A former teacher accidentally shared a file containing personal data of students to the entire school on a cloud-based drive – DPP 4 – security of personal data
Background
A school reported to the PCPD that a former teacher accidentally shared a file containing personal data of newly enrolled Secondary One students with the entire school on a cloud-based drive while using the drive’s template function during handover, resulting in unnecessary access to the data by other students.
Remedial Measures
Upon receipt of the notification from the school, the PCPD initiated a compliance check. In response to the incident, the school informed the PCPD that it had disabled the user creation and template functions of the cloud-based drive. Furthermore, the school established guidelines and procedures for handling personal data on the cloud-based drive. The school also explained how to select the appropriate access rights on cloud-based platforms during a staff meeting.
Lesson learnt
While cloud-based platforms offer convenience and accessibility, they also pose challenges to privacy protection. Organisations should provide adequate training for their staff members to ensure they handle personal data with caution and select the appropriate access rights. Furthermore, organisations should establish clear policies and procedures for the use of cloud-based platforms to provide specific operational guidelines for staff members.
(Uploaded in February 2025)