July 30, 1997

Balance of access, privacy a concern

The University Record, July 30, 1997

By Theresa Hofer
Information Technology Division

The explosive growth of electronic networks is forcing university administrators nationwide to perform a delicate balancing act. On one hand is the need for improved access to important data. On the other, the need to protect the privacy of students, faculty and staff.

CAUSE, the association for managing and using information resources in higher education, has been especially concerned with helping its members deal with these issues. It recently published “Privacy and the Handling of Student Information in the Electronic Networked Environments of Colleges and Universities.” This white paper is the work of a task force co-chaired by Virginia Rezmierski, ITD director of policy development and education, and Susan Ferencz, past director of policy and planning at Indiana University, and was produced in cooperation with the American Association of Collegiate Registrars and Admissions Officers.

The task force gathered input from students and other representatives of 45 schools and colleges. According to Rezmierski, task force members represented varied perspectives and found much to debate. “This was one of those important creative events,” Rezmierski says, “where a group of knowledgeable people with diverse opinions came together and ultimately formed a joint statement that not only represented values and principles, but also spelled out a process. It was a wonderful challenge.”

Rather than prescribe a privacy policy for universal adoption, the task force chose to identify the challenges and opportunities of technology advances. It then described eight primary principles of fair information practice, as well as laws affecting each principle and examples of greater and lesser applications of the principle. (See below for more details.) Finally, the task force recommended a process whereby a full spectrum of campus constituencies can be involved in discussions that will lead to a better understanding of campus culture and values with regard to the principles.

“Many of us on the task force would have liked to have been more prescriptive regarding ‘best’ policies and practices,” Rezmierski says. “However, we all agreed that each college and university, based on its own community values, needed to debate these issues and engage in policy development and education.”

CAUSE has distributed the white paper to its more than 1,400 member campuses and organizations and has created an electronic discussion list for anyone interested in discussing these issues. For copies of the paper or more information, see the CAUSE Web site at http://cause-www.colorado.edu/issues/privacy.html. For more information about privacy and the handling of student information at the U-M, call 647-4274 or send e-mail to [email protected].

Task force identifies fair practice, policy

These principles of fair information practice and policy were identified by the task force:

  • Notification: Institutions will inform students what information is being collected, who is collecting it, from whom it is being collected, why the information is being collected, what steps are being taken to protect the information, the consequences of withholding or providing false or incomplete information, and any rights of redress.
  • Minimization: Institutions will gather the minimum amount of relevant personal student information needed to accomplish a legitimate, identified institutional purpose.
  • Secondary Use: Institutions will use collected data only for the purpose for which it was collected, or for a use compatible with that purpose, unless the individual has given additional consent.
  • Nondisclosure and Consent: Institutions will keep personally identifiable information about students from parties outside the college or university.
  • Need to Know: Institutions will grant access to personally identifiable student information to only those individuals who need to know the information as part of an official and legitimate educational interest and in conformity with disclosure agreements.
  • Data Accuracy, Inspection and Review: Students have the right to examine information about themselves and to request changes they feel should be made to their education records.
  • Information Security, Integrity and Accountability: Institutions will protect user files and system resources from loss, damage, inappropriate access and unauthorized disclosure or use; will provide reasonable assurance that data, once entered, will not be subject to unauthorized modification, intentional or unintentional, and will remain unaltered during transmission; and will be able to explain security-related events and to link them to the originator.
  • Education: Institutions have a basic responsibility to educate their students, faculty, staff and administrators about the privacy rights of students and potential implications of use and misuse of personal information, especially in a networked environment.
Tags:

Leave a comment

Commenting is closed for this article. Please read our comment guidelines for more information.