Oxford University Conservative Association (OUCA) has left in Cc the email addresses of all recipients of this week’s edition of its newsletter, sent out earlier today.
The number of email addresses recipients can see reportedly differs, with some saying they have access to 86 names and addresses and others saying they can see around 200. The emails were sent out in alphabetical groups, and it is believed that there could be a total of 1000 addresses and names leaked.
The inclusion of this information is a large personal data breach and could be punishable by law. Under general data protection regulations (GDPR), email addresses must be stored privately and treated with strict confidentiality.
The release of this information also breaks the rules of OUCA’s constitution. According to Section 3(10)(f) of its Rules and Standing Orders: ‘The Communications Director shall ensure that all Association communications that the Communications Director distributes, including the website, comply with the relevant provisions of the Data Protection Act, the Proctors and Assessors’ Memorandum, the University Codes
and Decrees, and other applicable statutes.’
The Student Union’s data protection handbook also states that the Bcc (blind carbon copy) field on the email address line is to be used in all bulk communications.
The Oxford Student has reached out to OUCA for comment.
Edited on 20/04/2020 to include: The emails were sent out in alphabetical groups, and it is believed that there could be a total of 1000 addresses and names leaked.