The Information Commissioner’s Office has slapped a £120,000 fine on Greenwich University in South London for failing to protect the personal information of nearly 20,000 students. As well as names, addresses, birth dates, signatures and phone numbers, distressingly the data also included physical and mental health issues.
As part of a training conference in 2004, the information was placed on a university microsite; but somehow the information was never made secure or deleted –a fact that only came to light in 2016.
Greenwich has taken the unprecedented fine on the chin, accepting that its systems have previously not been up to scratch. It has also issued an apology and given its procedures a thorough overhaul. Despite this, a number of postgrad students had their sensitive personal information splashed out on the university website in a separate incident in 2016.