The Information Commissioner’s Office is looking into the handling of personal data by , a website that encourages students to publicly comment on the performance of their university teachers.
The ICO, the UK’s independent authority for upholding information rights, has responded to at least two complaints about the site from lecturers. Rate Your Lecturer denies that it has broken any rules.
The site, launched by Sterling Ideas earlier this year, attempts to give a full list of academic staff at each UK higher education institution.
Bill Cooke, head of the department of organisation, work and technology at Lancaster University Management School, previously raised concerns that because the site was not registered as a data controller with the ICO – a requirement for firms that store personal data – it was in breach of data-protection rules.
Professor Cooke, along with at least one other lecturer, made a formal complaint to the ICO, alleging that the website refused to remove his personal details when requested to do so – something that he believes the site is obliged to do. The ICO has confirmed that it is investigating “several complaints” relating to Sterling Ideas under the Data Protection Act.
A second complainant, Bernardo Batiz-Lazo, professor of business history and bank management at Bangor Business School, Bangor University, said his concern was also around the use of his name without prior consent.
Michael Bulman, founder of the Rate Your Lecturer site, denied that his company had contravened any legislation or regulations, stating that all of the personal information about academics on Rate Your Lecturer was already “in the public domain”.
“We would also point out that we have a comprehensive reporting system on the website, for anyone objecting to specific ratings, although to date…the vast majority of ratings have been constructive and positive,” he said.
The ICO spokesman added: “We are currently making enquiries to see what action, if any, is required.”
If Sterling Ideas is found to be in breach of the Data Protection Act, it will be asked to change the way it operates in order to comply and to demonstrate that it takes its responsibilities under the act seriously.