University of Sydney failed to protect students: Privacy Commissioner
- 29 June, 2011 11:43
- Comments
An investigation by the Acting NSW Privacy Commissioner, John McAteer, into the University of Sydney's security breach in January has found that the institution failed to meet its obligations to students under the Privacy and Personal Information Protection (PPIP) Act of 1998 due to a series of security blunders.
According to the report (PDF), a similar security flaw on the university's website was first reported in 2007.
"The university repaired the code error that allowed unauthorised access to student records on the university’s website by way of introducing a security patch but when updates to the software were made later in 2007, the patch was not re-introduced into the system due to an oversight," McAteer said in a statement.
The university has since introduced a new software control system that mitigates the risk of this happening again.
"In a further briefing provided to staff of this office, the university explained that the flaw in January 2011 was not an outcome of the failure in 2007 to re-install the security patch," McAteer said.
"Section 12 of the PPIP Act imposes a positive obligation on the University to take all reasonably available security measures to ensure a student’s personal information recorded on the University’s web-accessible records through the many transactions students complete on-line does not become available to unauthorised persons and bodies."
McAteer said that the University should have been aware that it held sensitive personal information about thousands of people, which, if it fell into the wrong hands, could lead to potential physical and financial threats to them.
"The information leaks in January 2011 resulted from what can be simply described as a programming error that allowed access to student records directly from one’s Web browser without the need to enter a password," he said.
According to the commissioner, the flaw was "avoidable" and the University did not take the available steps to avoid the risk that the leaks would eventuate.
While the report found that the university did not meet its obligations under section 12 of the PPIP Act, McAteer said that it did respond to the breach of security with "urgency and effectiveness" and that there was no need to take further action.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Google Jumps Into Social Bookmarks Game
-
NBN build gaining momentum daily: Quigley
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Monday Grok: Will Siri crack the walls of GOOG?
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Mastering Backup and Restoration
A backup strategy should not be static. Rather, it should establish a platform for a business to deliver continuous improvement through faster backup and restore features, easier management, lower operating expenditure, reduced complexity and delayed capital investment. These will in turn support greater business competitiveness. Read on. -
There is a HP Printer for everyone
The following printer categories are highly recommended for the respective customer segments. While these printer categories remain as the primary recommendations, you will find alternative models listed in the product line up charts. -
High Availability with Oracle Database 11g Release 2
In this paper, we review the common causes of application downtime and discuss how technologies available in the Oracle Database can help avoid costly downtime and enable rapid recovery from unplanned failures and also minimize impact from planned outages. We also highlight new technologies introduced in Oracle Database 11g Release 2 that enable businesses to make their IT infrastructure even more robust and fault tolerant, maximize their return on investment on high availability infrastructure, and provide better quality of service to users.
-
Smashing Wordpress - Beyond the Blog
-
Perl for Dummies, 4th Edition
-
Mastering Data Warehouse Design
-
Coder to Developer - Tools and Strategies for Delivering Your Software
-
Java Concepts 4E WileyPlus Standalone Registration Card
-
Professional Sharepoint 2010 Administration
-
UML 2 for Dummies
-
Adobe Acrobat 6 PDF Bible
-
Microsoft Project 2000 for Dummies Quick Reference








Comments
Post new comment