The University of Greenwich has apologised after hundreds of student’s personal details were shared online, in an apparent breach of data privacy laws.
The BBC reported the matter after a student at the Greenwich-based establishment got in touch to say they had found information about people at the university could be found via a Google search.
The student also flagged it up to the UK’s data watchdog The Information Commissioner’s Office (ICO), which has confirmed that an investigation is under way.
Legal expert Ruth Boardman from law firm Bird & Bird, told the BBC : “It does look as though there has been a significant breach of the Data Protection Act’s obligations to process personal data securely, fairly and lawfully.
“(The university) may face enforcement action by the ICO and claims by affected individuals.
“Under new rules due to be adopted in Brussels later in March, it would face a penalty of up to 10million euros (£7.8million).”
Students’ names, addresses, mobile phone numbers and signatures were all uploaded to the university’s website alongside minutes from the university’s Faculty Research Degrees Committee, which oversees the registrations and progress of its research students.
In a few cases information about student’s mental health and medical problems were also published.
Louise Nadal, the university’s secretary, said: “I am very sorry that personal information about a number of postgraduate research students has been accessible on the university website.
“This was a serious error, in breach of our own policies and procedures. The material has now been removed.
“This was an unprecedented data breach for the university and we took action as quickly as possible, once the issue came to light.
“We are now acting urgently to identify those affected. I will be contacting each person individually to apologise and to offer the support of the university.”
She also said the university is conducting an investigation into what happened and will co-operate with the ICO.