According to its December faculty and staff newsletter, Kansas University is planning to launch an entirely new look for its Web site on Jan. 17.

Perhaps the time the university has spent formulating a new “visual identity” for its Web site could have been better spent ensuring the confidentiality of information submitted to its online sites.

The KU Student Housing Department’s Web site was shut down earlier this month after it was discovered that credit card and Social Security numbers for about 9,200 current and former students were exposed to site visitors. The security lapse was blamed on the fact the site didn’t comply with university policy.

The security problem reportedly surfaced during a routine audit of the university’s Web sites on Dec. 16, and the housing site was shut down the same day. However, the list that was exposed included names, addresses, partial and complete credit card numbers and other information about housing applicants stretching back to April 29, 2001.

How long had it been since KU audited the site? Perhaps the information has only recently been revealed, but when 4-year-old data is being revealed, it raises questions about when the security lapse occurred.

Fortunately, KU officials said they found no indication that the information had been stolen or used, but it still isn’t comforting that private student information has been revealed through KU Web sites for the third time in the past three years. In January 2003, a hacker was able to download files on 1,450 foreign students at KU, and in August 2003, the names and Social Security numbers of 920 health care students at the KU Medical Center were posted on the Internet for about a week.

It would be interesting to know whether other U.S. universities are having similar security problems, but the lapses encountered at KU certainly wouldn’t be acceptable in a private business. Computer access to various university services is convenient, but the security of information submitted online has to be a top priority.

The newsletter story announcing the KU Web site’s new look informed employees that departments throughout the university who design their own Web pages would be expected to adopt new templates that conform to the university’s new style. “Workshops,” the newsletter said, “will be offered for Web administrators throughout the spring schedule to help with the transition to the new template.”

In addition to facilitating cosmetic changes to the KU Web site, perhaps those workshops also should include a refresher course on KU policies regarding the security of online information.