24 May 2018

Personal data have been stored incorrectly


A review of internal drives at the University of Copenhagen has revealed that thousands of students’ and employees’ data has been available to employees who had no business with it. New procedures and a secure drive will ensure that it does not happen again.

In several cases, personal data such as CPR numbers, grades and addresses of staff and students has been stored incorrectly at the University of Copenhagen. This has appeared from a new scan of internal drives. UCPH employees who have had no business using the data have had access to it.

This is typically data from secure systems which employees have transferred to other non-secure drives to work with it. This has potentially given other employees access to the data, and this is a breach of the Danish Processing of Personal Data Act of 2001.

The University of Copenhagen has therefore drawn up a new procedure for storing personal data which, among other things, means that a new, secure drive has been created.

“We’re taking this very seriously. We will delete the personally identifiable data, and all managers have been asked to ensure that personal data is handled in accordance with the law. This means storing personal data on a secure drive and making sure that only those who need the data in their jobs can access it. Furthermore, personal data that is no longer relevant must be deleted,” says University Director Jesper Olesen.

The employees who have had access to the personal data are all bound by a duty of confidentiality.