The Information Commissioner's Office has imposed a penalty on the University of Greenwich and has issued its findings on a breach of personal data which was discovered in 2016 and involved unauthorised access to some data on the university's systems at the time. The university does not intend to appeal the penalty. After the ICO's prompt payment discount the cost to the university will be £96k.
We take this extremely seriously, and would like to apologise again to those who may have been affected.
Since 2016, we have taken a number of significant steps to enhance our data protection procedures. These include:
* making major investments in new security architecture, tools and technologies;
* hiring new dedicated internal experts whose sole focus is information security;
* conducting vulnerability testing across the entire organisation every day – the only university, so far as we know, to do so;
* making information security training mandatory for all staff;
* reforming the system of internal IT governance;
* developing a rapid incident response to tackle threats as they arise and quickly learn lessons from incidents.
Taken together, these important steps amount to an unprecedented overhaul of our data protection and security systems, and our stakeholders can have confidence in the enhanced measures we now have in place.
If you have any questions about data protection at the University of Greenwich, please contact us on universitysecretary@gre.ac.uk.
If you are a journalist and have any questions, please contact our press team on public.relations@gre.ac.uk
