The University of York breached the Data Protection Act by failing to close a test area on its website containing the personal details of thousands of students. This resulted in 148 records being inappropriately accessed, according to the Information Commissioner’s Office (ICO). The breach occurred in September 2009 when a member of staff failed to realise they had made an error while carrying out work on the university’s IT system. This error meant that students were able to access information about their classmates for over a year before the problem was identified. The University of York has signed an undertaking to improve its data security. This will include carrying out testing of IT systems containing personal information to ensure they are secure.
Further details are on the ICO website.
We provide free guidance on data protection.
Want to keep up-to-date with our latest news stories? Subscribe to the our newsletter and follow us on Twitter.