On Feb. 5, students were unable to access their Georgetown University e-mail accounts for approximately 14 hours. The administration shut down GUMail in order to remove a message sent out to the University community, which contained confidential and sensitive information about three students. While the University responded properly, sending out the e-mail in the first place was an unacceptable and egregious error.
While the University’s response may have prevented undergraduates from receiving the message, more than 3,000 graduate students still had the opportunity to read it between 3:30 and 5:30 p.m., when the e-mail was shut down. Of the graduate students who received the message, around 900 have their e-mails forwarded to external accounts and consequently still have the e-mail, according to Beth Ann Bergsmark, director of Academic and Information Technology Services.
Two branches of the University are to blame for this incident: First, the Department of Public Safety, in a rush to send out a Safety Alert, posted confidential information about three students; second, the Registrar’s Office-responsible for the technical aspects of sending e-mails to students-mistakenly believed Student Affairs had approved the e-mail to be sent out.
No one outside of DPS should have had access to such confidential information. The contents of the broadcast e-mail belonged to a police log, and included students’ names, campus addresses, dates of birth and a description of the incident in which each was involved. Those responsible for drafting the e-mail should have carefully edited the content of the Safety Alert.
Disregarding procedures in Student Affairs, the Registrar’s Office never received approval to broadcast the e-mail. Subsequently, the message was never edited and reviewed, as it routinely would have been, resulting in the major breach of the three students’ privacy.
This incident also raises questions over administrators’ ability to protect confidential information that all students entrust to the University. The University must create a mechanism to properly review broadcast e-mails before sending them out to prevent a similar incident from occurring again.
Administrators should be commended for preventing the wider student body from receiving and reading this message; the immediate shutdown of the e-mail system was both logical and efficient. But had the University-and more specifically DPS-applied such efficiency to reviewing broadcast e-mails, this embarrassing ordeal would have never taken place. The message is still out there, and because of DPS’ incompetence, the Registrar’s negligence and the University’s general unwillingness or inability to properly regulate and standardize broadcast e-mails, they have damaged the reputations and integrity of three students.
