Jack Leahy | News Editor
The Data Protection Commissioner has been informed of a personal data breach in the Trinity College Dublin School of Law. Personal information from Erasmus applications made in 2013/14 was mistakenly uploaded to a Blackboard folder visible to all senior freshman law students.
Staff had intended to make available a document containing a list of students currently on Erasmus or exchange so as to facilitate dialogue with prospective applicants for study abroad programmes. However, the file uploaded contained personal information from previous applicants, including their exam results, corresponding student numbers, and in one instance medical notes.
The file also contained brief commentary on academic performance and capabilities, and a range of other details that students had provided in their application forms.
Students of the School of Law participate in study abroad programmes in higher proportions than in any other School in the College. Students of Law with German or French are required to spend their third year in the relevant countries, while the School has extensive links with European and American institutions.
The file remained accessible for a period of 24 hours before an affected student brought the matter to the attention of the School. In accordance with procedure for reporting significant breaches of data protection law, the Head of the School, Professor Oran Doyle, reported the breach to the College solicitor, who in turn brought the matter to the attention of the Data Protection Commissioner.
Speaking to The University Times, Professor Doyle confirmed that he had been notified of the breach at 5.15pm on Tuesday 18th November, by which point the file had been accessible for nearly 24 hours. He described the matter as an “accident”, and explained that “information was contained in additional sheets in the workbook that should have been deleted before the document was uploaded.”
He said that he “individually emailed each student affected to let them know what [had] occurred”, adding that he “also emailed those students on exchange this year in respect of whom there was no release of information.”
Doyle said that the School’s record of participation in study abroad programmes is “facilitated by the generosity of students on exchange talking to students in second year about how they find their exchange placement.”
It is not anticipated that the College will be fined by the Commissioner as a result of the breach.
Photo by Andrew Murphy for The University Times
