The accidentally circulated information included students’ full names, email addresses and ID numbers.
Wits University has reassured students whose personal information was inadvertently shared in emails sent out by the Careers and Counselling Development Unit (CCDU), that all the emails have been recalled.
“Steps to retrieve and destroy the email and the data were taken to ensure that there was no subsequent disclosure and wider dissemination of data,” Wits senior communications officer Buhle Zuma told Wits Vuvuzela.
On Saturday, August 8, the university’s registrar, Carol Crosley, notified students that their personal details had been shared to a cohort of students as a result of a CCDU employee inadvertently attaching the sensitive information in an email about an upcoming careers expo. The information included students’ full names, student email addresses, ID numbers, cellphone numbers, faculty and year of study.
“No other private data was included,” wrote Crosley in the email. She apologised for the incident, and said she was part of an internal team consisting of Wits ICT and legal officials, which had been established to rectify the accidental leak.
Goabaona Mashabane, (19), a first-year LLB student, said that she was shocked when she received the email. “Your ID number is personal and private,” she said, adding that she would be relieved if “[Wits] informed us of the steps they have taken to resolve this situation”.
Another student still waiting for an update from Wits is Phumulani Ntuli (20), in second-year BA general. “All I know is that my information was shared with the wrong people. I am expecting communication from Wits to explain how they will resolve it. I have no reassurance that an incident like this will never happen again,” he told Wits Vuvuzela.
Ravi Patel, an attorney at Govender Patel Dladla Inc. Attorneys, said Wits had an obligation to report the data breach to the Information Regulator (SA), an independent body that monitors and protects access to personal information.
“They have taken the right steps to rectify the situation. However, if anybody suffers any damages as a result of this breach, they are still liable. They need to do damage control. They must put out a publication explaining how they supposedly fixed the situation and apologise.
“They must also inform the Information Regulator and open a channel of communication with those affected to report any issues. They need to take responsibility for the after effects,” said Patel.
FEATURED IMAGE: Students have been left in the dark about how their leaked personal information has been secured.
RELATED ARTICLES:
- Wits Vuvuzela, Students unhappy about uniticket data, August 2020
- Wits Vuvuzela, Errand-running business helps students earn an income, August 2020
- Wits Vuvuzela, NSFAS students in catered residences to get food allowances, August 2020