LYNCHBURG, Tenn. — Motlow College officials confirmed Monday that an email was mistakenly sent out to all 554 Motlow staff members containing Tennessee Promise students’ personal information, such as names, social security numbers, birth dates, and financial aid status.
Motlow College President Dr. Anthony Kinkel said Monday that the mistake happened as an attempt to alert faculty and staff of students who had not yet completed their required community service to remain eligible for the Tennessee Promise scholarship.
After realizing the mistake, a Motlow auditor sent out an email to the recipients the next day, asking them to delete the email. Kinkel said college employees could be fired if they spread the sensitive information to others, and he advised that students monitor their credit report closely.
The college released a letter from Kinkel on Monday saying:
“At 6:11 p.m. on Nov. 24, 2015, an email was forwarded to all Motlow State Community College faculty and staff containing an Excel spreadsheet with a list of students receiving the Tennessee Promise scholarship who had not completed or reported the required eight hours of community service due Dec.1.
“In an effort to ensure no students lost the Tennessee Promise scholarship, the list was sent to only faculty and staff to assist in making direct contact with each student.
“All faculty/staff were specifically advised to contact any student they knew on the list. Subsequently, the administration learned that the Excel spreadsheet contained more information than was originally understood, including sensitive personal and financial information.
“Upon that discovery, the email was immediately recalled at 7:38 p.m. on Nov. 24. The following day, faculty and staff were contacted about the error to determine if they received the email, deleted it, or forwarded it to another party.”
The letter continued:
“A second communication has been sent reminding faculty and staff of Tennessee Board of Regents (TBR) and College policies, G-053 Personally Identifiable Information (PII), G-051 Password Management, as well as their professional obligation to protect all sensitive information including, but not limited to, information protected by the Family Educational Rights and Privacy Act (FERPA) and/or sensitive financial information. They were reminded that they are subject to discipline up to, and including, the termination of their employment should they disseminate the information in violation of policy or applicable law.
“Motlow State Community College is monitoring the situation in order to identify persons who may have sent the information outside of the College and will take appropriate corrective action. At this time, the College has no information indicating that any of the information contained in the Excel spreadsheet has been misappropriated, or otherwise utilized for inappropriate purposes.
“We are aware that one employee forwarded the email to a non-employee email account.”
Additionally, the college is preparing a resource page on its website — <TNPromise.mscc.edu/PII> — to help those students who have been affected by the mistake. Information can also be found online at <http://www.mscc.edu/pii/index.aspx>.