Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

College putting our details in plain view

  • 17-11-2014 10:45pm
    #1
    rawn
    Registered Users Posts: 3,093 ✭✭✭


    Hi guys. I started college in September. I just found out today from a classmate that our full names, college email address, D.O.B, home address and phone number are compiled into a class list, and this list was circulated to the whole class at the start of the year. Is this even legal? That to me would be very sensitive information, especially as our email address password when we were first issued them was our D.O.B!


Comments

  • #2
    dalta5billion
    Registered Users Posts: 1,034 ✭✭✭dalta5billion


    rawn wrote: »
    Hi guys. I started college in September. I just found out today from a classmate that our full names, college email address, D.O.B, home address and phone number are compiled into a class list, and this list was circulated to the whole class at the start of the year. Is this even legal? That to me would be very sensitive information, especially as our email address password when we were first issued them was our D.O.B!

    Wow, there are so many things they are doing wrong there. Get on to the office of the Data Protection Commissioner. If they drag their feet, try to kick up as much of a fuss around campus as possible (this appears to be the only way to get things done in this country).


  • #3
    AnCatDubh
    Registered Users Posts: 6,392 ✭✭✭AnCatDubh


    Best to talk to the Office of the Data Protection Commissioner for their guidance.
    rawn wrote: »
    I just found out today from a classmate that our full names, college email address, D.O.B, home address and phone number are compiled into a class list, and this list was circulated to the whole class at the start of the year.

    Just curious, but how did you only find out today that your personal data has been (it would appear) willfully compromised, as in did you not get the same email as your classmate?

    Anyhow, that aside - my opinion (and only an opinion);
    Is this even legal? That to me would be very sensitive information, especially as our email address password when we were first issued them was our D.O.B!

    Is it legal? Highly unlikely to be legal unless you gave your consent to it happening (check all the small print of what you may have opt'd into knowingly or unknowingly), or if the distribution of the names was otherwise provided for - for example, in law which I'd doubt, or if there was a serious and imminent health and safety issue, or a range of other exemptions provided under data protection legislation -- all of which i'd doubt.

    From what you indicate, the college may have breached your data protection rights, and if it is brought to their attention they should engage with the office of the data protection commissioner (under the code of practice s6).

    You may also engage with the data protection commissioners office and make a complaint, and they will investigate further.


  • #4
    rawn
    Registered Users Posts: 3,093 ✭✭✭rawn


    AnCatDubh wrote: »
    Best to talk to the Office of the Data Protection Commissioner for their guidance.



    Just curious, but how did you only find out today that your personal data has been (it would appear) willfully compromised, as in did you not get the same email as your classmate?

    Anyhow, that aside - my opinion (and only an opinion);



    Is it legal? Highly unlikely to be legal unless you gave your consent to it happening (check all the small print of what you may have opt'd into knowingly or unknowingly), or if the distribution of the names was otherwise provided for - for example, in law which I'd doubt, or if there was a serious and imminent health and safety issue, or a range of other exemptions provided under data protection legislation -- all of which i'd doubt.

    From what you indicate, the college may have breached your data protection rights, and if it is brought to their attention they should engage with the office of the data protection commissioner (under the code of practice s6).

    You may also engage with the data protection commissioners office and make a complaint, and they will investigate further.

    Thanks for the info. Do I need to approach the person who circulated the email at all? Or can I go directly to the data protection commissioner?

    The info was in an attachment to an email that was sent to the whole class at the beginning of the year, regarding people who had registered but still hasn't shown up. I read the email but never opened the attachment. So this info was given to the people in my class that i now know, as well as 2 others that never showed up.

    EDIT. Just read your reply properly, you already answered my question :rolleyes:


  • #5
    AnCatDubh
    Registered Users Posts: 6,392 ✭✭✭AnCatDubh


    rawn wrote: »
    Do I need to approach the person who circulated the email at all? Or can I go directly to the data protection commissioner?

    You can go directly to the Office of the Data Protection Commissioner - very helpful folk down there. You will most likely have to put it in an email to them (maybe with samples of the offending attachments and any other relevant material). They will contact the data controller (the College) and start to ensure procedures are rectified, and investigate as appropriate.

    I think technically in data protection speak, the matter as you've described it is an "unauthorised disclosure".


  • #6
    rawn
    Registered Users Posts: 3,093 ✭✭✭rawn


    AnCatDubh wrote: »
    You can go directly to the Office of the Data Protection Commissioner - very helpful folk down there. You will most likely have to put it in an email to them (maybe with samples of the offending attachments and any other relevant material). They will contact the data controller (the College) and start to ensure procedures are rectified, and investigate as appropriate.

    I think technically in data protection speak, the matter as you've described it is an "unauthorised disclosure".

    That's great thanks. One more question: Does the college have to know it was me that complained or can I do it anonymously? The person who sent the email is my main lecturer and I don't want to get on her bad side, I'll have her for the next 3 years!!


  • Advertisement
  • #7
    AnCatDubh
    Registered Users Posts: 6,392 ✭✭✭AnCatDubh


    rawn wrote: »
    That's great thanks. One more question: Does the college have to know it was me that complained or can I do it anonymously? The person who sent the email is my main lecturer and I don't want to get on her bad side, I'll have her for the next 3 years!!

    I understand. Not certain though albeit you'd expect in the situation that you describe there is no particular reason why the College would need to know that it was you that reported it. I've seen the opposite where the customer's details have been provided to the Data Controller but to be honest without them it may have been impossible to follow up on the enquiry without knowing who it was about. I'd give them a buzz and enquire - again, they're really good folk to deal with and will advise before proceeding to make it formal.


Advertisement