Loss of sensitive personal data.
About 2,300 records.
A computerised spreadsheet containing the personal data of some 1,755 was published when it was accidently sent as an attachment of an email by a member of the University staff and forwarded to some 469 students..
Undertaking issued to ensure that the data controller take all reasonable measures to ensure the physical security of personal data being processed. Policies on the transfer, sharing and publication of personal data must me made clear and all staff must receive adequate training in order to fulfil their obligations under such policies.
Reason for action
The data controller did not on this occasion ensure that adequate measures were taken to prevent the inappropriate internal transfer of the information.
15 April 2009