Canterbury University in New Zealand suffered a major security failure on its student website over the week end, with the possible result that student ID, medical conditions, emergency contact details and outstanding payments could have been accessed and changed by anyone with a university computer user code and password.
The University’s Director of IT said that there was no evidence of a hacker and that the problem may have been caused by heavy traffic during enrolments last week.
The incident raised the possibility of a breach of privacy legislation on the grounds of failure to ensure that reasonable security safeguards were in place to protect sensitive information.
The NZ Privacy Commissioner said that while it was convenient for people to access information about themselves, they needed to know that the system was secure.
Thanks to David Fraser's Canadian privacy blog for the lead.
This blog takes an interest in issues associated with Freedom of Information (FOI) and privacy legislation in Australia. Information contained on this site is general in nature and does not constitute legal advice. Follow Peter Timmins on Twitter: @foiguru Follow the open government cause through the Australian Open Government Partnership Network. www.opengovernment.org.au and @opengovau
No comments:
Post a Comment