The Data Protection Commissioner has been notified of a data breach which has occurred at Trinity College Dublin.
The university’s Law School confirmed that personal data of law students who are participating in the Erasmus programme was inadvertently uploaded to a shared folder which was accessible by all second year law students. While it was intended that a list of students currently participating in the exchange programme would be uploaded in order to facilitate conversation between those students and students who were considering spending an academic year on exchange, the inclusion of the personal data which was attached to the list was overlooked.
The personal data consisted of student numbers, exam results, commentary on academic performance and, in one instance, a student’s medical records. The information was accessible for 24 hours before being alerted to the Law School by one of the affected students and taken down. The Law School said that it contacted the students taking part in the Erasmus programme to inform them of breach and that it has notified the error to the Data Protection Commissioner in accordance with data protection procedures.