Getting used to new things takes time. Getting used to a multimillion-dollar software system is apparently no different.
Penn State is finding that out with its new LionPath system.
LionPath is the university’s $66.4 million replacement for the Integrated Student Information System. ISIS has been outgrown in more ways than one, unfortunately, sharing its name with a Middle Eastern terror organization. The system has been used for three decades, while student needs, plus computing systems, have changed around it.
$66.4 millionCost of LionPath system
But what exactly does it do? A lot more than you think. It’s not just something that keeps track of the number of credits a theater major has so she can see if she needs to take summer classes to graduate on time.
If you take a Penn State class, any Penn State class, ISIS is part of it. Oh, you’re a graduate student? Doesn’t matter. You go to med school? Yup. You’re taking a class with no credit at all? Still part of ISIS.
There are about 46,000 undergrads at the University Park campus alone. Factor in grad students, and 23 campuses, times about 30 years, and the system has been responsible for a lot of students for a long, long time.
But with the transition to LionPath, some users have reported that there is information that shouldn’t really be available, but was able to be accessed.
Users contacted the Centre Daily Times, saying they were able to search and find their family’s information. Now, for many in Centre County, Penn State is practically a family business, and with employees able to get tuition discounts for their kids, it makes sense that a number of employees’ children would be in the system.
The problem, they say, is that they were able to access the information, and that they were finding information about their minor children, kids who had taken part in summer or sports camps. The issue was being discussed on a university email discussion group, prompting a response from Penn State.
That response was, well, yes, information gets collected.
“As a necessary part of university business, LionPath displays data for students who have been enrolled in noncredit courses,” the university said. That information did include people, like school-aged kids in noncredit programs like camps.
That info, however, should only be accessible to authorized employees with the appropriate Family Educational Rights and Privacy Act training.
“This data is not made public and should only be accessed by an individual based on their assigned responsibilities related to an employee’s position at the university,” Penn State responded on the email group. “We understand your concern about viewing this data and have further limited the noncredit student information to only key functional offices.”
The thing was, according to Penn State spokeswoman Lisa Powers, all of the employees who viewed the information were, in fact, authorized, and “entrusted by the university to treat the access they were given responsibly.”
No unauthorized access to this date has occurred.
Penn State spokeswoman Lisa Powers
“... No unauthorized access (by hacking, phishing, password abuse, etc.) to this date has occurred,” she said. “No personally identifiable information was accessed by any unauthorized third parties.”
The university is planning meetings to discuss how noncredit registration will be done in the future, and the storage and retrieval of information as the change to LionPath continues. A group has been set up to specifically look at the issue of youth registration, and unnecessary records are being deleted.
Powers said LionPath was not the problem, but the changeover brought to light problems with the ISIS system.
LionPath is also just one change being made to information systems. Three systems are being changed in all. ANGEL, the university’s longtime learning management system, is being transitioned to Canvas, while WorkLion is becoming the new human resources and payroll system.
Penn State faced hacking problems and possible access to personally identifiable information last year when the university revealed separate intrusions into computers at the College of Engineering and the College of the Liberal Arts.