Uni staffer's health info blabbed in email list snafu

The University of East Anglia has been involved in a personal data breach for the second time in five months.

Around 300 postgraduate students in the received an email on Sunday 5 November which contained "personal information about the health of a member of staff", due to the accidental use of an email distribution list.

UEA's IT department responded by remotely extracting the email from the accounts to which it had been sent. The Social Sciences Faculty then contacted the students explaining what had happened; requesting that those who had been sent the mistaken email respect the privacy of the individual involved, and deleted any additional copies that may have been created by auto-forwarding.

In a statement given to the Norwich Evening News, UEA said: “This was unintentional and clearly should not have happened, and the university apologises unreservedly.

“An urgent investigation into how this happened is under way. The university contacted the member of staff to apologise and will be providing support.

“The University will continue with the roll out of our newly created action plan to prevent incidents like this in the future.”

The previous data breach took place in June this year, when details of 191 students' extenuating circumstances were sent to 298 American Studies undergraduates.

The ICO investigated after UEA referred itself to it, but the university was ruled to have not met the requirements for the commissioner to take action.

We've contacted the university and the ICO for comment.

Notification of personal data breaches will become mandatory when the General Data Protection Regulation comes into force from 25 May 2018. ®