BCIT has apologized after mistakenly sending the personal information of 134 students to 22 other BCIT students through e-mail on August 26, 2013.
After a privacy breach in June 2012 (unrelated to the incident on August 26) where personal medical records of more than 12 thousand students were accessed by an unauthorized third party, BCIT reviewed security processes to ensure privacy standards would be upheld and implemented further preventative measures and safeguards, according to the institution’s website.
Spokesperson for BCIT, Dave Pinton said the students who had their personal information sent out in error do not have reason to believe the information was used for unpermitted reasons.
“BCIT has conducted an investigation,” Pinton said, “and has determined at this juncture, and to the best of our knowledge, none of the information in the e mail has been used for unauthorized purposes.”
Abiding by its duty to protect the privacy of students and staff, BCIT did not approve a request from The Link to contact the students who had their personal information sent out accidentally for an interview.
“It is paramount that individuals (students, employees and others) be assured and trust that if they come forward to BCIT with a concern or inquiry about privacy (or security), any information that they supply is in confidence,” Pinton told The Link. “And that BCIT will use and disclose their personal information only to the extent necessary to investigate a possible violation of the law, and contain and mitigate any related harm.”
Other than through the institution, The Link also tried getting in touch with students who had their information sent out by mistake through social media and word of mouth inquiries but was unable get a hold of anyone.
Senior Editor for The Link and BCIT student Sarah Gray happened to be one of the students affected by the privacy related matter and came forward to say she was extremely concerned that her personal information was given out.
“It’s disturbing [we are] in an era where identity theft is [so] rampant that I could potentially be exposed,” said Gray. “I’m disappointed that the administration made such a mistake when I entrusted them with my personal information.”
Pinton told The Link that the information sent out accidentally was basic contact information.
“[It is] utilized for admissions, registration and other purposes related to the delivery of BCIT programs and courses,” said Pinton who listed the information sent out. “[It included] students’ name, BCIT student identification number, telephone numbers (home, cell and/or business phone), myBCIT e mail address, term code, program block (set) description [and] major and academic status code.”
Pinton said in an effort to lessen the risk of personal information being compromised, BCIT has taken some preventative measures:
An e-mail was sent immediately to the 22 students who received the information in error. The e-mail instructed students to disregard and delete the original e-mail attachment.
All 134 people whose information was sent out in error have been notified via their secure mybcit.ca account and their personal email account.
A letter outlining options and providing information on steps taken to ensure their privacy is being sent to the affected individuals via Canada Post.
Pinton pointed out that the individual who reported this matter to BCIT has indicated the institution has taken appropriate action in resolving the issue. Gray is still uneasy after the incident.
“I’m not sure what else can be done at this point,” said Gray. “An apology is really their only option, but I definitely wish it hadn’t happened.”
Pinton said BCIT regrets the situation has taken place and is reviewing security processes while implementing further preventative measures and safeguards to mitigate the possibility of this type of event happening again.