What

Loss of personal data.

How much

Unknown.

Why

Training manuals posted on the data controller’s website contained actual, rather than fictitious or anonymised personal data.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that no documents containing personal data shall be placed on the data controller’s website and that staff will be made aware of IT security policies by no later than the 30^th of September 2012.

Reason for action

The breach was discovered in July 2011 but the manuals had been live on the website since February 2011. During the investigation it became clear that only around 20% of staff had made use of the training materials available to them.

When

01 March 2012.

Links

View PDF of the Durham University Undertaking (Via ICO Website)

View PDF of the Durham University Undertaking (Breach Watch Archive)

FCA/FSA (7)	£ 7,777,000
ICO DPA (55)	£ 5,573,500