In the latest IT security news from Professional Security we look at Greenwich University, which has landed a £120,000 fine for the breach of 19,500 students’ data back in 2004. Personal data including full names, addresses and even physical and mental health information were added to a microsite for a training conference and never secured or taken down.
The recent fine has been enforced by the ICO, who are “the UK’s independent authority set up to uphold information rights in the public interest”. They have described the breach as “serious” while the University has remarked that they “take these matters extremely seriously”. Greenwich University has maintained that they were unaware that a department had set up this insecure website in 2004, however, the responsibility is ultimately with them.
This is the second breach of data that Greenwich University has experienced in recent years. In 2016 personal details were also exploited, however the ICO did not enforce any action at this time.
While the ICO is reducing the fine to £96,000 if it is paid promptly it is an important lesson in the lead up to the enforcement of GDPR on the 25th May. This fine, which is the first of its kind under the Data Protection Act of 1998, has firstly shown how important it is to ensure your security measures are completely up to date. Secondly it has show that it is crucial to search for and cleanse data from every possible source as you could be breaking the law without even realising it.
Find a local IT support provider to help you with any enquiries you may have regarding IT security and GDPR, and keep up to date with the latest security news here at Professional Security Magazine.
