The Lack of Virtual Privacy

Report: ‘High Degree' of Security Is Needed to Combat Collectors of Student Information

A student majoring in math receives a credit card, but is turned down for a new card when he changes his major to rhetoric. The card distributor obtained the information off a college computer network.
A hacker "borrows" a student's Social Security number and uses it to retrieve even more personal information about his target. He then impersonates the student, running up large debts.
A student is distraught because her digitized photograph was transmitted on a departmental home page on the World Wide Web without her consent. Now, it will be easier for a man who has stalked her to track her down.
Fiction? Not any more. Gone are the days when student information was simply stored in rows of file cabinets in the basement of the student services building or input into simple databases housed in the central computer administration building.
The introduction of sophisticated new technology into admissions, registrar's, bursar's, financial aid, and student advising offices has cut down on paperwork, streamlined administrative functions, and made information access more efficient.
But along with those advantages, higher education information technology experts warn that virtual learning and administrative environments pose an even greater threat to student privacy protections, particularly beyond campus boundaries.
A recent report raises troubling questions about whether the federal Family Education Rights and Privacy Act, passed by Congress in 1974, still can guard against privacy issues unheard of 25 years ago when the  law  was enacted.
The report, Privacy and the Handling of Student Information in the Electronic Networked Environments of Colleges and Universities, recommends that colleges and universities press for that law to be brought up to speed for today's electronic landscape.
"As institutions embrace information technology to enhance teaching and learning, streamline business processes, and improve student services, they are finding information technology to be both a bane and a blessing with regard to privacy," it says.
"There is a delicate balance between the responsibility for maintaining student privacy rights and the responsibility for providing effective and efficient services to students," the report states.
The 53-page document urges institutions to convene special panels, with members from every campus constituency, to delve into the student records privacy issue and draft policies tailored for each individual college and university.
The report was produced by CAUSE, a national group that promotes information technology in higher education, but has since merged with EDUCOM to form a new higher education organization called EDUCAUSE.
The document "does not prescribe what policy should be for every campus with respect to privacy," writes former CAUSE President Jane Norman Ryland. "It identifies the primary privacy principles involved" and recommends campus-based solutions.
 "Students have an expectation of privacy," says Dr. Clare W. Goldsmith, deputy director of academic computing services at the University of Texas-Austin and a member of the task force that produced the report.
Colleges "ask for transcripts and demographic information for scholarships. The institution builds up this information about the students. It belongs to them," Goldsmith says. "Students would like to be able to control who knows this information."