A university that mistakenly shared details of about 2,000 students in an email has avoided further action by the data protection watchdog.
An attachment with the recipients’ names and email addresses was included in the email, from the University of Hertfordshire, promoting a lecture.
The Information Commissioner’s Office (ICO) was notified and offered advice after looking at the case.
The university said it had reviewed its processes and given guidance to staff.
Its creative arts department sent the email in November to a group of students in one school of study and recalled the message soon after.
“We immediately reported the breach to the ICO, who decided that it was not necessary to investigate further as the university had in place appropriate processes for dealing with these circumstances,” the university said.
“We take data protection extremely seriously and provide mandatory training on data protection issues which all staff complete as part of their induction to the university, and then refresh periodically.”
The university, in Hatfield, did not pay any compensation to students for the breach of their data.
An ICO spokeswoman said: “People have the right to expect that organisations will handle their personal information securely and responsibly.
“The University of Hertfordshire made us aware of an incident. After looking at the details, we provided the organisation with advice and concluded no further action was necessary.”
Firms and organisations can face multi-million pound fines for breaches since the General Data Protection Regulation came into force in 2018. British Airways was fined £183m by the ICO in July 2019.
Earlier this year, it emerged the University of East Anglia in Norwich paid students more than £140,000 after personal details were emailed to hundreds of classmates.
A spreadsheet containing student health problems, bereavements and personal issues was sent to 298 people in June 2017.
The Information Commissioner said at the time no further action was needed.