Self-improvement

The Economist’s charts are usually very clear and helpful, but that’s not to say they can’t be improved – as they themselves show.

Mistakes, we’ve drawn a few
At The Economist, we take data visualisation seriously. Every week we publish around 40 charts across print, the website and our apps. With every single one, we try our best to visualise the numbers accurately and in a way that best supports the story. But sometimes we get it wrong. We can do better in future if we learn from our mistakes — and other people may be able to learn from them, too. […]

Misleading charts
Let’s start with the worst of crimes in data visualisation: presenting data in a misleading way. We never do this on purpose! But it does happen every now and then. Let’s look at the three examples from our archive.

Mistake: Truncating the scale

self-improvement-1

 

Another data protection failure

Hot on the heels of Facebook’s latest password problem, TechCrunch has news of another online service with a very shoddy approach to data protection – i.e. there wasn’t any.

The app, Family Locator, allows families to track each other’s movements, similar to the location sharing option in Google Maps. But it seems the backend database for their nearly a quarter of a million users wasn’t protected at all.

A family tracking app was leaking real-time location data
Based on a review of the database, each account record contained a user’s name, email address, profile photo and their plaintext passwords. Each account also kept a record of their own and other family members’ real-time locations precise to just a few feet. Any user who had a geofence set up also had those coordinates stored in the database, along with what the user called them — such as “home” or “work.”

They tried to get in touch with the developer, React Apps, but to no avail.

The company’s website had no contact information — nor did its bare-bones privacy policy. The website had a privacy-enabled hidden WHOIS record, masking the owner’s email address. We even bought the company’s business records from the Australian Securities & Investments Commission, only to learn the company owner’s name — Sandip Mann Singh — but no contact information. We sent several messages through the company’s feedback form, but received no acknowledgement.

On Friday, we asked Microsoft, which hosted the database on its Azure cloud, to contact the developer. Hours later, the database was finally pulled offline.

What makes good governance?

In an attempt to get rid of the sour taste left in our mouths from yesterday’s post about the rise of populist politics, here are some more award-winning data visualisations via David McCandless and the Information is Beautiful people.

The winners of the World Data Visualization Prize
Conducted in partnership with the World Government Summit, the prize focuses on how governments are improving citizens’ lives. We asked entrants to use the power of data-visualization to illuminate data on the innovations and decisions – seen and unseen – that drive progress.

Here’s my favourite, an interactive overview of the different factors that contribute to happy countries (or not).

GOV|DNA — Discover the DNA of a good government
This interactive visualization enables the exploration of the DNA of a good government. You can analyze and compare multiple indicators to investigate their influence on countries and the related behaviour and performance of governments.

what-makes-good-governance-1

Where is everybody?

Each six months Andy Kirk of Visualising Data highlights some of the significant developments in data visualisation. It’s a great collection, but this one in particular caught my eye.

10 significant visualisation developments: July to December 2018
2. ‘Human Terrain’: A genuinely captivating project from Matt Daniels of ThePudding, ‘Human Terrain’ is a staggeringly detailed, explorable prism map of the world’s population that can trap you into browsing for far longer than you can realistically afford. It evokes memories of a classic graphic from 2006, created by Joe Lertola for Time magazine. There is also a wonderful companion piece, ‘Population Mountains‘, where Matt walks through ‘a story about how to perceive the population of cities’.

When you fly from one part of the world to another, it becomes very quickly apparent just how crowded some places must be, compared to others.

visualising-populations-2

Human Terrain: visualizing the world’s population, in 3D
Kinshasa is now bigger than Paris. Guangzhou, Hong Kong, and Shenzhen are forming an epic, 40 million-person super city. Over the past 30 years, the scale of population change is hard to grasp. How do you even visualize 10 million people?

visualising-populations-3

It puts those incredibly dense housing schemes in Hong Kong I mentioned earlier into context, doesn’t it?

Population growth, like charity, starts in the home, so here’s an animated chart on family sizes in the US.

How many kids we have and when we have them
The chart above shows 1,000 timelines, based on data from the National Survey of Family Growth. Each moving dot is a mother. Age is on the horizontal, and with each live birth, the dot moves down a notch. The green bubbles represent the total counts for a given age.

visualising-populations-1

It’s interesting to watch the chart populate. You’ve got to wonder about the stories behind those outliers though.

GDPR is still a thing, right?

Some recent data protection stories that have caught my eye.

French data watchdog dishes out largest GDPR fine yet: Google ordered to hand over €50m
The French agency, CNIL, ruled today that the search giant had offered users inadequate information, spreading it across multiple pages, and had failed to gain valid consent for ads personalisation. […] The CNIL concluded that Google had breached the General Data Protection Regulation in two ways: by failing to meet transparency and information requirements, and failing to obtain a legal basis for processing.

Amazon, Apple and Google face data complaints
General Data Protection Regulation (GDPR) rules say EU customers have the right to access a copy of the personal data companies hold about them. However, privacy group noyb said it found that most of the big streaming companies did not fully comply. It has filed formal complaints, which if upheld could result in large fines.

Google accused of GDPR privacy violations by seven countries
Consumer groups across seven European countries have filed GDPR complaints against Google’s location tracking (via Reuters). The European Consumer Organisation (BEUC), of which each of the groups are a member, claims that Google’s “deceptive practices” around location tracking don’t give users a real choice about whether to enable it, and that Google doesn’t properly inform them about what this tracking entails. If upheld, the complaints could mean a hefty fine for the search giant.

The NOYB organisation gets mentioned a number of times there.

Max Schrems: The privacy bubble needs to start ‘getting sh*t done’
After years locked in numerous long, drawn-out and often bitter legal battles, Schrems decided to launch a nonprofit aiming to help people bring their own consumer privacy cases to court.

The plan is for NOYB (None Of Your Business) to take advantage of the incoming European Union General Data Protection Regulation, which offers more options for collective redress across the bloc, and harness the momentum Schrems has built up with various high-profile court cases.

Seems to be working. (Via)

The best data visualisation work of 2018

Another end of year roundup, this time looking at data visualisation design.

Information is Beautiful Awards 2018: The Winners
Let’s raise a glass to dataviz that pushes boundaries, illuminates truth, and celebrates beauty. Thank you to everyone who joined us on the Information is Beautiful Awards journey this year – now see which entries took home trophies at tonight’s spectacular ceremony.

There is so much to pour over, here. Two that stood out particularly for me was this visual representation of a Beethoven string quartet and this unusual view of our lively planet.

Dynamic Planet Interactive Scientific Poster
The Interactive Scientific Poster „Dynamic Planet” was designed and developed for the exhibition „Focus Earth” of the GFZ German Research Centre for Geosciences in Potsdam. One of the main advantages of a digital poster is that it can display dynamic content. This is at the same time the essential statement of the scientific poster “Dynamic Planet”: our earth never stands still, is permanently shaken by earthquakes. These tensions are measured by three measuring points of the GFZ and their data is visualized in real-time in an interactive poster in the exhibition context. The viewer is given a direct impression, he can be a “witness” to current measurement and research.

data-visualisation-2018

This video demonstrates how people can interact with the poster, to navigate the large amount of data presented in an intuitive, visual manner.

Dynamic Planet – Scientific Poster
The challenge for the interface design was to ensure a clear overview, despite of the massively many events. The solution consists in an interactive graphical representation of the events by filtering the earthquakes by eg. magnitude and depth. A special visual feature of the scientific poster “Dynamic Planet” is the representation of the earthquakes depth in a transparent, rotating globe.

Introducing children to data visualisation

The economist and dataviz blogger Jonathan Schwabish took on an unusual challenge, to introduce his son’s primary school classmates to data visualisation.

I wouldn’t know where to start — I’m still not sure of the difference between a histogram and a bar chart — but cleverly, Jonathan begins with examples of diagrams everyone is familiar with. Maps.

Teaching data visualization to kids
I then introduced the term “choropleth” and showed them this map of graveyards in the US and this map of McDonald’s (a couple of kids actually tied the two together!). I also showed them a clip of Aron Koblins’ Flight Patterns project (my son loves this one)—the simple and intuitive animation, and black and white color scheme make it easy to follow. I also showed them a video of Martin Wattenberg and Fernanda Viegas’ Wind Map, again, something I think they could all relate to.

He then asks the children to draw their own maps, of their homes rather than the whole world, and to add in any data they liked.

I then passed out tracing paper and, bringing up the graphs I showed them earlier in which color, dots, lines, and bubbles were placed on top of the map, I asked them to plot any data they liked. … Could they add differently-sized bubbles to their favorite rooms? Could they draw lines showing their paths through the house? What about smiley faces for the most fun room?

children-data-visualisation-1

What a fantastic idea. I hope others are similarly encouraged to spread the word in this way. As he says in his conclusion, helping children to understand graphs is a good thing for many reasons.

I’d love to see a way to make data visualization education a broader part of the curriculum, both on its own and linked with their math and other classes. Imagine adding different shapes to maps in their Social Studies classes to encode data or using waterfall charts in their math classes to visually demonstrate a simple mathematical equation or developing simple network diagrams in science class. The combination of the scientific approach to data visualization and the creativity it sparks could serve as a great way to help students learn.

(Via FlowingData.)

Stolen millions

More announcements of company data (our data) being stolen. The numbers involved each time are just incredible.

Hackers breach Quora.com and steal password data for 100 million users
Compromised information includes cryptographically protected passwords, full names, email addresses, data imported from linked networks, and a variety of non-public content and actions, including direct messages, answer requests and downvotes. […] In a post published late Monday afternoon, Quora officials said they discovered the unauthorized access on Friday. They have since hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.

Whenever these stories are reported, the articles often end with a little summary of other recent snafus. The one above ended with:

Quora’s post is only the latest disclosure of a major breach. On Friday, hotel chain Marriott International said a system breach allowed hackers to steal passport numbers, credit card data, and other details for 500 million customers. In September, Facebook reported an attack on its network allowed hackers to steal personal details for as many as 50 million users. The social network later lowered the number of accounts affected to about 30 million.

A post from The Register, about that massive Marriott breach, concluded with this reminder of previous losses.

Marriott’s Starwood hotels mega-hack: Half a BILLION guests’ deets exposed over 4 years
Few hacks of individual firm’s customer data have come close to the scale of this one. The Yahoo! breach in 2013 saw three billion email accounts breached, while Carphone Dixons, the UK electronics retail chain, managed to lose control of 5.9 million sets of payment card data. In the US, the US Government Office for Personnel Management (which handles sensitive files on millions of government workers) had the personal data of 21 million employees’ breached by hackers.

Another day, another data protection issue

We’re generating data all the time, without realising, and without really knowing where it all goes.

Users told to ditch OneDrive and Office 365 to avoid ‘covert’ data harvesting
Microsoft Office and Windows 10 Enterprise uses a telemetry data collection mechanism that breaches the EU’s General Data Protection Regulation (GDPR), according to a 91-page report commissioned by the Dutch government, and conducted by firm Privacy Company.

It’s not just Microsoft in the firing line, of course.

With GDPR now several months into play, data watchdogs across Europe are beginning to take their first steps in the new regulatory landscape. Microsoft is the latest in a line of major companies accused of breaching GDPR, with Oracle and Equifax among seven firms reported for violations by a data rights group last week.

And that story about Google’s AI company having access to NHS data is still rumbling on.

Google: Our DeepMind health slurp is completely kosher
DeepMind told The Reg: “It is false to say that Google is “absorbing” data. This data is not DeepMind’s or Google’s – it belongs to our partners, whether the NHS or internationally. We process it according to their instructions.”

That claim, echoed by DeepMind Health chief Dominic King, brought a swift correction from legal experts. “It doesn’t belong to DeepMind’s partners, it belongs to the individuals,” Serena Tierney partner at lawyers VWV. “Those ‘partners’ may have limited rights, but it doesn’t belong to them.”

I wonder if we’ll be seeing more of these issues, what with one thing and another.

What the potentially useless draft Brexit agreement means for tech
One of the big questions for Brexit is data protection, and the agreement seeks to hold onto the status quo. Scroll through to Article 71 for the text, which says that EU data protection law will continue to cover the UK before and after the transition period, which runs until the end of 2020. That means personal data can continue to flow between the UK and the EU.

“This issue is critical to the tech sector and to every other industry in a modern digitising economy,” says Tech UK CEO Julian David in a blog post. Data’s the oil that greases tech, and all that.

That doesn’t mean that GDPR will continue to apply in the UK post Brexit. Christopher Knight, privacy lawyer at 11KBW, notes that the UK will become a “third state”. That means the UK won’t be required to apply GPDR and other data laws to “wholly internal situations of processing”.

Update: Well, here’s a thing. I’m still getting used to this new Android phone, with its Google news feed thing, and some time after first drafting this post I was browsing through it and came across the article below. How did it know to surface stories about DeepMind? I’m sure I hadn’t searched for it, but came across it in a newsletter. Is Google reading what I type into WordPress?

Inside DeepMind as the lines with Google blur
Last week, the line between the companies blurred significantly when DeepMind announced that it would transfer control of its health unit to a new Google Health division in California. […]

In March 2017, DeepMind also announced it would build a “data audit” system, as part of its public commitment to transparency. The technology would allow NHS partners to track its use of patient data in real time, with no possibility of falsification, DeepMind said. Google did not comment on whether it will finish the project.

Straightforward data science intro

This looks to be an interesting response to the call to be more data literate. Via Flowing Data, a straightforward and potentially free way to get skilled up with R, without needing to install any software, it seems.

Chromebook Data Science – a free online data science program for anyone with a web browser
The reason they are called Chromebook Data Science is because philosophically our goal was that anyone with a Chromebook could do the courses. All you need is a web browser and an internet connection. The courses all take advantage of RStudio Cloud so that all course work can be completed entirely in a web browser. No need to install software or have the latest MacBook Computer.

Here’s some info on what the courses cover, including introductions to R and GitHub. Worth a look?

Excel’s getting interesting. No, really

News that Excel will soon be expanding its range of data types, enabling a much richer and more dynamic experience.

Excel Data Types
AI powered Excel Data Types will transform the way we work with Excel by enabling a cell to contain much more than text, numbers or formulas.

There are currently two Excel data types available to Office 365 users; Stocks and Geography. Let’s start with the Geography Data Type that can take a table of countries and return rich data that can be referenced in Excel formulas and expand into further columns.

excel-getting-interesting-2

Mynda takes us through many other examples of how these new data types can be used and referenced in our spreadsheets. And it seems like this is just the beginning.

The Excel team have big plans for Data Types with more coming, including the ability to create your own data types unique to your organisation. Imagine data types for Employees, Products, Stores, Regions… the list is endless.

Remember the hacking cough?

More hacking schadenfreude, but with an added GDPR element this time.

First, the hapless Tories.

Major security flaw in Tory conference app reveals users’ data
Commentators said the flaw raised questions over the ability of the government to harness technology to solve issues around the Irish border and customs checks. The app may also have breached data laws. Its privacy policy states that it “complies with … the European Union’s general data protection regulation (GDPR)”.

Boris Johnson’s profile immediately vandalised with hardcore pornography in Tory conference app security blunder
The highly serious blunder allowed anyone to access details of hundreds of MPs including Foreign Secretary Jeremy Hunt and Defence Secretary Gavin Williamson – who have police protection and warn regularly of the hacking threat from Russia. But it also gave pranksters an opportunity to have fun with the profiles of prominent Conservatives.

And then Facebook. Again.

Facebook says at least 50 million users affected by security breach
Facebook said the FBI is now investigating. Because users in Europe are also affected, the company said it has informed data protection authorities in Ireland — where the company’s European headquarters are located. The Irish Data Protection Commission has asked Facebook to clarify the breach “urgently.” If Facebook is found to have breached European data protection rules — the newly implemented General Data Protection Regulation (GDPR) — the company can face fines of up to four percent of its global revenue.

Facebook hack: Here’s what you need to do to secure your account
Critically, for European users, Facebook has been in touch with the Data Protection Commissioner in Ireland – where it is registered – to inform it of the breach. This will be the first data protection incident from one of the major tech companies since the enforcement of Europe’s General Data Protection Regulation (GDPR) in May. GDPR gives regulators the power to issue huge fines but this is yet to be tested. In a statement the Irish Data Protection Commission said Facebook hasn’t given it many details yet. It is “concerned” that despite Facebook discovering the breach on Tuesday, it hasn’t been able to “clarify the nature of the breach and the risk for users at this point”.

Follow the data

I’m hearing more and more about data ethics. It wasn’t ‘a thing’ before, was it? But it certainly is now. Here’s a very interesting take on it: flow.

The ethics of data flow
In Privacy in Context, Helen Nissenbaum connects data’s mobility to privacy and ethics. For Nissenbaum, the important issue isn’t what data should be private or public, but how data and information flow: what happens to your data, and how it is used. Information flows are central to our expectations of privacy, and respecting those expectations is at the heart of data ethics.

It’s not what they’ve got, but what they do with it that matters.

The infamous Target case, in which Target outed a pregnant teenager by sending ad circulars to her home, is a great example. We all buy things, and when we buy things, we know that data is used—to send bills and to manage inventory, if nothing else. In this case, the surprise was that Target used this customer’s purchase history to identify her as pregnant, and send circulars advertising products for pregnant women and new mothers to her house. The problem isn’t the collection of data, or even its use; the problem is that the advertising comes from, and produces, a different and unexpected data flow. The data that’s flowing isn’t just the feed to the marketing contractor. That ad circular, pushed into a mailbox (and read by the girl’s father) is another data flow, and one that’s not expected.

[…]

Everyone who works with data knows that data becomes much more powerful when it is combined with data from other sources. Data that seems innocuous, like a grocery store purchase history, can be combined with geographic data, medical data, and other kinds of data to characterize users and their behavior with great precision. Knowing whether a person purchases cigarettes can be of great interest to an insurance company, as can knowing whether a cardiac patient is buying bacon.

The article is written by and for data developers, primarily, and poses more questions than it can answer, especially around the thorny concept of data deletion. It’s an interesting read, but it left me wondering if those GDPR data protection principles will ever be fully put into practice.

We all need to be data literate

This article from Harvard Business Review doesn’t mention schools once, but I think it fits perfectly well in that setting.

The democratization of data science
Intelligent people find new uses for data science every day. Still, despite the explosion of interest in the data collected by just about every sector of American business — from financial companies and health care firms to management consultancies and the government — many organizations continue to relegate data-science knowledge to a small number of employees.

That’s a mistake — and in the long run, it’s unsustainable.

It goes on to outline the three steps necessary to create a more data literate organisation; share data tools, spread data skills, and spread data responsibility. Couldn’t agree more. It’s well worth a read.

Facebook gets away with it

Facebook fined for data breaches in Cambridge Analytica scandal
Facebook is to be fined £500,000, the maximum amount possible, for its part in the Cambridge Analytica scandal, the information commissioner has announced.

But talk about good timing.

In the first quarter of 2018, Facebook took £500,000 in revenue every five and a half minutes. Because of the timing of the breaches, the ICO said it was unable to levy the penalties introduced by the European General Data Protection (GDPR), which caps fines at the higher level of €20m (£17m) or 4% of global turnover – in Facebook’s case, $1.9bn (£1.4bn). The £500,000 cap was set by the Data Protection Act 1998.

Elizabeth Denham, the information commissioner, explains her real goal with this fine is to “effect change and restore trust and confidence in our democratic system.”

“Most of us have some understanding of the behavioural targeting that commercial entities have used for quite some time,” Denham said, “to sell us holidays, to sell us trainers, to be able to target us and follow us around the web.”

“But very few people have an awareness of how they can be micro-targeted, persuaded or nudged in a democratic campaign, in an election or a referendum.

“This is a time when people are sitting up and saying ‘we need a pause here, and we need to be sure we are comfortable with the way personal data is used in our democratic process’.”

I think we’re still some way off that; people just seem not to be bothered.

Facebook’s rise in profits, users shows resilience after scandals
Facebook Inc (FB.O) shares rose on Wednesday after the social network reported a surprisingly strong 63 percent rise in profit and an increase in users, with no sign that business was hurt by a scandal over the mishandling of personal data.

But maybe I shouldn’t be so pessimistic.

The digital privacy wins keep coming
Progress can be difficult to measure; it often comes in drips and drops, or not at all for long stretches of time. But in recent weeks, privacy advocates have seen torrential gains, at a rate perhaps not matched since Edward Snowden revealed how the National Security Agency spied on millions of US citizens in 2013. A confluence of factors—generational, judicial, societal—have created momentum where previously there was none. The trick now is to sustain it.

Let’s hope.

100,000 happy moments

Nathan Yau has a fascinating look at what makes us happy.

What makes people the most happy
What made you happy in the past 24 hours? Researchers asked 10,000 people this question. More specifically, the collaboration between the University of Tokyo, MIT, and Recruit Institute of Technology asked participants on Mechanical Turk to list 10 happy moments. This generated a corpus of 100,000 happy moments called HappyDB.

With how things are these days, I was happy to read over and analyze such a happy dataset.

Goats, DVDs and other formats

Here’s an interesting look at Netflix’s ARRM robot, or ‘Automated Rental Return Machine’, built to squeeze out as much profit margin as possible from its shrinking DVDs-by-post business. It’s an ingenious response to this latest shift in format.

Automating the end of movies on physical discs
The real shame will happen when movies stop coming out on DVDs and Blu-Rays altogether. That’s not because they were such a lovable way to package films (they have their pluses and minuses); it’s because with the loss of each media format, we also lose some titles forever.

Speaking of changes with storage and archive processes, I was looking back at this post from 2014, about how the printing of the new High Speed Two bill will require several thousand goats to create the necessary amount of vellum.

It turns out the following year, the Commons Select Committee agreed to a move away from vellum to high quality archive paper, a much cheaper option.

Report: The use of vellum for recording Acts of Parliament
The Committee was convinced by the arguments put to it by the Chairman of Committees and has therefore agreed this short report recommending to the House of Commons that, in future, high quality archive paper should be used and not vellum to record Acts of Parliament.

But then in 2016 they changed their mind again, with the Cabinet Office deciding to “provide the money from its own budget for the thousand-year-old tradition to continue.”

Why is the UK still printing its laws on vellum?
After a reprieve, the UK is to continue printing and storing its laws on vellum, made from calf or goat-skin. But shouldn’t these traditions give way to digital storage, asks Chris Stokel-Walker.

That’s such a tricky question, though. It’s tempting to think digital is always best with these matters, but I wonder. Storage formats come and go so quickly, just look at Netflix’s DVDs.

“In many circles there’s still a real discomfort around digital archiving, and a lack of belief that digital can survive into the future,” explains Jenny Mitcham, digital archivist at the Borthwick Institute for Archives at the University of York.

The whole concept of digital storage is a relatively new innovation, and the path by which it could survive through the years is not clear.

(And has anyone compared vellum rot with link rot, I wonder?)

Weeks, years, aeons

I have a birthday coming up in a few days and I was going back over this post that links to a Wait But Why article on how to see all the weeks in your life in one go.

Your life in weeks
Sometimes life seems really short, and other times it seems impossibly long. But this chart helps to emphasize that it’s most certainly finite. Those are your weeks and they’re all you’ve got.

I’ve found it very useful to go back to my own version of this, to remind myself of where I’ve been and how fleeting situations are sometimes. But I hadn’t realised there was another article there that gives you a much broader — but still very relatable — perspective on time.

Putting time in perspective
Humans are good at a lot of things, but putting time in perspective is not one of them. It’s not our fault—the spans of time in human history, and even more so in natural history, are so vast compared to the span of our life and recent history that it’s almost impossible to get a handle on it. …

To try to grasp some perspective, I mapped out the history of time as a series of growing timelines—each timeline contains all the previous timelines.

You move quickly through the last day, week and year, through timelines of a 30 year old and a 90 year old, all the way back to when humans diverged from apes, and the ages of the Earth and Sun.

weeks-years-2

History is much closer than you think.

Trump’s version of a paperless office?

This shouldn’t surprise us, I suppose.

Meet the guys who tape Trump’s papers back together
Armed with rolls of clear Scotch tape, Lartey and his colleagues would sift through large piles of shredded paper and put them back together, he said, “like a jigsaw puzzle.” Sometimes the papers would just be split down the middle, but other times they would be torn into pieces so small they looked like confetti.

It was a painstaking process that was the result of a clash between legal requirements to preserve White House records and President Donald Trump’s odd and enduring habit of ripping up papers when he’s done with them — what some people described as his unofficial “filing system.”

Makes me wonder if that Trump Kim document is worth the paper it’s written on.

University data breach

With GDPR still getting attention, here’s news that the Information Commissioner has fined the University of Greenwich over a significant data breach that happened in 2016.

Greenwich University fined £120,000 for data breach
The fine was for a security breach in which the personal data of 19,500 students was placed online. The data included names, addresses, dates of birth, phone numbers, signatures and – in some cases – physical and mental health problems. It was uploaded onto a microsite for a training conference in 2004, which was then not secured or closed down.

The Information Commissioner said Greenwich was the first university to receive a fine under the Data Protection Act of 1998 and described the breach as “serious”.

[…]

In a statement, the university said it would not appeal against the decision.

It said it had carried out “an unprecedented overhaul” of its data protection and security systems since the discovery of the breach in 2016, and it had invested in both technology and staff.

So the personal data was added to a website in 2004 and left there for 12 years until the breach was discovered?

The University of Greenwich fined £120,000 by Information Commissioner for “serious” security breach
The investigation centred on a microsite developed by an academic and a student in the then devolved University’s Computing and Mathematics School, to facilitate a training conference in 2004.

After the event, the site was not subsequently closed down or secured and was compromised in 2013. In 2016 multiple attackers exploited the vulnerability of the site allowing them to access other areas of the web server.

A timely warning for others, I guess. Under GDPR, these fines could be significantly higher.