An investigation has been launched following a data breach at Coventry University in November 2017. The breach occurred after an email attachment containing confidential student information was sent to almost 2,000 students.
The university has apologised and insists that no financial or address information was leaked. The Information Commissioner’s Office (ICO) is aware of the incident and is making enquiries. Those students affected have also been informed.
A spokesman for Coventry University said:
The information was shared in error as an attachment to an internal careers email from the university to 1,930 students. The document contained university email addresses, course codes and phone numbers – no passwords, financial or residential details were disclosed.
Immediate steps were taken to contain the data when we were made aware of the incident, but before contacting anyone it was necessary to establish how the incident happened and who was affected, as well as make sure that the details of the accidental breach were clear and that our communications to students were accurate and sent to the correct recipients.
It is not thought that there has been any information misuse. The breach was likely caused by human error and is a reminder that an organisation’s employees can pose a significant threat to data security. It reiterates the importance of staff awareness training to ensure that all employees who have access to sensitive data have the correct knowledge and a good understanding of information security and best practice.
It is only a few months before the General Data Protection Regulation (GDPR) is enforced. One key requirement is that organisations must adopt “appropriate technical and organisational measures” to protect personal data. Another is staff awareness, so training all staff members to ensure they understand the changes brought by the Regulation is essential.
Staff awareness training
Rolling out a comprehensive staff awareness programme will give employees a clear understanding of their GDPR compliance requirements, your organisation’s security policies and procedures, and information security best practice to reduce preventable mistakes. Training needs to be ongoing and continually reinforced across the organisation to reiterate the importance of compliance and security.
Our GDPR Staff Awareness E-learning Course is a quick, affordable and effective means of delivering training to multiple learners and is suitable for all employees whose job involves processing and storing personal data. Alternatively, consider our Information Security Staff Awareness E-Learning Course, which advises on how to avoid becoming a security liability, introduces employees to internal policies on incident reporting and responses, and provides basic knowledge of information security best practices.