SINGAPORE: The National University of Singapore (NUS) has to put in place an e-training module for all its students on personal data protection, after it emerged that the personal particulars of 143 student volunteers were breached in 2016.
In a press statement on Friday (Apr 28), an NUS spokesperson said a URL link containing a spreadsheet of names and some personal data was made accessible online to anyone who was aware of the link.
The names were of students from the College of Alice and Peter Tan who were to be counsellors for a freshman orientation camp last year, and the list was created by a student leader.
"Care had been taken to restrict the initial distribution of the list. However, at some point, the setting on the spreadsheet had been changed, rendering it accessible by any user who had the URL link," said the NUS spokesperson.
The statement added that NUS was alerted to the breach on Jun 6, 2016, after it got a notice from the Personal Data Protection Commission (PDPC) which received a complaint from an NUS student who had come across the URL link.
MANDATORY PERSONAL DATA PROTECTION MODULE
After reviewing the matter, the PDPC on Wednesday directed NUS to develop an e-training module that addresses personal data protection, including how personal data is collected and processed for student events.
All NUS students, including student leaders, will be required to take the module once it is developed, said the university.
In the interim, student leaders involved in freshman orientation activities this year will be required to take a basic training online developed by PDPC. The university said it will also provide additional training materials, and face-to-face briefing sessions will be held for the chairs and data protection officers of freshman orientation activities.
"The university will make every effort to ensure that this (the breach) does not happen again," said the spokesperson.