University of York reprimanded for unsecured network
By Chris Taylor
21/07/2011
The exposure of an unsecured test area on the University of York website has landed it in hot water with the Information Commissioner's Office (ICO).
The higher eduction institution was blasted for not protecting the personal details of thousands of students through services such as a network management system.
As such, 148 records containing student names, addresses, dates of birth, mobile telephone numbers and A-level results were exposed. Computing.co.uk reports that the Data Protection Act breach was the fault of an IT employee who worked on the IT system in September 2009.
Students had been able to access each other's records for up to a year, it added. According to an ICO.gov.uk statement, the university failed to test its IT system vigorously enough.
Director of operations at the ICO, Simon Entwisle, said: "We recognise that people can make mistakes when handling data - that's why it is so vital that adequate checks and security measures are put in place.
"This breach could have been avoided if the university had properly assessed the risks that this work posed to the security of their students' details," he added.
Entwisle also said that the failure to test the security of the IT system once the work was complete lead to an "unnecessary delay" in the error being corrected.
The ICO has had assurances from the vice chancellor of the university that lessons have been learned and improvements will be made. This includes the regular testing of network security.
