BY Alicia Barney
Following the leak of Mayor Lewis Billing?s academic summary to the Deseret Morning News last month, reform has been called to tighten security on BYU records.
Ford Stevenson, dean of Student Academic and Advisement Services, said no changes have been made to the records system yet, but plans are being made to complete a lengthy assessment of the system to ensure the university is in accordance with the Family Educational Rights and Privacy Act, or FERPA.
?We have decided we are going to revaluate our security measures,? Stevenson said. ?This will require us to work closely with OIT [the Office of Information and Technology]. Any changes will come as result of that evaluation.?
The planned evaluation of security procedures will focus on training, Stevenson said.
?We are going to look at the training programs we use,? he said. ?We are seriously looking at an online training program. On annual basis, everyone who has access to AIM would go through the program again.?
Currently, both students and full-time employees who work with student records are required to undergo rigorous FERPA training, said Carri Jenkins, BYU spokeswoman. Employees must sign a confidentiality agreement that they will not release any records or discuss them beyond the bounds of what is necessary, she said.
Jenkins said campus offices have stressed FERPA and confidentiality with employees since the breach.
?We have reiterated and emphasized our policies and the agreement that has been signed with employees,? she said.
Stevenson said the current system has security strengths.
?This situation actually pointed out some of the safeguards that we had in the system,? he said. ?We identified individuals that accessed the records very quickly.?
The university tracks anyone who accesses records on the AIM system so they can be identified. The system allowed the university to find information about who accessed Billings? records, Stevenson said.
?There are a couple of individuals that are being involved in an inquiry by the Honor Code office,? he said.
Both Jenkins and Stevenson said this is the only known breach in which records were leaked to an outside agency.
The university is concerned about these and other violations of privacy, Stevenson said.
?We encourage people to report FERPA violations, and people do,? he said. ?Then we immediately take action by visiting with supervisors or FERPA retraining. We take this very seriously, we want to stay in compliance with the policy.?
Stevenson said about 1,400 full and part-time employees on campus have access to student records, including advisement center and graduate school employees and administrators ? ?people that need the records to do their jobs.?