The University of Greenwich has been fined £120,000 ($160,000) by the Information Commissioner.
The fine was for a security breach in which the personal data of 19,500 students was placed online.
The data included names, addresses, dates of birth, phone numbers, signatures and – in some cases – physical and mental health problems.
It was uploaded onto a microsite for a training conference in 2004, which was then not secured or closed down.
In 2013 it was compromised and the information, which had been published alongside committee meeting minutes, was posted elsewhere.
In some cases it included individual students’ study progress, including reasons why they had fallen behind, and copies of emails between them and staff.
The Information Commissioner said Greenwich was the first university to receive a fine under the Data Protection Act of 1998 and described the breach as “serious”.
Source: BBC news
