Federal officials last week found ”potentially serious shortcomings” in how the University of Utah informed students of an alleged rape on campus last Halloween — the second time in less than a decade that the school has been found deficient in its crime reports. 

At about 12:30 p.m. on Oct. 31, a woman reported being raped at gunpoint by a masked man in her truck, which was parked in the Merrill Engineering Building parking lot. More than two hours later, university officials sent campus text and email alerts about the report. But detectives put the case on hold after more than a month of investigating, sending out an email that many frustrated students felt discussed the woman unnecessarily and insinuated she was lying.

But then-U. student Harley Lennon saw another problem with the U.’s handling of the alleged attack: she believes the way school officials disseminated information immediately following the report violated requirements in the federal Clery Act, which took effect in 1991.

The U. failed “to rapidly and accurately report the incident of sexual assault, thus putting the entire campus in harm‘s way,” Lennon said.

U. Police Chief Dale Brophy disagreed, saying he takes campus crime reporting “very seriously.” He addressed some of the issues raised by Lennon after meeting with her and Lori McDonald, dean of students, in November.

Lennon still decided to file a complaint with the U.S. Department of Education soon after the meeting. And last week, the department agreed there was something amiss.

The U. “will be required to work with Department officials on appropriate improvements and reforms to help ensure future compliance,” wrote Candace McLaren, director of the department‘s Clery Act Compliance Division.

This finding comes as campuses across the nation are being scrutinized for their handling of sexual assault complaints. Though federal documents show the U. is the only Utah school to be reviewed for problems with complying with the Clery Act, it is among five Utah schools — including Westminster College, Utah Valley University, Brigham Young University and Dixie State University — being investigated under Title IX, a different federal law that requires schools to swiftly resolve complaints of sexual violence and/or harassment.

McLaren’s letter did not specify how the U. was deficient or what intermediate steps would be taken to ensure the problems were fixed. However, Lennon focused on two areas in her complaint: timely adding the report to the campus crime log and timely warnings to the campus community.

The Clery Act requires institutions that receive federal funding to publicly release data on crimes, including sexual assaults, committed at or near the campus.

Specifically, universities are required to add incidents to a daily crime log within two business days of a report. Lennon claims that the alleged attack still was not added to the crime log by Nov. 20, about three weeks after the woman reported.

Brophy agreed that the reported rape was not added to the crime log immediately — but he said that was a unforeseeable mistake.

The U. has a system in which the daily crime logs are autopopulated, with a 48-hour delay, Brophy said. But officials opted to temporarily password-protect this crime report, he added, because it was so high profile and he didn’t want information to be leaked to the public.

That decision meant it was not automatically added to the crime log, he said, and detectives were unaware of this problem until Lennon brought it to his attention in November.

"As soon as she said it, we had the glitch fixed,’ Brophy said. “She was accurate, and I think it was great because otherwise we wouldn’t have known.”

Under the act, institutions also must "issue timely warnings to alert the campus community about crimes that pose a serious or continuing threat to safety” — colloquially known as campus crime alerts.

The alert was not sent out until 2:54 p.m., Lennon said, more than two hours after the reported rape. That alert did not include information about the presence of a firearm.

Brophy said he delayed sending out the alert because detectives were attempting to gather as much information as possible, which was difficult because the alleged victim was tentative at first. The last thing he wants to do, he added, is send out an incorrect alert.

“There is no specific guideline for when an alert is sent out,” Brophy said. “We were making sure we were able to gather correct and accurate info so when we sent it out people could protect themselves.”

And though the firearm was not mentioned in the text message, Brophy said, it was included in an email blast to the campus community. There was a link to that email in the text message.

“We only have 140 characters [in the text messages] so the most important information is included,” he said. “In hindsight [the gun] was a big deal but it was included in the email message to all people.”

The U. last was found in violation of the Clery Act in 2011, when the feds found that the U. did not have adequate Clery policy statements and failed to classify two burglaries in 2007 appropriately.  It also did not accurately disclose crime statistics for 2007 and failed to disclose crimes that occurred in certain noncampus areas from 2006-2008.

Brophy has not heard from the department since December, he said, but is ready to work with federal officials when they reach out.

Since the alleged attack on Halloween, Brophy said, the U. has been making significant changes on campus.

For example, the U. is making about $390,000 worth of changes — such as implementing mandatory assault prevention training, increased lighting on campus, assigning additional support faculty and a comprehensive website — as part of a plan to boost safety at the U.

These changes were recommended by a campus safety task force created by U. President David Pershing following the alleged attack, Brophy said, adding that the reviewing the department’s response “had a positive impact on the university.”