Ministry breaches pupils' privacy

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.stuff.co.nz/dominion-post/news/8592442/Schools-breach-pupils-privacy

The Privacy Commissioner has been notified after the school marks of
38 teenaged pupils were sent to the wrong email recipients.

Acting Secretary for Education Peter Hughes announced the privacy
breach today, in relation to a PISA international study assessing and
comparing how well countries are preparing their 15-year-old pupils
for real life.

________________________________

Were you affected? Leave a comment below

the story or call us on 0800 DOMPOST

________________________________

More than 5200 pupils voluntarily took part in the study and 2500
asked to be emailed feedback that included their name, school and
marks in maths, science, reading and financial literacy.

"But unfortunately, 38 went to the wrong recipients due to human error
with data entry or because email addresses, that had been hand-written
by all the students, were read incorrectly."

Mr Hughes "extremely disappointed" and had now taken steps to ensure
all test result information is managed by the New Zealand
Qualifications Authority from now on.

NZQA's core business was communicating this sort of information to
students - they had the right expertise and processes for handling it,
he said.

"We've only ever sent this information out in relation to PISA, which
happens every three years, but it will not be happening again."

"We apologise to the 38 students affected and will be contacting them,
and are also contacting the people who received their information and
asking them to delete it."

Around 200 students who asked for their results to be emailed have not
received them because the email addresses supplied were no longer
valid or were not legible.

The Office of the Privacy Commissioner had been informed about the
privacy breach.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.