICO."Students and members of staff had a right to expect that their personal information would be held
securely and this serious breach would have caused significant distress
"The nature of the data and the number of people affected have informed our decision to impose this level of fine."Image copyrightGetty
ImagesImage caption
The university said it had reviewed its policies.
In a statement, the university
said it would not appeal against the decision.It said it had carried out "an unprecedented overhaul" of its data protection and security
systems since the discovery of the breach in 2016, and it had invested in both technology and staff.It also said the fine would be reduced
to £96,000 with a prompt payment discount."We acknowledge the ICO's findings and apologise again to all those who may have been affected,"
said University Secretary Peter Garrod."No organisation can say it will be immune to unauthorised access in the future, but we can say with
confidence to our students, staff, alumni and other stakeholders, that our systems are far more robust than they were two years ago as a
result of the changes we have made
"We take these matters extremely seriously and keep our procedures under constant review to ensure they reflect best practice."
