Students got £140,000 from UEA for private data leak
PUBLISHED: 12:04 30 January 2020 | UPDATED: 12:04 30 January 2020
Archant Norfolk 2016
A data breach which saw confidential information about dozens of students sent to their peers cost the UEA more than £140,000.
The leak in June 2017 saw an email containing confidential details about students' extenuating circumstances sent to hundreds of their peers.
The circumstances, detailed in a spreadsheet, included suicidal thoughts, sexual assault, and serious family illnesses and bereavements.
Now, a Freedom of Information request has revealed the university's insurers paid out a total of £142,512.16 in compensation to those affected.
In comparison, the universities of Bristol, Durham, Exeter, Warwick and York have all paid out £0 over the same time period.
Ian Callaghan, the chief resource officer and university secretary at UEA, said: "We immediately informed the Information Commissioner as soon as we were aware of the breach and put support in place for all affected students.
"Since this incident we've reassessed a number of information security measures, including holding a full review of all data on UEA hard and shared drives, introducing mandatory data protection training and refresher training for all staff (whether permanent or temporary) and reviewing access to group email accounts and redacting this access in cases where it was deemed unnecessary.
You may also want to watch:
"We take data protection very seriously and, with help from the new General Data Protection Regulations (GDPR), we have made great strides as a workforce in raising the awareness of the importance of good data management."
However, since then there have been two further incidents of personal data being unintentionally sent to students.
In November 2017, around 300 postgraduate research students were sent confidential information about a member of staff's health, due to the accidental use of an email distribution list.
The email was removed from the students' inboxes by IT staff, and recipients were instructed not to speak about its contents.
Late last year, a UEA lecturer unintentionally sent sensitive and personal information about a student's failed masters dissertation to hundreds of their peers.
It is not known whether the student will seek compensation following this incident.