Eastern responds to email misstep

Corryn Brock, News Editor

Eastern says the email sent by a director Wednesday afternoon that contained the personal information of over 1,400 students was sent to approximately 399 students.

Of Eastern’s student population, not including high school dual enrollment students, 33.9% of students had their information included in the email. Nine percent of the student body received the information.

The email contained a file with the P.I.I., personally identifiable information, of freshman, sophomores and juniors. All information included in the file was the GPA, ethnicity, TRIO identification information, E number, name, major, email address, major and the students’ status upon enrolling at Eastern.

The name of the document was “Copy of Mentor List,” suggesting that the information was involved with the subject of the general email regarding a peer mentoring program out of the Office of Inclusion and Academic Engagement.

According to Eastern’s Vice President of Academic Affairs Jay Gatrell, once the problem was realized Eastern’s ITS went in to students’ emails and extracted unopened emails associated with the attachment. An email was then sent to tell potential recipients the email was an error, should not be opened, and also should be deleted.

This however did not stop those students who received the information from downloading the attachment and sharing the information within it with their peers.

According to some students on campus, as news of the attachment spread, so did the information it contained.

“I’m not sure I have a specific piece of advice on that or how to possibly control that, that’s going to be out of (student’s hands) and out of our hands at this point and that is very unfortunate to hear that that has happened,” Bennington said.

Those students who would like to take some action against university regarding the matter are afforded the right to do so under the Family Educational Rights and Privacy Act.

Subpart E, 99.63 of FERPA explains that those seeking to file a complaint against Eastern can do so by submitting a written complaint with the Family Policy Compliance Office of the U.S. Department of Education at the following address:

Family Policy Compliance Office, U.S. Department of Education

400 Maryland Avenue, SW.

Washington, DC 20202.

Bennington said this issue was not a misunderstanding of guidelines and Eastern will not be changing its guidelines going forward, rather it was an accident.

Bennington said the director who sent the email had and was given access to the information as standard protocol and did not obtain the information without Eastern’s consent, according to Bennington. She uses student information in her day-to-day work.

Mona Davenport, executive director of the Office of Inclusion and Academic Engagement, was the Eastern director who sent the message. She agreed with Bennington when she explained what led to the email being sent.

“My office was sending out e-mails to a select group of students to apply for our Panther Peer Mentoring Positions (our EIU Mentor programs serving Freshmen Connection, LEAP, TRIO, Focus and/or iSTEM to mentor our new incoming freshmen students).  We sent out (8) blind copied e-mails and one of the e-mails – unfortunately had the attachments that was inadvertently attached,” Davenport sad.

After it was realized that one group of the email recipients received the attachment, ITS was contact. ITS then removed the emails from all student inboxes, according to Davenport.

“Once we realized the mistake, we contacted ITS and they took steps to extract ALL the emails from student’s boxes, we sent an e-mail to the students from the group that received the attachment, and we then sent an e-mail to the students on the Excel to (explain) the situation,” Davenport said.

Bennington said the email will serve as a lesson.

“Obviously this is a teachable moment for the person involved,” Bennington said.

Davenport said she understood the gravity of the situation.

“I do not take this lightly and certainly wish no harm to any student.  As mentioned by Dr. Glassman, we are reviewing what occurred and will take steps to prevent similar accidents in the future.”

University President David Glassman sent an email to the students whose names and information could be seen in the document. It explained the situation and what the university did and did to fix the mistake.

The email said that though the information was confidential and protected by FERPA, the information was not considered high-risk for identity theft.

“EIU takes this and any other data breaches extremely seriously. We will continue to work behind the scenes to mitigate any further disclosure of this information, and continue to work on improving our systems to prevent similar incidents from occurring in the future,” Glassman said in the email.

He also referred students who had questions or concerns about the incident to Bennington. His contact information is [email protected] and 581-3511.

Glassman said the accident will be used to help in the future.

“The accident is being reviewed and we will assess how the error occurred and continue to work on improving our systems to prevent similar accidents in the future,” Glassman said.

Gatrell and Laura McLaughlin, Eastern’s General Counsel, referred all questions about the email to Bennington Thursday.

Public Information Coordinator Josh Reinhart said the university will not be writing a press releasing on the matter.

 

Corryn Brock can be reached at 581-2812 or at [email protected]