1 minute read
Six Personal Data Breaches Reported by UCD
ELLA WADDINGTON
Advertisement
University College Dublin reported 6 personal data breaches to the Data Protection Commission. Two cases involved the misplacement of an unencrypted USB stick holding personal information, and another concerned a fraudulent third-party holding temporary remote access to a UCD computer during a scam call.
UCD GDPR defines a personal data breach as the accidental or unlawful destruction, loss, alteration or unauthorised access to personal data. Data breaches can take place unintentionally, such as sending an email to the wrong person, but can also be premeditated, such as purposely attempting to gain access to customer data.
The Data Protection Commission, a government body responsible for ensuring individual’s data protection rights, closed the six cases, but provided a list of recommendations for UCD to consider.
“UCD has considered the recommendations of the Data Protection Commissioner and opportunities for improving controls have been identified. Two have been approved for action, with further work to be done on a third before it is considered again. The implementation of the approved action is ongoing,” the Commission told the Irish Examiner.
This is not the first time the University has violated data protection guidelines. UCD was fined €70,000 by the Irish Data Protection Commission (DPC) for failure to implement appropriate security measures. The DPC stated that UCD failed to process personal data in a manner ensuring appropriate security, storing personal data in email accounts which allowed the identification of data subjects for an unnecessarily long period, and failure to notify the DPC of the data breaches without delay.
UCD also came under criticism in 2019 when highly sensitive documents were found by The College Tribune to be openly accessible to students as they were left in a storage room under construction on campus. Payroll reports, employee bank account details and PPS num- bers were among the information found in these files.
UCD itself has raised concerns about the effects of data breaches in the past, such as loss of control and damage to reputation. Such incidents raise questions around the procedures in the handling of personal data and the extent to how seriously the university follows the guidelines set out by the DPC.
