ALBANY, Ga. — Darton College officials say they are continuing to work to correct deficiencies identified in a 2011 audit that revealed that documents containing sensitive or confidential information were mishandled by school personnel.
The April 2011 audit was provided to the Herald through a request made through the Open Records Act.
In the report, officials with the Board of Regents for the University System of Georgia noted gaps in Darton policies related to document management, data transfers, network security and various other policies and procedures.
The report noted that Darton's networking infrastructure was lacking to the degree that a "hostile network user could potentially intercept information transmitted through the campus network and exploit content."
"These (transfer) sessions transmitted personal, medical, and credit card information to and from various applications, and were not in regulatory compliance," the report states.
The report also identified gaps in Darton's handling of confidential information.
"Handling of sensitive and confidential information and access rights administered by department business function owners, designated trustees, and stewards was not effective or systematic to safe-guard information and information systems introduced unnecessary risk for associated key business functions," the report states.
Specifically, the report notes, "Sensitive (or) confidential data was found in every polled group in inappropriate places. Personal, work, and sensitive (or) confidential data was not being properly segregated or secured; and email transmissions were identified as containing sensitive (or) confidential data," the report states.
Darton officials say that they have been working with the board of regents and others to address the issues and shore up the college's information grid.
"We have been working on the items that the Board of Regents' Internal Audit Division asked us to improve on in regard to our policies and risk management. We are making good progress. We have had to purchase some software and hardware items, and we have had to delay some of the hardware items because of the need for additional funding. Our goal is to have everything completed by June 30, 2012," Ronnie Henry, Darton's vice president of Business and Financial Services, wrote in an email to the Herald.
In their official response to the audit, Darton officials say that President Peter Sireno has formed a Document Review Consistency Committee to review and revise key Darton policies and procedures.