Inappropriate use of University Records

A University student, Ms Smith, received an email sent to her University email address from Mr Jones, a University employee, working in student records. Ms Smith and Mr Jones had worked together previously at a different organisation. The email was not related to University business. Mr Jones invited Ms Smith to meet him socially and noted that she had changed her name since they last met. Mr Jones copied a mutual acquaintance outside the University into his email to Ms Smith. Ms Smith felt very concerned that Mr Jones might also be able to access her academic record, financial records, scholarship applications and more sensitive information such as counselling records. Further, Ms Smith was concerned about Mr Jones sharing of her personal information with acquaintances outside the University. What Information Protection Principles (IPPS) of the Privacy and Personal Information Protection Act 1998 have been breached in this scenario and why?

Find out answer