The University of Greenwich has faced a challenging week following a significant data protection breach. While the incident is a setback for the institution, it is a timely reminder for the rest of the industry that data protection is more than a set of standards and processes that once codified can be stored away. The likelihood is that every institution will be faced with a data breach of its own, big or small, at some point. It is in how and the speed with which the institution deals with the incident that increasingly defines the success of data protection processes.
An incident response plan is the best tactic
The University of Greenwich’s accidental publication of students’ personal data highlights the fact that ensuring security and privacy is more than just having the right technology and processes in place. Incidents such as these underscore not only the risks of human error, but also the repercussions for institutions that fail to check content before publishing.
Students’ personal data was published alongside public data on the running of the university. The breach was spotted by students which led the university to take action. It apologized, took the documents offline, and is working with Google to delete cached versions. Additionally, it is contacting all the students affected by the data breach and is conducting an investigation as part of a “robust review” of the incident. The university has pledged to publish the findings and recommendations.
The higher education industry is tight-knit as well as highly competitive, which means reputation is key. Ovum believes that, when issues such as these occur, it is important that institutions respond to their constituents immediately, keep them apprised of the remedial action being undertaken, and offer advice on how to deal with the anticipated consequences, in order to uphold their reputation. Data breaches are unsatisfactory events. However, having a contingency plan helps institutions to manage mistakes better and limit any reputational damage, as well as damage to those whose data has been released.
“Hobsons acquisition of PAR will boost its capacity to support student retention and outcomes,” IT0008-000263 (February 2016)
Enterprise Case Study: Moving to a Higher Level of Operational Performance, IT0008-000261 (January 2016)
“Security breaches will push enterprise cloud adoption,” IT0020-000165 (November 2015)
Navneet Johal, Research Analyst, Education Technology