order of words is important
The University of York is the English one. York University is in Canada. They might be a tad upset about your headline...
I'm glad I'm not a student there any more, though - isn't 17,000 students just about all of them?
The University of York has leaked confidential personal information on students due to website security vulnerabilities. Details including mobile phone numbers, addresses and A-Level grades of an estimated 17,000 students were exposed as a result of the breach. University administrators have reported the incident to privacy …
easier said than done. it's almost impossible to sack anyone in a position of authority in academia because they've all got tenure: literally a job for life.
a sacking in the private sector for breaching data protection would be difficult too. the employer would have to prove negligence by the employee(s) and/or gross misconduct.
There are two problems with this observation:
- the snafu would have been caused by administrative and/or IT staff rather than academics; academics aren't allowed anywhere near these kind of systems;
- the concept of tenure doesn't exist for academics at York University in any case. They're salaried employees of the University and can be fired for gross misconduct in the same way as anyone else. Tenure is largely a US concept, and a dying one at that.
By all means, point fingers at people who cause cockups like this - but check your facts before you start bandying around the tired cliches about academic life as if this was the Daily Mail comment boards.
Certainly at the University I work at, you would need to get all members of University council to meet and agree to fire a academic / academic related member of staff - and in the history of the University, the entire council has never met.
In the few cases I know about when something bad has happened staff have been asked to resign in return for a glowing reference and bag of cash. Few leave, most stay... job for life after all.
A frustrating sector to work in! (if your good at what you do an want to provide great services for users!) Fantastic if you don't give a sh^t
Fine an already cash-strapped organisation, which will eat into research funding and get passed on to the students thanks to the relaxation in tuition fee caps?
The leak was preventable, and I'm not saying there shouldn't be a punishment, but I'm not convinced a big fine will be of benefit to anyone but the ICO.
“Vulnerabilities in websites make it all too easy for hackers to tamper with the content "
No, it's badly written applications that make it easy ...
> Maakaroun said. "To stop this from happening, it is vital that organisations take a more proactive approach to their security by continually scanning for web vulnerabilities which hackers find relatively easy to exploit.”
How about storing the student data on a separate encrypted system not accessible directly from the Internet. Oh, and requiring authentication before allowing access, and implementing a second system to provide a full audit against the first.
Biting the hand that feeds IT © 1998–2020