On Monday, Feb. 26, the University of North Georgia’s Office of University Relations emailed all students regarding improper access of Banner information in January.
The email cautioned students that a former student employee inappropriately accessed information protected by FERPA (Family Educational Rights and Privacy Act), though it said there is no evidence the data has been misused.
“FERPA … specifies that institutions may not disclose information contained in a student’s education records to any third party, without the student’s written permission,” Kate Maine, chief of staff for the Office of the University President, said in an email.
The improper access was discovered during routine system maintenance performed by the Office of Information Technology. The information accessed was primarily directory-level data, specifically name, ID number, gender, major, concentration, dorm or commuter status, class, address, phone number, adviser name, email and campus.
FERPA protects ID number, gender, residential status and adviser name. The rest of the categories can legally be disclosed by the university without student consent, except when a student requests otherwise.
According to Maine, the situation was discovered and reported on Jan. 18. A criminal investigation began immediately; it is ongoing.
“To my knowledge, this has not happened before, and we believe it to be an isolated incident,” Maine said.
To prevent similar cases in the future, the Office of University Relations asked students to report any indication of information interference or misuse in their Banner accounts to UNG police. The email also suggested students monitor their credit reports and financial accounts.