The inquiry will also look into whether Cambridge SU’s ICO report was “a complete and accurate representation of the issue”Daniel Hilton

Cambridge’s Student Council last night (23/01) voted overwhelmingly in favour of launching an inquiry into data concerns at Cambridge SU.

This follows a Varsity report, published on Friday (20/01), on the SU’s mis-handling of sensitive student data, which meant that students had been “effectively outed without even knowing it” last year.

Information about students’ sexualities, gender identities, race and disabilities, declared anonymously when voting in some SU-run elections, was accessible to committee members running elections for other societies and J/MCRs — without the explicit permission of the students themselves.

The motion passed last night — proposed by University Councillor Sam Carling and seconded by LGBT+ Campaign President Louis Baxter — called the disclosure of student data “significant” and “of major concern to the student body”. It also stated that a (now-deleted) statement released by the SU was “erroneous” and inaccurate, “and may further damage trust in the SU.”

Carling originally raised the issue to Student Council in January 2022REBECCA TYSON

It passed with 79% in favour, meaning that an inquiry, whose committee cannot include SU sabbatical officers, must be set up to determine “the nature and full extent of the problem” and why “the incident occurred and was not resolved for over nine months after first being raised”.

The inquiry will also look into whether Cambridge SU’s ICO report was “a complete and accurate representation of the issue”, and make further reports if necessary, as well as determining whether a complaint should be made to the University.

Before the motion for an inquiry could pass, a procedural motion proposed by Undergrad President Zaynab Ahmed failed. The motion would have avoided a vote on the student inquiry altogether and left trustees in charge of any investigation, but 75% of those present voted against it.

Ahmed, who is also chair of the Union’s board of trustees, apologised for the “accidental disclosure of personal information”. She told Council that she did not want a student inquiry but rather “wants to follow the correct processes” — in this case Ahmed said that the correct process would be to allow the trustees to conduct their own internal investigation.

Ahmed apologised for the “accidental disclosure of personal information”TOBIA NAVA

Student members spoke against Ahmed’s motion, claiming that it would be “asking the trustees to investigate themselves”, and that the trustees have already had a year to deal with the issue. Sam Carling, who originally brought the matter to Council, argued that “underlying issues that need to be brought out into the light” would not be sufficiently dealt with if the inquiry was not independent.

In response, Neve Atkinson, the SU’s undergrad access, education & participation officer said that “there is a formal complaint procedure” that should be followed.

Cambridge SU have also retracted a statement which accused Varsity of “false reporting” on the 'data breach' and of using a “misleading headline … [which] could cause unnecessary panic among students, and lead to the false belief that the SU has had a malicious attack on its data, leading to students being outed”.

Postgraduate president Amelia Jabry, told the Student Council that the statement, which had been taken down before the meeting, has been “retracted and is under review”.

The statement had been published in reaction to Varsity’s original article on the SU’s mishandling of sensitive information, and re-iterated the SU's assertion that the ICO had “confirmed that this did not class as a data breach and that no further action was required”. It further accused Varsity of breaking the IPSO Editor’s Code and made false claims that our journalists do not receive training.


READ MORE

Mountain View

Students ‘outed without even knowing’ after SU self-id data ‘breach’

Responding to Varsity enquiries about our original article, an SU spokesperson said that the ICO had determined the incident was not a “data breach” and that “this specific issue” had been resolved. They claimed that the SU did not in fact ignore the request, but that “efforts were made immediately to amend the system based on student feedback”. They acknowledged that the problem wasn’t resolved “as quickly as it could have been”, and confirmed that the data is no longer available for students to view.

The SU spokesperson continued: “Our data policy states that we will share data collected with ‘volunteers’, but we recognise that it is not explicit that we will share this data with society officers. We are working to update our policy accordingly to make this clearer.”