Personal information about College of Applied Sciences and Arts students, including their grade point averages, was accidentally emailed to more than 150 other students.

Much of what was contained in the March 30 emails included public information such as names, birthdates, addresses, phone numbers, genders, ethnicities, Dawgtags and majors, but GPAs were included as well, which violates the Family Educational Rights and Privacy Act. The Family Education Rights and Privacy Act is a federal law that protects the privacy of student education records. Schools must have written permission from an eligible student to release any information from his or her educational record, such as GPA, according to the act.

CASA Dean Andy Wang declined to comment and referred all questions to university spokesman Rod Sievers. Sievers said an adviser accidentally sent a list of graduation-eligible CASA students as an attachment to 154 students.

Advertisement

One student, who requested anonymity for fear of comments affecting graduation status, said he went to university legal services to file a grievance but was told he couldn’t.

“All I could do was send an email about complaints to the dean,” he said.

The student said a staff member pulled him out of class one day for an in-person apology. Many other students were also pulled from class that day, he said.

Jordan Moore, a senior from Pickneyville studying information systems technology, said his information was accidentally sent out and it bothered him.

“It’s random students that got my information, so that’s a little concerning,” he said.

Wang apologized for the error in an April 1 email sent to the affected students and obtained by the Daily Egyptian. He said the college had been working diligently since Saturday afternoon with message recipients to remove it from their inbox and trash box of their email systems. Wang asked for concerns to be directed to him or associate dean Joan Davis.

An updated email was sent out April 3 that stated faculty and staff had worked with students to ensure the information was deleted. Since that day, all but one student had deleted the message from their accounts, and three additional students had forgotten their university email passwords, according to the email.

Advertisement*

Sievers confirmed Friday all emails containing the information had been deleted.

Wang also stated in the email that the university’s chief information officer, student account manager, SalukiTech staff and information security officer were contacted and advised not to change passwords over the phone for CASA students with a Dawgtag number and birth date information. Instead, the email states, a student would need to show up to the bursar office for account changes with signed paperwork from the financial institution, a valid ID, and fill out the required university paperwork.

Michael Shelton, information technology deputy director, said he couldn’t discuss the specific incident, but the information security team has been working on a campus-wide policy for data encryption. If the university’s Board of Trustees pass the policy, he said it would require the university to encrypt data and prevent similar incidents from happening in the future.