Data protection watchdog the Information Commissioner's Office has rebuked the University of York after it accidentally exposed the details of thousands of students on an official web site.
The information, which included names, dates of birth, A-level results, mobile numbers and addresses, was posted to the university's site for over a year before being noticed, meaning that 148 records were accessed inappropriately, the ICO said.
ICO director of operations Sharon Entwisle warned that the case highlighted the need for proper security checks.
"This breach could have been avoided if the university had properly assessed the risks that this work posed to the security of their students' details," she said.
"They also failed to test the security of their IT system once the work was complete, leading to an unnecessary delay in the error being corrected."
The ICO decided not to fine the university given that the details exposed were unlikely to cause "substantial damage or distress" to the students, said Entwisle.
University of York vice chancellor Brian Cantor has signed an undertaking with the ICO to improve data security, including annual testing on certain parts of the university's IT systems.
The ICO is also launching an awareness raising campaign on information rights specifically for students.
The 2011 Student Brand Ambassador campaign will promote best practice on data security as well as educating young people about how they can exercise their rights under the Data Protection Act.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff