Remote education is rife with threats to student privacy

Posted in Legal issues, Teaching on November 7th, 2020 by steve

“An online ‘proctor’ who can survey a student’s home and manipulate the mouse on their computer as the student takes an exam. A remote-learning platform that takes face scans and voiceprints of students. Virtual classrooms where strangers can pop up out of the blue and see who’s in class …” (more)

[Nir Kshetri, The Conversation, 6 November]

Tags: , ,

Investigation: UCD Management Ignored Pleas For Prompt GDPR Reforms

Posted in Governance and administration, Legal issues on October 6th, 2020 by steve

Ireland“University College Dublin (UCD) experienced significant delays in acting on ‘far reaching’ data management recommendations from the Data Protection Commission (DPC). Following a data breach in November 2019, uncovered by The College Tribune, the university was instructed to review its physical storage practices and data retention periods which led to the promise of mandatory data protection training for all staff …” (more)

[Conor Capplis, College Tribune, 5 October]

Tags: , ,

2,000 Students’ UCD Connect Accounts ‘Compromised’

Posted in Governance and administration, Legal issues on September 25th, 2020 by steve

Ireland“The University IT Security system noticed ‘suspicious login[s]’ to 2,000 students’ ‘University email accounts’ on the 16th of September and responded to this data breach by changing the passwords of the ‘compromised’ accounts. The Data Protection Commission (DPC) confirmed that they had been notified of the breach and will assist in the assessment of the ongoing investigation …” (more)

[Mahnoor Choudhry, College Tribune, 25 September]

Tags: , ,

Universities are a juicy prize for cyber criminals. Here are 5 ways to improve their defences

Posted in Governance and administration on September 8th, 2020 by steve

International“Universities worldwide are a growing target for hackers. A July 2020 report by cybersecurity company Redscan found more than 50% of UK universities recorded a data breach in the previous 12 months …” (more)

[Ivano Bongiovanni and Karen Renaud, The Conversation, 8 September]

Tags: ,

UCD Accused of EU Data Protection Breach, Potential Liability of €20 million

Posted in Legal issues on August 20th, 2020 by steve

Ireland“UCD have been accused of breaching EU data protection laws. As reported by the Times on Thursday, UCD, alongside other huge organizations such as RTE, AIB and Airbnb are sending data to the US in a way that ‘contravenes an EU court order’. The allegation has been filed by prominent digital privacy activist Max Schrems …” (more)

[Ahmed Jouda, College Tribune, 20 August]

Tags: ,

Maynooth University graduates’ personal data may have been stolen in cybercriminal ransomware hack

Posted in Governance and administration, Legal issues on August 12th, 2020 by steve

Ireland“Personal data belonging to former Maynooth University students, including their dates of birth, addresses and educational information, may have been stolen during a cybercriminal hacking attack last May …” (more)

[Laura Coates, Leinster Leader, 11 August]

Tags: , ,

Maintaining trust in university data handling

Posted in Legal issues on June 16th, 2020 by steve

“How do organisations use our data? We’re living in a world of surveillance capitalism in which our activities are analysed in the interests of a corporation, and we hope to get some benefit back. More personalised content, for example, or more relevant information. Perhaps the occasional freebie. In education, the flow is significantly different …” (more)

[Andrew Cormack, Wonkhe, 15 June]


Belfield Papers: Case Closed?

Posted in Governance and administration, Legal issues on January 29th, 2020 by steve

Ireland“In November 2019, the College Tribune discovered highly sensitive UCD documents open to student access. Included in these files were payroll reports, employee bank account details, PPS numbers and details of TD donations to student political societies. After the UCD Data Protection Office (DPO) investigated into the matter, the Data Protection Commission (DPC) was informed by the university with a late breach notification …” (more)

[Conor Capplis, College Tribune, 28 January]

Tags: , ,

DPC Receives Late Breach Notification from UCD

Posted in Governance and administration, Legal issues on November 15th, 2019 by steve

Ireland“The Data Protection Commission (DPC) has received a formal Breach Notification from University College Dublin (UCD). This comes after the College Tribune discovered highly sensitive employee and student documents unattended and open to student access in a UCD Student Centre storage room …” (more)

[Conor Capplis, College Tribune, 15 November]

Tags: , ,

Belfield Papers: DPO Investigates Potential Data Breach

Posted in Governance and administration, Legal issues on November 13th, 2019 by steve

Ireland“The UCD Data Protection Office (DPO) is internally investigating into highly sensitive documents recently discovered to be open to student access. The DPO has said they are ‘following the standard university incident management procedure’, in response to the allegations. The College Tribune has contacted the Data Protection Commission (DPC) regarding the incident …” (more)

[Conor Capplis, College Tribune, 13 November]

Tags: , ,

Sensitive Documents Kept in UCD Student Centre Open to Student Access

Posted in Governance and administration, Legal issues on November 12th, 2019 by steve

Ireland“A storage room in University College Dublin’s (UCD) student centre, which houses files containing sensitive information on staff and students, has been found to be open to student access in a potentially major data protection breach, the College Tribune has reported …” (more)

[Sárán Fogarty, University Times, 11 November]

Tags: , ,

University at centre of potential data breach after USB stick ‘goes missing’

Posted in Governance and administration on November 19th, 2018 by steve

Ireland“A leading university has experienced a potential data breach after a USB stick containing ‘confidential’ details of up to 900 students went missing. NUI Galway, with a student population of over 18,000, confirmed in a statement on their website that the USB may have contained student names, their student numbers and exam results …” (more)

[Rachel Farrell, Independent, 19 November]

Tags: , ,

Potential NUI Galway data breach puts students’ information at risk

Posted in Governance and administration on November 15th, 2018 by steve

Ireland“The National University of Ireland, Galway (NUI Galway) have suffered a potential data breach which poses a risk to students’ names, student numbers, and exam results. In a statement issued on their website, NUI Galway announced that a USB stick was potentially used to store a confidential file containing a list of students, along with their student numbers and exam results. The USB stick has since been misplaced and its current location is unknown …” (more)

[Seán McElroy, Trinity News, 15 November]

Tags: , ,

Trinity Sport Accidentally Leaks Personal Information of 168 Sports Scholar Applicants

Posted in Governance and administration, Legal issues on November 3rd, 2018 by steve

Ireland“Trinity Sport accidentally leaked personal information and statements of 168 applicants for the College’s sports scholarships, in an email sent out to this year’s sports scholars. In the email, which was obtained by The University Times, students were asked to fill in a form attached to accept their scholarship …” (more)

[Eleanor O’Mahony, University Times, 2 November]

Tags: , , ,

Archibald writes to universities and further education colleges on cyber protections

Posted in Governance and administration on September 18th, 2018 by steve

“Speaking after reports that universities and further education colleges in the north suffered 16 serious cyber-attacks in 2017/18 Sinn Féin MLA Caoimhe Archibald said: ‘The findings by Jisc (the organisation which provides digital infrastructure and services to universities and colleges) that there has been an increase in the number of cyber-attacks on universities and further education colleges in the north in the past year is very concerning …'” (more)

[Sinn Féin, 18 September]

Tags: , , ,

Students Should Demand Better Protection for their Data

Posted in Legal issues on September 3rd, 2018 by steve

Ireland“When we think of data protection, things like Cambridge Analytica and the hacking of elections come to the fore, such is the prominence of security breaches involving tens of millions of internet users in our minds …” (more)

[University Times, 2 September]


‘Serious data protection flaw’ in Student Leap Card system

Posted in Governance and administration, Legal issues on August 31st, 2018 by steve

Ireland“There is a ‘serious flaw’ in the Student Leap Card system which allows college agents access to the personal details of a large number of students across the country, without their knowledge …” (more)

[Jack Power, Irish Times, 30 August]

Tags: , ,

University of Limerick seeks to install cameras to record all vehicles entering campus

Posted in Governance and administration, Legal issues on August 27th, 2018 by steve

Ireland“The University of Limerick plans to install a camera system that can record licence plates to monitor all vehicles that enter the campus each day. A tender request for the special camera system was closed last month but has yet to be awarded …” (more)

[Jess Casey, Limerick Leader, 26 August]

Tags: , , ,

HEA Faces ‘Risks’ Under New Data Protection Rules

Posted in Governance and administration, Legal issues on May 20th, 2018 by steve

“Concerns have been raised by the Higher Education Authority (HEA) about the risks it faces under tighter EU data protection regulations. At a meeting held in March, Chief Executive Graham Love noted that the HEA’s ability to collect data from higher education institutions, and to subsequently share this data with other agencies, was a ‘key risk’ ahead of incoming data protection guidelines …” (more)

[Ciannait Khan, University Times, 20 May]

Tags: , , ,

Failed exam candidate gets right to written paper in ECJ ruling

Posted in Legal issues on December 21st, 2017 by steve

Ireland“The European Court of Justice (ECJ) has ruled that a written exam paper amounts to personal data and can be accessed by its author. The judgment is the culmination of a legal process lasting more than eight years in which an accountancy student sought a copy of his exam script after failing the test on a number of occasions. In 2009, Peter Nowak, a student with Chartered Accountants Ireland (CAI), asked to view his exam scripts with a view to challenging the result …” (more)

[Mark Hilliard, Irish Times, 20 December]

Tags: , ,