skip to main content
Close Icon

In order to deliver a personalized, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. By continuing to use this site and access its features, you are consenting to our use of cookies. To find out more about the way Informa uses cookies please go to our Cookie Policy page.

Global Search Configuration

Ovum view

Summary

The University of Greenwich has faced a challenging week following a significant data protection breach. While the incident is a setback for the institution, it is a timely reminder for the rest of the industry that data protection is more than a set of standards and processes that once codified can be stored away. The likelihood is that every institution will be faced with a data breach of its own, big or small, at some point. It is in how and the speed with which the institution deals with the incident that increasingly defines the success of data protection processes.

An incident response plan is the best tactic

The University of Greenwich’s accidental publication of students’ personal data highlights the fact that ensuring security and privacy is more than just having the right technology and processes in place. Incidents such as these underscore not only the risks of human error, but also the repercussions for institutions that fail to check content before publishing.

Students’ personal data was published alongside public data on the running of the university. The breach was spotted by students which led the university to take action. It apologized, took the documents offline, and is working with Google to delete cached versions. Additionally, it is contacting all the students affected by the data breach and is conducting an investigation as part of a “robust review” of the incident. The university has pledged to publish the findings and recommendations.

The higher education industry is tight-knit as well as highly competitive, which means reputation is key. Ovum believes that, when issues such as these occur, it is important that institutions respond to their constituents immediately, keep them apprised of the remedial action being undertaken, and offer advice on how to deal with the anticipated consequences, in order to uphold their reputation. Data breaches are unsatisfactory events. However, having a contingency plan helps institutions to manage mistakes better and limit any reputational damage, as well as damage to those whose data has been released.

Appendix

Further reading

“Hobsons acquisition of PAR will boost its capacity to support student retention and outcomes,” IT0008-000263 (February 2016)

Enterprise Case Study: Moving to a Higher Level of Operational Performance, IT0008-000261 (January 2016)

“Security breaches will push enterprise cloud adoption,” IT0020-000165 (November 2015)

Author

Navneet Johal, Research Analyst, Education Technology

navneet.johal@ovum.com

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - +44 (0) 207 017 7760 or email us at pr@ovum.com

Contact marketing - marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now