Engineering attachment results in new policy
August 28, 2007
The University has yet to notify affected undergraduate engineers whose personal information was revealed in an e-mail that appeared in the in-boxes of all electrical engineers last week.
The e-mail, sent on Aug. 24 at about 8 a.m. to 714 students, accidentally contained an Excel attachment called “Fall 2007 – Undergraduates – Aug 2 2007.” The spreadsheet included the names, ethnicities, races, genders, e-mail addresses, local addresses, hometowns, semesters of admission, majors, GPAs for Spring 2007, and cumulative grade point averages for 5,247 undergraduates currently enrolled at the University. Freshmen without any course credit did not have a listed GPA.
“It is an unfortunate thing, but it was an accident and accidents happen,” said Robin Kaler, University spokeswoman.
Students who spoke to The Daily Illini were not so understanding.
“All of those people have access to my grades?” asked Devin Brown, senior in Chemical Engineering, an LAS program that is affiliated with the College of Engineering. Brown, along with some students in the College of ACES, is among those outside the College of Engineering that were nevertheless affected by the e-mail.
Get The Daily Illini in your inbox!
The Director of Special Programs for the College of Engineering, Dr. Susan A. Linnemeyer, sent out the first e-mail, which was about a new class being offered in Lego robotics, and then another at about 10 a.m. notifying the electrical engineers of the accident and urging them to delete the file from their computers.
“C’mon who’s going to do that,” Brown said. “Sure, some people are going do it, but everyone’s not going to erase it.”
Craig Starr, senior in Electrical Engineering, also had his doubts.
“I don’t think I would have paid attention until I saw the (second) e-mail” he said. “I’m sure that some of them will delete it, but I wouldn’t bet that all of them would.”
The College of Engineering, Kaler said, already has a policy about not putting attachments into mass e-mails.
She said that the college will be responding to this incident by restricting access to confidential data, training administrative personnel to handle personal information and requiring that mass e-mails be pre-approved by an associate dean.
The dean will then check the e-mail with the information technology department. Both of these steps are planned to be supervised by a new administrative position, the Chief Information Officer, Kaler said.
This is not the first time personal information about University students has leaked out of the College of Engineering.
For about six weeks in Jan. and Feb. 2006, the Department of Computer Science accidentally put the names, Social Security numbers and University Identification Numbers, commonly known as UINs, of some of its students on a Web site that officials thought was restricted. In that case, a posted Excel spreadsheet was also to blame for the disclosed information.
“The key is to prevent this from happening again,” Kaler said.
The College of Engineering will be the only college applying these new safeguards. There are currently no changes taking place to ensure data security for students in other colleges within the University.
“Campus administration and legal counsel are working on this issue and, if they determine that a campuswide solution is needed, that’s what we’ll have,” Kaler said.