The University of Greenwich could be hit with multi-million-pound fines after posting the extremely personal details of hundreds of its students online. Names, addresses, dates of birth, mobile phone numbers and signatures were all available through the university's website, and could be found through a Google search.
Not only that, but medical problems were also listed, as well as supervisors' comments about individual students' progress and copies of emails between university staff and individual students. In one case, a student’s brother was revealed to be fighting in a Middle Eastern army.
This represents a breach of the Data Protection Act, and the Information Commissioner's Office has kicked off an investigation into the matter. The University of Greenwich only took the data down after a student highlighted the issue to the BBC, and hasn’t revealed whether or not its staff knew about the issue before it was reported. Here’s how university secretary Louise Nadal reacted:
I am very sorry that personal information about a number of postgraduate research students has been accessible on the university website. This was a serious error, in breach of our own policies and procedures. The material has now been removed. This was an unprecedented data breach for the university and we took action as quickly as possible, once the issue came to light. We are now acting urgently to identify those affected. I will be contacting each person individually to apologise and to offer the support of the university. At the same time, I am also conducting an investigation into what went wrong. This will form part of a robust review, to make sure that this cannot happen again. The findings and recommendations of the review will be published. We are co-operating fully with the Information Commissioner and we will take all steps necessary to ensure that we have the best systems in place for the future.
All of the offending info has apparently now been knocked offline. Now for the apologies. [BBC]