Nothing Like Helping a Stalker Out…
Written by Michelle Sawicki
The title of this blog post is a bit facetious, but I was truly surprised when I read Wayne State University’s policy on “directory information.” You may be wondering what exactly “directory information” is. The term refers to students’ personally identifiable information that Wayne State University retains and, surprisingly, seems willing to share. Here is Wayne State University’s stance regarding directory information:
The university has designated certain personally identifiable information as directory information, which may be released at the University’s discretion to anyone who makes a request. At Wayne State University, directory information is defined as name, address, age or date of birth, level of education, major, degrees received, educational institution the student was most recently enrolled, honors, awards, e-mail address, participation in sports or other activities, and the height and weight of members of athletic teams (Wayne State University, 2013).
Now that you have read about directory information, are you a little disturbed by the realization that Wayne State University is potentially willing to share their students’ names, addresses, phone numbers, birthdates, email addresses and more with anyone who asks for it? If so, know that I was disturbed as well, especially after learning that other United States universities are doing the exact same thing.
Perhaps I shouldn’t be so critical of Wayne State or other universities’ privacy policies, for universities within the United States are adhering to the rules set into place by the Family Education Rights and Privacy Act (FERPA). It is the Family Education Rights and Privacy Act that governs United States’ higher education policies relating to student privacy. FERPA was actually created in an attempt to protect student privacy. “The Act gives current and former students the right to inspect and review their educational records; the right to seek to amend those records; and the right to have some control over the disclosure of information from those records. The Act applies to all educational institutions that are recipients of federal funding” (Wayne State University, n.d.). For the most part, FERPA succeeds at accomplishing what it was created to do.
Aside from directory information, FERPA appears to keep students’ academic records private and secure. “It protects students’ privacy by prohibiting institutions from engaging in unauthorized disclosure of education records and by imposing on faculty and staff members the obligation to take reasonable precautions to prevent misuse or unauthorized disclosure of education records” (White, 2013, January 11). School officials are permitted to view student records if they are deemed to have a legitimate educational interest.
A school official is a person employed by the university in an administrative, supervisory, academic or support staff position (including law enforcement personnel and health system staff) or a person or company with whom the university has contracted as its agent to provide a service instead of using university officials (Wayne State University, 2013).
“A school official has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibilities to Wayne State University” (Wayne State University, 2013). If someone other than a school official requests non-directory student record information, “schools must have written permission from the parent or eligible student in order to release any information from a student’s education record” (U.S. Department of Education, n.d.).
In addition to abiding by FERPA regulations, Wayne State University has created many of their own policies in an effort to keep student records private. Wayne State University’s Confidential Information Policies pertaining to student privacy are as follows (Wayne State University, 2007):
1. “Physical records, such as paper documents, should be kept in secure/locked storage if the location is unattended or if there is a significant potential for unauthorized acquisition. Confidential information should not be stored in locations such as filing cabinets located in hallways;
2. “Electronic devices, including both desktop computers and portable devices, that store confidential information should be password-protected;
3. “Portable electronic equipment such as laptops and other devices that are easily misplaced or stolen, such as smartphones, removable flash drives or other high capacity portable units must be stored so as to prevent unauthorized acquisition or else must be purged of confidential data;
4. “When feasible, the storage media and/or the files themselves should be password-protected and/or encrypted;
5. Physical records such as paper documents should be transmitted in a secure manner, such as sealed envelopes, and should be transported by authorized couriers;
6. “Electronic documents and other digitally-maintained data should be encrypted if sent in a digital format;
7. “Physical records such as paper documents should be shredded when no longer needed or required to be maintained;
8. “Electronic documents and other digitally-maintained data should be permanently deleted when no longer needed;
9. Digital storage media should be degaussed and/or destroyed when no longer needed;
10. “Users should ensure that machines in their care (desktop computers, laptops, other devices) are operated and maintained in a secure manner, using recognized best security practices, with up-to-date operating systems, anti-virus software, anti-spyware software and firewalls as appropriate and feasible. Users should seek technical assistance if necessary to ensure compliance; and
11. “User must immediately report any discovery that confidential information has fallen into unauthorized hand or a machine or storage device has been hacked, lost, stole or misplaced.”
How Privacy Measures Affect Students
Students are affected by university privacy policies in several ways. FERPA mandates that students have access to their own educational records (U.S. Department of Education, n.d.). In compliance with FERPA, Wayne State University also ensures that students can authorize specific people or entities to access their education records by filing an Authorization to Release Academic Records form with the Records and Registration Office (Wayne State University, 2013).
If a student believes his or her record is inaccurate or misleading, the student has the right to request the record be amended.
If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information (U.S. Department of Education, n.d.).
Parents who claim their child as a dependent have the right to inspect their offspring’s educational record (Wayne State University, n.d.). Not only does FERPA allow parents to obtain access to their child’s (possibly bad) grades, but FERPA also allows other universities to find out about a student’s bad behavior. A recent amendment to FERPA permits disclosure of records of disciplinary proceedings to officials at other schools to which the student has applied to do graduate work (White). Other possible disclosures include (Wayne State University, n.d.):
1. authorities in the case of an audit;
2. programs connected to financial aid;
3. organizations conducting studies for or on behalf of educational institutions;
4. accrediting organizations;
5. compliance with a judicial order or subpoena;
6. health or safety emergencies;
7. to a court if legal action has been initiated by the student or the institution;
8. to parents of a student under 21 years of age regarding violation of any law or institutional policy governing the use of alcohol or a controlled substance; and
9. to state and local authorities pursuant to a state law adopted prior to November 1974.
Some students undoubtedly feel their academic records should remain completely private, however, it appears there is little a student can do regarding the FERPA allowances. Wayne State University does give students the chance to opt-out of directory information disclosures by filing a Request to Restrict Release of Directory Information form with their Records and Registration office (Wayne State University, 2013).
Are Student Records Safe?
Overall I believe student academic records are somewhat safe. However, there is always the chance that a hacker could obtain access to electronic records or that a teacher’s computer or paper records could be stolen or secretly examined.
As for students’ contact information, I find it unsettling that there are laws allowing universities to divulge this information to literally anyone who asks. Perhaps a better approach to handling requests for students’ personal contact information would be to have a form set up on each University’s website that automatically emails a student when someone requests his or her contact information. The student could then approve or deny the request, which could also be an automated feature.
The government and universities do take measures to ensure student privacy, but some of these measures could be improved upon. Students should not have to fill out special forms in an effort to protect their own privacy. I believe universities should not be allowed to release a student’s contact information without the expressed student’s consent.
U.S. Department of Education. (n.d.). Family educational rights and privacy act (FERPA). Retrieved October 23, 2013, from http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html
Wayne State Unversity. (n.d.) Family educational rights and privacy act (FERPA): Guidelines for Wayne State University faculty, students and staff. Retrieved October 23, 2013 from http://www.reg.wayne.edu/pdf-privacy/ferpa_brochure.pdf
Wayne State University. (2007). Confidential information policy. Retrieved October 22, 2013 from, http://computing.wayne.edu/docs/u.p.2007-02-confidential-info.pdf
Wayne State University. (2013). Records and registration: Privacy of academic records. Retrieved October 22, 2013, from http://reg.wayne.edu/students/privacy.php
White, L. (2013, January 11). Don’t like FERPA? Change the law. The Chronicle of Higher Education, 59(18). Retrieved October 23,2013, from Academic OneFile database