The University of Virginia is cleaning up its mistake after releasing thousands of student social security numbers. A task force has just released a list of changes to ensure student security.
The task force is reviewing the university's policies for protecting students. It has just finished phase one - figuring out what happened, and how to make sure it doesn't happen again.
Based on suggestions from the task force, the university will no longer download social security numbers into the student health database. The program that pulled the social security numbers from the database will no longer be used and future Aetna student health brochures will not be sent to students by mail.
Next the task force will look at new potential steps the university could take to ensure the security of personal information for UVA students, faculty, staff, patients and vendors.
Right now the task force is made up of representatives from different areas of the university. Moving into this second phase, representatives from the faculty, student body and medical center will join the team.
University of Virginia PRESS RELEASE
CHARLOTTESVILLE, Va., Aug. 2, 2013 — A task force appointed by University of Virginia President Teresa A. Sullivan has completed the first phase of its review of University policies and procedures regarding the protection of personal information and related data.
Sullivan announced the formation of the task force July 22 after the University learned of the inadvertent use of student Social Security numbers on a brochure mailed by Aetna Student Health in July.
Phase one included taking immediate steps to analyze what occurred, mitigate the situation, and prevent a recurrence. As a result, social security numbers no longer are downloaded into the Student Health database, the particular query used to pull student information for mailing labels will no longer be used, and future communications regarding the Aetna student health plan will not be sent by mail. In addition, the task force alerted University schools and departments to request that they handle any planned student mailings by e-mail or to ensure that mailing labels do not display unnecessary personal information.
The second phase of the task force's work will review further potential steps the University should take to enhance the security of personal information of students, faculty, staff, patients and vendors. The task force will review where personal information is collected and stored, confirm that personal information is requested only for legitimate business purposes, and determine whether the University should enhance its existing security controls and policies for personal information. Recommendations for improvements will be made where determined to be appropriate.
Executive Vice President and Chief Operating Officer Pat Hogan serves as chair of the task force and the Office of General Counsel advises it. Members of the task force include representatives from the offices of Internal Audit, Student Affairs, Compliance and Enterprise Risk Management, Human Resources, and Information Security. As the group begins the second phase of its work, it is adding members from the Medical Center, as well as student and faculty representatives.
Sign Up for Email Alerts
Sign up to receive NBC29 news and weather updates in your inbox daily.