Privacy Under the Wayne State University Confidential Information Policy
By Grace Caruso
The Wayne State University Confidential Information Policy identifies the privacy rights of students. It is a “framework for dealing with the challenge of maintaining private and confidential data. “ The University defines confidential data as “data held by the University that could harm the person to whom it refers/belongs if seen or acquired by a person not authorized by university policy, procedure or applicable external regulations, and data that are protected by federal or state legislation dealing with data privacy. (Confidential Information Policy, 2014) This includes social security numbers, credit card numbers, bank account information, as well as student records other than university-designated directory information. Also protected are health information and access ID/ password combinations that permit access to restricted university electronic resources. Personal information that is collected for research purposes under an approved research protocol is protected, as is information that is collected with a promise or obligation to keep it private, or data which is proprietary or classified. The list specifically indicates that data that are legally excluded from release under the Freedom of Information Act are included. A user is defined as any Wayne State University officer, employee, or student who has access to confidential data, and any non-employee given such access on a contractual or business basis. Access to confidential data is limited to people whose job duties, as defined by University policies and procedures, require such access.
The policy addresses issues such as the safe storage of paper and electronic records, password protected records on electronic devices, the transmission of documents, and the permanent deletion and destruction of electronic media and files. The policy also addresses the use of the best available security practices and the immediate reporting of incidents in which confidential documents have fallen into unauthorized hands or a security breach had occurred.
The policy has a succinct description of disciplinary actions that states that violations can be addressed by the university and that the student may still seek civil or criminal remedies. It notes the procedural issue, “Administrative remedies taken under this policy will not be subject to challenge on the grounds that civil or criminal charges involving the same incident have been invoked, dismissed, or are pending.”
This policy is meant to protect student privacy, but the protection of student privacy rights is not complete unless there are clear guidelines related to how students proceed when they believe that their rights have been violated. Where does the student go; which office; which form needs to be completed; which person must be contacted; and what are the “civil or criminal charges” the policy references? This policy, like many similar policies defines rights, but could press on to the next step and provide the clear procedural information the student needs and provide a method for the student to use in an very unexpected and distressing situation.
Wayne State University Confidential Information Policy. Retrieved from http://computing.wayne.edu/docs/u.p.2007-02-confidential-info.pdf
Wayne State University (2013a). Privacy of Academic Records: Student Rights Under the Family Educational Rights and Privacy Act. Retrieved from http://reg.wayne.edu/students/privacy.php
United States Department of Education (2011). FERPA General Guidelines for Students. Retrieved from http://www2.ed.gov/policy/gen/guid/fpco/ferpa/students.html
Wayne State University (2013b). Family Educational Rights and Privacy Act: Guidelines for Wayne State University Faculty, Students, and Staff (FERPA). Retrieved from http://www.reg.wayne.edu/pdf-privacy/ferpa_brochure.pdf