Protecting Privacy

12.14.2005 | Campus and Community, StudentsThe personal information of eight former prospective University of Dayton pre-med students was inadvertently retrieved by search engines following a programming error, but University officials believe no one accessed or used the data. The information has been permanently removed and cleared from all Web search engines.

The personal data, which included names, addresses, phone numbers, social security numbers, e-mail addresses, birth dates and parents' names, addresses and occupations, was discovered by a parent while conducting a search, according to Tom Skill, associate provost and CIO. Pre-med program officials had created a Web-based database to review applications that was believed to have been password-protected.

UD officials immediately pulled the file from the Internet, contacted major search engines to remove this information from their systems and wrote a letter of explanation and apology to all the affected students and their parents. UD also established a telephone hotline to respond to any student concerns.

"We are deeply concerned about this incident and regret that it happened," Skill said in a letter to applicants in UD's pre-med program. "The University of Dayton is committed to maintaining the privacy of personal information, and we are continually modifying our systems and practices to enhance the security of this information."

UD will pay for a yearlong credit protection service for the eight affected applicants as well as for 66 other students who applied to the program in fall 2004 or winter 2005. UD also initiated a campus-wide audit of Web databases for security compliance and is contracting with a security analysis agency to review all of its systems.

"We believe this is an isolated incident, but we are taking proactive steps to prevent such incidents from happening," Skill said.

Contact Tom Skill at (937) 229-3511.