JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for DATA-PROTECTION Archives


DATA-PROTECTION Archives

DATA-PROTECTION Archives


data-protection@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

DATA-PROTECTION Home

DATA-PROTECTION Home

DATA-PROTECTION  May 2009

DATA-PROTECTION May 2009

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: ICO takes enforcement action against Manchester University for data breach

From:

Andrew Cormack <[log in to unmask]>

Reply-To:

Andrew Cormack <[log in to unmask]>

Date:

Fri, 1 May 2009 12:54:58 +0100

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (287 lines)

> -----Original Message-----
> From: Simon Howarth [mailto:[log in to unmask]]
> Sent: 30 April 2009 12:44
> To: Andrew Cormack; [log in to unmask]
> Subject: RE: [data-protection] ICO takes enforcement action against
> Manchester University for data breach
> 
> Ignorance is no defence.

I didn't mean to suggest it was. I was just noting that the assumption that both Ian ("This doesn't sound particularly accidental?") and I had made from reading the ICO's press release didn't seem to be correct from the text of the university's undertaking.

Cheers
Andrew
 
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Andrew Cormack
> Sent: 30 April 2009 12:24
> To: [log in to unmask]
> Subject: Re: [data-protection] ICO takes enforcement action against
> Manchester University for data breach
> 
> Manchester's undertaking (on the ICO website) suggests it was misguided
> rather than malicious:
> 
> (from
> http://www.ico.gov.uk/upload/documents/library/data_protection/notices/
> mache
> ster_uni_undertaking.pdf)
> "
> 2. The Information Commissioner (the "Commissioner") was provided with
> a
> report from [name removed] acting on behalf of the data controller,
> regarding the accidental publication of a computerised spreadsheet
> which
> contained the personal data of some 1,755 students. This data included
> information relating to certain students 'disabilities' ("sensitive
> personal
> data" as defined by the Act). The information was published when a
> member of
> the University staff accidentally sent it as an attachment to an email,
> forwarded to some 469 students.
> 
> 3. The information accidentally published was forwarded to the staff
> member
> by a colleague, when they had requested a list of the email addresses
> of
> certain students. An extract of the full student record was provided,
> despite the fact that the staff member had no business need to acquire
> the
> full information, which included "sensitive personal information". This
> was
> due to a fault in the relevant procedure, which has since been
> addressed.
> "
> 
> Andrew
> 
> --
> Andrew Cormack, Chief Regulatory Adviser
> JANET(UK), Lumen House, Library Avenue, Harwell Science and Innovation
> Campus, Didcot, OX11 0SG, UK
> Phone: +44 (0) 1235 822302
> Fax: +44 (0) 1235 822399
> 
> JANET, the UK's education and research network
> 
> JANET(UK) is a trading name of The JNT Association, a company limited
> by guarantee which is registered in England under No. 2881024
> and whose Registered Office is at Lumen House, Library Avenue,
> Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
> 
> 
> > -----Original Message-----
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of Griffiths, Ian
> > Sent: 29 April 2009 16:46
> > To: [log in to unmask]
> > Subject: Re: ICO takes enforcement action against Manchester
> University
> > for data breach
> >
> > Thanks Chris.
> >
> > I wonder about the motive for such a thing?  This doesn't sound
> > particularly accidental?
> >
> > Ian
> >
> >
> >
> > From: This list is for those interested in Data Protection issues
> > [mailto:[log in to unmask]] On Behalf Of chris pounder
> > Sent: 29 April 2009 14:33
> > To: [log in to unmask]
> > Subject: [data-protection] ICO takes enforcement action against
> > Manchester University for data breach
> >
> > I know there are a lot of academics on the list.
> >
> > C
> >
> > From: ICO Press Office [mailto:[log in to unmask]]
> > Sent: 29 April 2009 13:59
> > Cc: ICO Press Office
> > Subject: ICO takes enforcement action against Manchester University
> for
> > data breach
> >
> >
> >
> >
> >
> > Press Release
> >
> > 29 April 2009
> >
> >
> > ICO takes enforcement action against Manchester University for data
> > breach
> >
> > The Information Commissioner's Office (ICO) has taken regulatory
> action
> > against the University of Manchester following a breach of the Data
> > Protection Act.
> >
> > The personal records of over 1,700 students, including information on
> > some students' disabilities, were published when a member of the
> > university staff had unauthorised access to the information. The
> staff
> > member emailed the information as an attachment to 469 other
> students.
> >
> > The University of Manchester has signed a formal undertaking
> outlining
> > that it will process personal information in line with the Data
> > Protection Act. The university will ensure all its staff have
> adequate
> > training to prevent the inappropriate transfer of information and
> take
> > all reasonable measures to safeguard personal data from accidental
> loss
> > or destruction.
> >
> > Mick Gorrill, Assistant Information Commissioner at the ICO, said:
> "The
> > Data Protection Act clearly states that organisations, including
> > universities, must take appropriate measures to ensure that personal
> > information is kept secure. This case reinforces the importance that
> > only those authorised should have access to sensitive personal
> > information such as a student's disabilities and other health
> details.
> > Despite the absence of a justifiable reason, the staff member was
> able
> > to access the information and send it to students and peers which
> could
> > cause significant distress to individuals concerned.
> >
> > "Under the Data Protection Act, organisations must ensure that their
> > policies on the transfer, sharing and publication of personal
> > information are adequate and that staff members are aware and
> > understand those policies. Manchester University recognises the
> > seriousness of this case and has agreed to take immediate remedial
> > action."
> >
> > Failure to meet the terms of the undertaking is likely to lead to
> > enforcement action by the ICO.  A copy of the undertaking can be
> > downloaded from
> > http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx
> >
> > ENDS
> >
> > If you need more information, please contact the ICO press office on
> > 020 7025 7580 or visit the website at: www.ico.gov.uk
> > ________________________________________
> > All archives of messages are stored permanently and are available to
> > the world wide web community at large at
> > http://www.jiscmail.ac.uk/lists/data-protection.html
> > Selected commands (the command has been filled in below in the body
> of
> > the email if you are receiving emails in HTML format):
> > * Leaving this list: send leave data-protection to
> > [log in to unmask]
> > * Suspending emails from all JISCMail lists: send SET * NOMAIL to
> > [log in to unmask]
> > * To receive emails from this list in text format: send SET data-
> > protection NOHTML to [log in to unmask]
> > * To receive emails from this list in HTML format: send SET data-
> > protection HTML to [log in to unmask]
> > All user commands can be found at
> > http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the
> body
> > of an otherwise blank email to [log in to unmask]
> > Any queries about sending or receiving messages please send to the
> list
> > owner [log in to unmask]
> > (Please send all commands to [log in to unmask] not the list or
> > the moderators, and all requests for technical help to
> > [log in to unmask], the general office helpline)
> > ________________________________________
> > ---------------------------------------------------------------------
> --
> > ---------------------
> > Please consider the environment before printing this email
> > ---------------------------------------------------------------------
> --
> > ---------------------
> > This email and any attachments are confidential and intended solely
> for
> > the use of the individual to whom it is addressed.  Any views or
> > opinions presented are solely those of the author and do not
> > necessarily represent those of Liverpool Community College or
> > associated companies.  You must not, directly or indirectly, use,
> > disclose, distribute, print, or copy any part of this message if you
> > are not the intended recipient.
> >
> > The message content of in-coming emails is automatically scanned to
> > identify Spam and viruses otherwise Liverpool Community College does
> > not actively monitor content.  However, sometimes it will be
> necessary
> > for Liverpool Community College to access business communications
> > during staff absence.
> >
> > Liverpool Community College has taken steps to ensure that this email
> > and any attachments are virus free.  However, it is the
> responsibility
> > of the recipient to ensure that it is virus free and no
> responsibility
> > is accepted by Liverpool Community College for any loss or damage
> > arising in any way from its use.
> > ---------------------------------------------------------------------
> --
> > ---------------------
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >      All archives of messages are stored permanently and are
> >       available to the world wide web community at large at
> >       http://www.jiscmail.ac.uk/lists/data-protection.html
> >      If you wish to leave this list please send the command
> >        leave data-protection to [log in to unmask]
> > All user commands can be found at
> > http://www.jiscmail.ac.uk/help/commandref.htm
> >  Any queries about sending or receiving messages please send to the
> > list owner
> >               [log in to unmask]
> >   Full help Desk - please email [log in to unmask] describing
> your
> > needs
> >         To receive these emails in HTML format send the command:
> >          SET data-protection HTML to [log in to unmask]
> >    (all commands go to [log in to unmask] not the list please)
> >     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>      All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>      If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
>  Any queries about sending or receiving messages please send to the
> list
> owner
>               [log in to unmask]
>   Full help Desk - please email [log in to unmask] describing your
> needs
>         To receive these emails in HTML format send the command:
>          SET data-protection HTML to [log in to unmask]
>    (all commands go to [log in to unmask] not the list please)
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
2006
2005
2004
2003
2002
2001
2000
1999
1998


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager