UK: Uni in Data Protection Breach

Jo Barrows reports on an e-mail gaffe involving University of York:

The Department of Admissions have been left red-faced after circulating an email containing private details of a postgraduate application to every student on the applicant’s course.

The email included a forwarded message from the applicant who was appealing against her rejection from a Masters in Public Health, as well as her email address and full name. The email was prefaced by a note from a member of staff at the Admissions department who added, “This applicant was rejected – DRQ being the reason.” It was sent to every student on the postgraduate health sciences mailing list.

Read more on York Vision.  I’m not clear on what “DRQ” stands for so I don’t know if that reason for rejection makes the breach worse or not. I’ve asked the author of the article if she can define it or clarify what it means.

There’s an interesting statement by a university spokesperson that almost seems to imply that a Google Mail feature may have contributed to the breach:

“This was an unintentional data breach. It clearly should not have happened and we have reinforced with both the member of staff concerned and indeed all the staff in the Office the need for extreme vigilance when sending emails, including the need to pay particular attention to email addresses prompted by the Google Mail system.

About the author: Dissent