Norwich City College has escaped a fine from the Information Commissioner's Office (ICO), despite being found guilty of breaching the Data Protection Act after dumping sensitive personal information relating to 80 students in a campus skip.
The information contained sensitive medical details and was discovered in unsecured bin bags, according to the ICO.
Norwich City College escaped a financial penalty, despite this being the second time that the college had disposed of students' personal information in this manner.
"From the moment personal information is collected to the time it is securely destroyed, organisations have a legal responsibility to abide by the principles of the Data Protection Act. There is also a reputational risk for organisations with lax data protection practices," said acting head of enforcement at the ICO, Sally-Anne Poole.
"I am pleased that Norwich City College has agreed to take action to ensure that personal information is now securely disposed of. This includes making sure that any future confidential waste is stored in coloured or labelled bin bags so that it can be identified and disposed of correctly."
The ICO has fined only a handful of organisations since it was given the power in April 2010 to fine up to £500,000 for a breach of the Data Protection Act, something which has led several commentators to criticise the watchdog for being too lenient.
Regulators such as the Financial Services Authority have handed out six-figure fines in the past, and some have speculated that the ICO runs the risk of being marginalised as an effective watchdog.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions