The University recently had to report to the Information Commissioner's Office, the body responsible for enforcing areas like the Data Protection Act, that a member of staff had a laptop stolen which had been left in a car. This laptop contained on its hard drive a significant quantity of applicant data, dating from 2006. The likelihood is that this was an opportunist theft of the laptop, however this is clearly a serious breach of data protection.
You may have seen this issue reported in the press, as we are now in the process of contacting the people on the database to inform them of the breach. If you have not received an email from data_control@staffs.ac.uk then you are not affected and your personal data has not been compromised.
Please find the official statement below. If you have received the email and would like to discuss any concerns, please contact our Enquiries Team: enquiries@staffs.ac.uk. We are looking to answer as many queries as possible and will keep you updated with any new information.
University Statement:
Staffordshire University has reported that a personal data security breach has occurred.
A laptop containing applicant information was stolen from a car belonging to a member of our staff. Due to the size of the data file, the information was held locally on the hard drive of the laptop. The theft of the laptop was reported to the police.
The specific information contained in the file included name, address, email address, telephone numbers, offer decisions, ethnicity code and gender of applicants dating from 2006.
The University has notified all those who were included in the data file to inform them of the breach and apologised unreservedly for any concern. It has stressed that this was an exceptional incident and the laptop was password protected.
However, we have reported this to the Information Commissioner’s Office.
We are also undertaking the following actions:
• The Data Controller for the University has opened up a log of the breach to record any issues arising as a result of the breach
• We have reiterated to all staff their obligation to protect personal data
• A technical review of security, further training and a planned internal audit will be undertaken
If you have any concerns about issues raised by this breach, please email data_control@staffs.ac.uk