Notification of error in mystudies.au.dk

Due to an error in mystudies.au.dk, several members of administrative staff may have had unauthorised access to information about students. The error has now been corrected and reported to the Danish Data Protection Agency.

Photo: Colourbox

An error in the update of the mystudies.au.dk IT system means that, in some cases, members of AU staff with administrative or support rights in mystudies.au.dk were able to see the subject line and sender on emails that students received in post.au.dk and on messages that students received in Brightspace. This error was present in the system from June 2020 until May 2023.

It should be emphasised that members of AU staff were not able to open these emails and messages; they were only able to see the subject line and sender.

This information is usually anonymised but, due to the system error, the anonymisation process was not always performed.

AU has taken the following action:

  • Identified and corrected the error in mystudies.au.dk so that it is no longer possible for employees with administrator or support rights to see the subject line and sender on student emails.
  • Reported the error to the Danish Data Protection Agency as a breach of personal data security.

AU Student Administration and Services, who are responsible for operating mystudies.au.dk, say the error is regrettable, but they also stress that members of AU staff with mystudies.au.dk access rights were not able to open any of the emails and messages – and therefore that the error will not result in negative consequences for students.

The subject lines of the emails and messages in question could not be accessed by anyone else within or outside AU.

Therefore, you do not need to take any further steps.

Who had access? Mainly student counsellors and IT supporters

It is typically student counsellors who have administrator or support rights to mystudies.au.dk. They use these rights to get an overview of the student’s academic history in order to offer the student advice and guidance.

Staff with support functions in AU Educational Administrative Systems also have access rights to mystudies.au.dk, which they use to debug the system and help students.

In both cases, these access rights must be approved by the employee’s immediate supervisor. Educational Administrative Systems regularly cleans up access to the system, so that AU employees only have the precise number of access rights they require.

Any questions?

If you have any questions about the above information, you are welcome to contact the support team at AU Educational Administrative Systems at studiesystemsupport@au.dk or on 87 15 07 77 (open Monday to Thursday 09:00-15:00 and Friday 09:00-14:00).

If you have any questions about the notification of the breach to the Danish Data Protection Agency, please contact AU's Data Protection Unit at dpo@au.dk

If you would like to complain about how AU processed your personal data in this case, please contact the Danish Data Protection Agency.