The AMS leaked 24 student email addresses and possibly violated provincial privacy law in a mass email sent last week.
The email, sent by an AMS accounting employee on January 21 to students in co-op programs, included the email addresses of all 24 recipients in the to field, where they could be seen by other recipients.
The email was sent to co-op students informing them that they were eligible for a $100 refund for their completion of the co-op program.
![['auto']](https://storage.googleapis.com/ubyssey-staging/media/renditions/screen_shot_2021-02-02_at_12.14.41.original.png)
Under the BC Personal Information Protection Act, private organizations need to obtain consent before disclosing personal information. Email senders can put email addresses in the BCC field so other recipients cannot see them.
This incident is not the first case of the AMS leaking student information. The AMS accidentally leaked student emails in March last year, and in November the AMS came under fire for privacy breaches related to its club website.
However, despite these previous incidents, AMS President Cole Evans said that this breach was not a matter of poor practice or policy but rather a genuine accident.
“It’s important for students to know that these incidents are not the result of a lack of privacy practices and policy,” said Evans. “But rather honest mistakes made by hardworking staff.”
Evans said that the society is nevertheless taking the incident seriously and will be conducting an investigation.
Other measures being considered include automatic warnings if the email system detects a number of emails in the CC field. However, since the emails were put into the to field, it’s unclear whether that would have prevented this situation.
‘The AMS takes student privacy seriously,” said Evans. “And we are now investigating ways of centralizing outgoing emails to student lists to prevent future errors.”
Share this article
