Last April, a student accessed the personal records of current and past students—which included a limited number of students’ medical records—through the “Microwave,” Bowdoin’s shared storage server. The student promptly reported the accessed information to the Chief Information Officer and Dean of Student Affairs. Information Technology (IT) responded by the end of the day, and the files were no longer accessible to parties not meant to access them.

We commend the student who reported the incident to the Bowdoin administration promptly after discovering the information and IT’s quick response to the oversight. Accountability for administration, faculty, staff and fellow students holds our community together and ensures problems can be dealt with quickly and responsibly. Members of the campus community should not hesitate to reach out if they notice something awry.

Luckily, nobody’s data was compromised during this incident, but it would be dangerous if we moved on without learning from it. We want more transparency in how students’ data is protected, and we encourage a culture of collective responsibility.

While IT internally responded to the issue quickly, questions of how extensive the incident was, whose information was vulnerable and if the information was accessed by anyone else remain unanswered. Students have little understanding of the communication policy IT follows when there is a security incident, no matter the severity, and that should change.

Currently, data breaches are evaluated against the Written Information Security Program, which states that if an incident “requires notification under state or federal law,” then IT must follow the Bowdoin Incident Response Plan. This response plan is maintained internally by the IT department and is not accessible online, which is understandable from a security perspective. However, just because a potential breach does not meet the requirements to be a state or federal violation doesn’t mean it’s not a violation of student privacy that may warrant transparency.

IT’s current communication policies are spread out across Bowdoin’s website and unclear to someone seeking a direct answer to their questions. Many students have limited knowledge about data security, and as greater software reliance increases our susceptibility to data breaches, security standards should be communicated in an accessible and digestible form.

It is unclear whether IT reached out to students about the incident. There should not be ambiguity about potential data breaches, and students should know if their data is at risk, even among the campus community. We should have an open line of communication with IT about how our data is being protected.

That being said, IT’s fast and efficient response should not go unnoticed. IT prevented more private information from being made public, and we appreciate that IT acknowledged the gravity of the issue. The discovery of the security incident reminds us of the collective responsibility to look out for one another in a world becoming increasingly reliant on storing information online.

This editorial represents the majority view of the Editorial Board, which is comprised of Janet Briggs, Catalina Escobedo, Caitlin Panicker, Aleena Nasruddin, Kristen Kinzler and Vaughn Vial.