Skip to content

Durham University made to sign a DPA Undertaking

News release: 1 March 2012

Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website, the Information Commissioner’s Office (ICO) said today.

The personal data was contained in screenshots used to demonstrate the use of particular University systems and included details such as names, addresses and dates of birth of up to 177 former students and staff. The information – which had not been anonymised – was made available on the University’s website in February 2011. The University discovered the error in July 2011 and removed the material before reporting the matter to the ICO.

The University has now committed to ensuring that all staff receive appropriate training on how to follow the organisation’s data protection guidance. It will also make sure that documents containing personal data will not be published on the University’s website.

Steve Eckersley, Head of Enforcement said:

“All documents should be checked for personal information before being made available on a website. This case also highlights the importance of organisations having comprehensive data protection training in place for all staff.”

Posted in Data Protection Act.

Tagged with .