Message from the Provost, Murray Knuttila
I am writing to inform you that some of your student information was inadvertently made accessible through Internet searches. This occurred when a file containing some student information was accidentally uploaded onto a publicly accessible Brock website by a library employee. The information file included all student names, student numbers, phone numbers, mailing addresses and email addresses. The file that was inadvertently uploaded has been deleted. All student files are now safe and secure.
University officials were alerted to the situation on Jan. 28 when a student told library staff that he had accessed some of his own information when he did a Google search of his name. University staff immediately deleted the file and contacted Google to have all of the information erased from any search archives or indexes. It is extremely unlikely that the information contained in the file could be used to access any further personal information at the University, because of password protection and security measures that are in place.
A situation like this is not something we take lightly, and immediate steps were taken to reduce the risk of any recurrences. Brock University is committed to the highest level of security of student information and the protection of privacy, and has informed the Office of the Information and Privacy Commissioner/Ontario of the incident to ensure that all obligations under the Freedom of Information and Protection of Privacy Act are fullfilled.
Although there is no immediate risk posed by this incident, we routinely encourage students to regularly change their passwords for security purposes. Students can access the passwords for their campus accounts through the portal at my.brocku.ca
If you have any questions regarding this matter, please contact University Communications at univcomm@brocku.ca or at 905-688-5550 x4687.
Murray Knuttila
Provost and Vice-President Academic
Unacceptable.
Do you think Brock students are naive or dumb enough to believe this story of a file with all student names, numbers, phone numbers, addresses, and e-mails was ‘accidentally’ uploaded to the internet without permission? I realize Brock is not exactly a world-class institution, but the idea that ANYTHING is uploaded ‘accidentally’ to the internet strikes me as ridiculous. Maybe next year we should all ‘accidentally’ upload $0.00
tuition to our student accounts.
You claim there is no immediate risk posed by this incident. How do you know? What if there is a young girl whose family is hiding from an abusive former step-father, and they’re trying to start a new life? So they get an unlisted phone number and they’re careful who they give their address to, only to find that Brock has thrown their address and phone number up on the internet!
And what if an advertising/junk mail company got ahold of this list? I’m sure there are many who would love getting access to a list of university students’ e-mails and addresses. Sure, this situation would only be a neusance, considering the other possibility outlined above, but still a serious breach of privacy.
I don’t know who this library employee was, but he/she should immediately be fired or at the very least we should be guaranteed that this person will never have access to sensitive student information again.