Northern Kentucky University is taking steps to ensure the personal information of staff and students remains safe, but what happens if something slips out?
Sara Sidebottom, the vice-president of legal affairs and council, said that there have not been any leaks of student information.
She said the current systems are being upgraded as part of the PRISM project. In an effort to prevent leaks, the improvements are about two-thirds finished.
After the changes are complete, social security numbers will no longer be used to access student information. Instead, everyone will be issued a number.
Faculty Senate discussed using social security numbers used to access information systems at its meeting Oct. 22. After recent accounts of laptops with personal information being stolen, some staff members were concerned about security at NKU.
A $1 million interim fix was proposed, but denied because it was not cost efficient. The new system is expected to go into place in about 18 months.
But for the next 18 months, social security numbers will still be the primary access to student information. Sidebottom said that information systems at NKU are secure and can only be accessed with a designated username and password.
NKU has taken some other steps to safeguard student information. In November, Find-It!, the university directory, began to require a password to access student information from off-campus. Previously, for students who lived off-campus, it meant their permanent address was easily attainable.
Kathy Bennett, manager of the Web team in Information Technology, said that students could opt out of the directory, but IT found that few students actually did.
If faculty or staff lose information, they would be held personally liable. However, Sidebottom said the circumstances would necessitate each situation be handled differently. For example, information stolen from an unlocked office is different than a thief breaking into a locked office.
Sidebottom said that she doesn’t know why a faculty/staff member would take a student’s personal information off campus. But if they do, and the information is stolen, the faculty/staff member would be held personally responsible.
Penalties for losing the information would depend on if the information was permitted to leave campus and if the proper measures were taken to secure it.