A faulty procedure

What is the point of an unenforceable policy?

That is what we of The Red & Black’s editorial board are left wondering this week after finding out a University employee, and convicted felon, had access to students’ Social Security numbers. The University’s policy requiring all employees and most non-student employees to report an arrest within 72 hours and a conviction within 24 hours to the Office of Legal Affairs is one University officials admit cannot be fully enforced.

Tom Jackson, vice president for Legal Affairs, told The Red & Black if an employee is arrested “in a distant place, we may or may not be aware of it.”

Jackson said “someone determined to be dishonest can get around the system at times.”

The University employee in question worked for almost a year as a computer specialist in the Registrar’s Office, despite facing charges of felony theft by deception. William O. Mullen accepted a plea deal April 28, in which he pled guilty and received a 10-year prison sentence.

A week after he accepted the deal, Mullen notified the OLA, and his access to University servers and databases was stripped.

In the University’s defense, the conviction was not on Mullen’s record at the time of his hire and according to Jackson, two separate parties were contacted from his previous employer, who each gave him good recommendations.

We understand the difficult nature of keeping tabs on employees and ensuring they are not criminals.

But we expect policies to be put in place for a reason, and for those policies to be able to be followed through.

University employees in a “position of trust,” who have access to the private information of students, faculty or staff should be monitored more closely than those who are not.

Jackson said Mullen was not considered to be in such a trusted position, however a document obtained by The Red & Black shows Assistant Registrar Rosemary Segreti specifically using that phrase in reference to Mullen.

And if employees with access to Social Security numbers are not considered to be in a position of trust, then who is?

The bottom line is the private information of students, which should be protected at all costs, was at stake while Mullen was employed by the University. And something more than an initial background check needs to be done for employees with access to that information.

It is not our job to come up with ways to enforce the University’s policies, but we think employees who have access to private information should fall under a higher level of scrutiny than the regular employee.

It would cost less for the University to run annual or semi-annual background checks on employees in positions of trust than it would for a slew of lawsuits to be lobbied against it.

Two internal audits by the University found no evidence Mullen had accessed students’ private information.

But how are we to know for sure?

-Brittany Cofer for the editorial board.