SHARE

Stumbling Upon Secure Data

Stumbling Upon Secure Data
October 1, 2007

Journalists, students and non, often find themselves walking the fine line separating personal privacy from their obligations to the public at large. So when a new hire at Western Oregon University’s student newspaper happened across a file containing former students’ Social Security numbers on the university’s public server in June, he and the student editor resolved to immediately inform the administration -- and also make a copy of the file for reporting purposes. The students subsequently published a special issue of the Journal, distributed during graduation week, detailing the security breach but void of any of the private information found in the file.

Still, as the Portland Oregonian reported, the student copy editor who initially found the file faced a disciplinary hearing Friday and penalties up to and including expulsion for allegedly violating the institution’s computer use policy. And while officials decided against expulsion Friday -- opting instead to require the student to complete a presentation on "acceptable computer use" and write a newspaper commentary on university policies, according to The Oregonian -- the adviser for the Journal got a letter in August indicating that her annual contract would not be renewed.

“I feel as an adviser, as many advisers do, that oftentimes we’re really forced between loyalty to the university and loyalty to an independent press,” Susan Wickstrom said Friday. “I feel like my job as an adviser is to be loyal to the student press. And in this case, it cost me my job.”

But the issue, said Mark Weiss, executive vice president of finance and administration at Western Oregon, was not the student newspaper's coverage of the security slip, but instead the making and keeping of copies of the data. "The fact that copies were made of confidential information contrary to our university policy ... that’s the only issue that I have.”

“From my perspective [the student] was given bad advice,” Weiss said. “And certainly a university employee, an adviser to the newspaper, should not have accepted any copies.”

In retelling the tale, Wickstrom said that she was “half-listening” and “in some proximity” while the student editors conferred about the newly found file, discovered during the Wednesday of “Dead Week” before finals. Within five minutes, the editor-in-chief left to inform administrators, and while Wickstrom said she could not remember the details of when students copied the file onto a disk, she said the editor did ask if she could keep it in her office. “I just said, 'OK,' I wasn’t even positive what was in the file. I just knew it was some evidence that they were using to work on a story.” She said she put the disk in an envelope and went home for the long weekend (she worked Monday through Wednesday).

On that Friday, June 8, she said she received a call from university computing telling her that security had let officials into the newsroom, where they searched the computers. “I was horrified,” Wickstrom said of the search.

“The one thing that I hope doesn’t get ignored by anybody is the fact that school officials searched a newsroom. That’s outrageous; we just don’t do that in this country,” said Mike Hiestand, a legal consultant and lawyer for the Student Press Law Center, who added that newsrooms, including college newsrooms, are protected from search by law. (Weiss confirmed that officials went to the college-owned newsroom to remove the copied files, but could not “confirm or deny” whether a search of the computers occurred when students and staff weren’t present).

Wickstrom said she talked to the editor-in-chief over the early June weekend and, learning that he’d already told the administration of the disk’s existence, advised that he return it to the administration. The student had in the meantime taken it from her office drawer without her knowing, Wickstrom said. Upon learning that, she volunteered to pick it up from his home and bring it to the administration -- which she said she did.

University officials deleted the file originally downloaded to the copy editor's personal laptop, the academic year ended, the four-page special edition of the Journal with the article -- which Weiss said he thought was balanced and which he had no problems with -- was distributed, and everyone went home.

In August, Wickstrom received a notice indicating that the university might not renew her contract because she “didn’t advise the students about the information that they had recovered adequately,” and for allowing students to take the disk off campus. Two days after a hearing, she received a letter via registered mail saying that her contract would not be renewed. Weiss declined to comment on Wickstrom’s case.

"What I did ask," Weiss said of the entire situation, "is that any copies of files that should not have been copied ... that we needed to erase them, destroy them. And that was the only goal we had and it was limited to those files that we were told were copied. It was our obligation to the privacy of those students to do that."

But Hiestand of the Student Press Law Center defended the right of the student journalists to keep the evidence while reporting the story. “Keeping that information so they can write a story was entirely appropriate. I trust that they took care of it and disposed it properly,” Hiestand said.

“It’s one of those things where I think the student newspaper covered the story exactly how a newspaper should cover a story. They found there was a problem with the security, as far as student files and things go, and they reported on that. They made a decision not to use names or anything like that.”

“To now target the adviser and, at least indirectly, the student newspaper -- that’s a poor choice.”

 

 

Please review our commenting policy here.

Most:

  • Viewed
  • Commented
  • Past:
  • Day
  • Week
  • Month
  • Year
Loading results...
Back to Top