Skip to content

Wayne State University

Aim Higher

Nov 26 / Kimberly Mason

Wayne State University Information Policies: Are they FERPA compliant?

Written by Emma Macguidwin

Universities can and should take a number of measures to ensure that students’ records are kept private. Wayne State University (WSU), for example, claims to adhere to the measures of the Family Education Rights and Privacy Act. As a student at WSU, I feel reasonably certain that my student records are kept private and are generally being used for appropriate educational purposes. However, there are situations in which WSU could do a better job of informing students of their rights and the specific circumstances under which their records might be released without their permission.FERPA
South Texas College of Law (2013)

In its “Privacy of Academic Records” policy, WSU states that the privacy and release of student record information is governed by the federal Family Educational Rights and Privacy Act (FERPA), enacted in 1974. (Wayne State University, 2013a). FERPA is administered by the Family Policy Compliance Office in the U.S. Department of Education, and applies to all educational agencies and institutions that receive funding under programs administered by the Department. (U.S. Department of Education, 2011; 20 U.S.C. § 1232g; 34 CFR Part 99.) FERPA imposes limits on the disclosure of student records by educational agencies and institutions that receive funds from the Department of Education. (Winnick, et al., p. 3). FERPA generally prohibits the disclosure to third parties of personally identifiable information contained in an “eligible student’s” (one who has attained 18 year of age or attends a postsecondary institution) education records unless the eligible student has provided written consent. Although this provision is a major vehicle in which universities protect students’ rights to privacy, there are a number of exceptions to this prohibition. (U.S. Department of Education, 2011).

One of the exceptions allows school officials (including teachers) to obtain access to personally identifiable information contained in education records if the school has determined that it has a “legitimate educational interest” in the information. (U.S. Department of Education, 2011). A school generally has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility. (U.S. Department of Education, 2011). WSU cites this exception, but instead of echoing the statutory definition of “legitimate educational interest,” WSU merely states that such an interest is one in which an official “needs to review” a student’s educational record. (Wayne State University, 2013a). Thus, it is not clear whether WSU has adopted the exact definition set forth in FERPA, and students could be confused by this policy. Moreover, students’ rights to privacy could be jeopardized if WSU claimed that a school official simply “needed to review” a student’s educational record, even if the school official did not need to fulfill a professional responsibility obligation. WSU would do well to modify this definition on its website, not only to minimize any confusion on the part of students, but also to make sure it is complying with FERPA.

Students’ rights to privacy could also be affected by another exception to the prohibition against non-consensual disclosure of personally identifiable student information. This exception permits a school to disclose information when it is appropriately designated as “directory” information. “Directory information” is information that is contained in the education records of a student that would not generally be considered harmful or an invasion of privacy if it were disclosed. (U.S. Department of Education, 2011). WSU mirrors the definition of directory information in FERPA: name, address, age or date of birth, level of education, major, etc. (Wayne State University, 2013a; Department of Education, 2011). However, WSU further states that directory information “may be released at the university’s discretion to anyone who makes a request.” (Wayne State University, 2013a). This statement does not follow the statutory language of FERPA, which provides for specific steps a school must follow before it can release directory information (including giving public notice of the types of information it has designated as directory information, the student’s right to restrict the disclosure of the information, and the period of time within which a student has to notify the school that he or she does not want certain information designated as directory information). (Department of Education, 2011). The language WSU has used suggests that the university can provide such information in almost any context, which might cause students to believe that their private information could be given out without their having an opportunity to restrict its disclosure.

However, WSU does offer protections to students by reiterating that students may restrict the release of directory information by filing a Request to Restrict Release of Directory Information form with the Records and Registration office. (Wayne State University, 2013a). Thus, I would feel reasonably certain that my private information – even if it were merely considered “directory information” – would not be improperly released without my consent, although it might be useful for WSU to provide examples of when and to whom directly information may be released

FERPA also requires that a school inform students of how it defines the terms “school official” and “legitimate educational interest” in its annual notification of FERPA rights. (U.S. Department of Education, 2011). I found a PDF document on the registrar’s website entitled Family Educational Rights and Privacy Act: Guidelines for Wayne State University Faculty, Students, and Staff. (Wayne State University, 2013b). This document provides detailed information about different FERPA provisions, including outlining who is protected under FERPA, specifying what is considered an educational record, what documents can be removed from an educational record before a student views the record, and what is “directory” information. This document states that WSU is required to notify students on an annual basis of students’ rights to inspect and review their records, their rights to challenge the content of their records, etc., but it does not state in what manner students will be notified. Overall, however, this document should make students feel reasonably certain that their student records are being kept private.

One other area of concern that I have as a student in the School of Library and Information Science (SLIS) at WSU is that, surprisingly, I could not find a specific student privacy policy set forth by SLIS. The school merely includes a link at the bottom of the “Students” web page to “Privacy and University Policies.” (School of Library and Information Science, 2013). This link only takes the user to the general page for University Policies, and does not clearly indicate that privacy is covered. Thus, SLIS does not clearly state that it follows FERPA or the policies of WSU, and as a SLIS student, I would have to research the policies of WSU in order to ensure that my student records are kept safe. SLIS might consider including a more conspicuous privacy policy on its website.

An area that could be a cause for concern involves students’ circulation history in academic libraries. “Library management technology, which captures student information, can . . . pose a serious threat to students’ privacy. Circulation systems, for instance, retain the title of every item that has checked out, unless they’re specifically set to delete a student’s circulation history.” (Adams, p. 36). However, the WSU Libraries have set forth a clear and comprehensive privacy policy that ensures that student information is protected. In the University Libraries “Privacy Policy,” WSU states that it removes links between patron records and materials borrowed when items are returned, and it deletes records “as soon as the original purpose for data collection has been satisfied.” (University Libraries, 2013). The policy also indicates that the libraries will not give out personal information to a third party unless compelled to do so under the law or to comply with a court order. (University Libraries, 2013). Thus, the libraries have taken concrete steps to protect student information, and to make students aware of these policies.

Sources
Adams, H. R. (2011). The privacy problem, School Library Journal, 57(4), pp. 34-37.

School of Library and Information Science (2013). Student Home Page. Retrieved from http://students.slis.wayne.edu/index.php

United States Department of Education (2011). FERPA General Guidelines for Students. Retrieved from http://www2.ed.gov/policy/gen/guid/fpco/ferpa/students.html

Wayne State University (2013a). Privacy of Academic Records: Student Rights Under the Family Educational Rights and Privacy Act. Retrieved from http://reg.wayne.edu/students/privacy.php

Wayne State University (2013b). Family Educational Rights and Privacy Act: Guidelines for Wayne State University Faculty, Students, and Staff (FERPA). Retrieved from http://www.reg.wayne.edu/pdf-privacy/ferpa_brochure.pdf

Wayne State University – University Libraries (2013). Privacy Policy. Retrieved from http://www.lib.wayne.edu/info/policies/privacy.php