What measures do universities take in order to secure the privacy and safety of their student records?
Written by Kim Wiljanen
The Family Educational Rights and Privacy Act of 1974 (FERPA) has become an established practice within educational facilities. It is concerned with maintaining the safety and privacy of students at every level and institution of learning throughout the United States. It is governed by very specific rules and regulations that may vary depending upon the educational level of the students involved. Part of the reason is the large amount of sensitive personal information that is collected within the student files. Educators need to be very careful in the way that they handle this information (Toglia, 2007).
The easy explanation is that the act affirms a student’s right to know what information has been collected about them and it includes parents until the child’s eighteenth birthday. The procedures reduce access to the information which helps maintain confidentiality. It affords the students a measure of personal control over access as well (Toglia, 2007). The law allows the individual to see what information exists, correct data and to restrict directory information (Wayne State University, Office of the Registrar, n.d.).
The university divides the student’s educational information into three different levels: directory, shared and private. “Directory” information includes data that describes the student: name, address, age, email, major, and honors that the student has received (Wayne State University Office of the Registrar, n.d) and does not include race or gender (Toglia, 2007). “Shared” records are files that are accessed by more than a single person, but on a need to know basis (Toglia, 2007). These are the academic records that are coupled with the public profile. The shared file reflects the student’s academic progress through-out his or her academic life. The information within this file may include such things as the academic files, grades, social security number, school identification number plus surveys and other data that is collected regarding that student. Academic records do not include medical or law enforcement information. The “private data” consists of privileged information and unshared notes that a single individual has taken in meetings, such as with an advisor.
Wayne State University takes every precaution to maintain the student’s privacy. They are vigilant and have strict confidentiality policies for staff members as well as penalties for failure to do so. Likewise, the Computer and Information Technology (C&IT) is charged with guarding all data on its servers against data breaches (Wayne State Policy Manual, 2010). The University has made privacy a priority for all faculty and staff to maintain.
Still, there are many reasons that may necessitate access to student records. This would include things such as health issues, emergencies, court orders, financial aid, legal requests and academic requests both from within Wayne State and from other institutions that can compel the University officials to grant outside agencies access to a student’s record without prior authorization. Governmental and legal agencies can also gain access without prior consent (Wayne State Office of the Registrar, n.d.). In cases like these, Wayne State University will notify the student when someone has accessed their data. Since the enactment of the Patriot Act in 2001, colleges and universities have had a lot more requests for undocumented record access (Toglia, 2007).
How can these measures affect students?
A student officially gains control of his or her personal information at age eighteen with ownership rights. This means that the student can determine how much data is visible to the public, challenge the contents of the records and try to correct them. Wayne State University carefully explains the individual’s rights, cites which external agencies may gain access and under what conditions. The University also provides a written release form, the ability for the student to view his or her records, and a way to lodge complaints if they feel that the University acted in error. These actions indicate that Wayne State is acting in good faith and that they are serious about protecting the student’s rights.
For many students, Wayne State’s efforts provide a measure of control and a sense of security because there is an honest effort by the University to ensure that the Family Educational Rights and Privacy Act (FERPA) is uniformly enforced throughout the University. The University is also forthright about the legal exceptions when they may release information. These efforts demonstrate the university’s commitment to privacy and student awareness and control of their personal records.
Provisions in the Family Educational Rights and Privacy Act (FERPA) allow necessary business transactions to be conducted, and permit Wayne State University to act on behalf of the student. Requests from other institutions can be processed regarding transfers and recommendations. The policy is well-defined as to what is permissible and what is not. This provides a reassurance that the information is well guarded and protected. Students are used to institutions that handle their money, their credit cards and their online purchasing. This is a familiar environment, which develops a measure of trust in the system.
Do you feel safe as a university student that your records are kept private?
The university provides a safe and secure environment for learning. The Family Educational Right and Privacy Act (FERPA) was established in 1974 (U. S. Department of Education, 2004). In almost forty years, it has become part of the institutional system, and as such, it is a general operating procedure for employees. This provides students a measure of confidence in the system. Knowing that the confidentiality and the information security policies are included within the Wayne State University Policy Manual (2010) is another favorable aspect.
Wayne State provides ample visibility to their privacy policies in many different areas. This is available from the administrative policy manual, advising centers, business offices, library and colleges. They promote the benefits afforded by the Family Educational Rights and Privacy Act (FERPA). They also acknowledge that there are agencies that can access student accounts without the student’s knowledge. The university is diligent to let students know that this policy exists and the possibility that outside agencies can access student records through requests for compliance.
While there is no recourse for the variety of authorized intelligence gathering, the institution has ensured that the students know their rights and the policies and caveats that back this act. They have built an atmosphere of trust. This is as much as they can promise.
Toglia, T. V. (2007). How does FERPA affect you? Tech Directions, 67(2), 32-35. Retrieved from http://ezproxy.msu.edu:2047/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=26826428&scope=site
U. S. Department of Education. (2004). Legislative History of Major FERPA Provisions. Retrieved 11/9/13, from http://www2.ed.gov/policy/gen/guid/fpco/ferpa/leg-history.html
Wayne State University. (2010). University policy manual. Retrieved 9/29/13, from http://fisopsprocs.wayne.edu/policy/
Wayne State University Office of the Registrar (n.d.). Family educational right and privacy act (FERPA) guidelines for Wayne State University faculty, students and staff. Retrieved 10/26/2013 from http://www.reg.wayne.edu/pdf-privacy/ferpa_brochure.pdf