Privacy Protection Issue in the Electronic Form Platform of the University of Turku Has Been Reported and Fixed
An error was detected in the electronic form platform of the University of Turku, on account of which users might have had access to other users’ information on the forms. The error was fixed once it was discovered. The matter has been reported to the Data Protection Ombudsman and to those 33 users whose information could have been accessed by other users.
The University’s applications, permissions, orders, contracts, feedback, and other types of forms are handled in the electronic form platform. The use of the system requires logging in and, depending on the form, logging in takes place with the UTU username, username of an organisation belonging in the Finnish HAKA network, and to outsiders with the Suomi.fi login.
The form platform has been used since the beginning of 2017 and so far 11,600 people have used the system and approximately 27,000 forms have been filled in. In most of the filled in forms, the person’s name and timestamp are the only information that has been viewable because of the error.
From some of the forms, it has also been possible to view personal information. The University of Turku has contacted those 33 people whose personal information could have been accessed by other people than the form handlers.
More information:
Chief Information Officer Jani Leino, +358 29 450 4001, jani.leino@utu.fi