This is another one of those “Just because you can doesn’t mean you should” situations. Under the federal education privacy law known as FERPA, colleges may publish certain “directory” information on students without their consent. But they don’t have to, and this privacy blogger would strongly encourage colleges to adopt an opt-in strategy when it comes to revealing personal information.
Katie Perkowski reports on a situation at the University of Kentucky:
When Kirsten Lovas was a freshman, she was not aware personal information such as her residence hall and room number could be found on UK’s Web site — but she found out when she was stalked.
When coming to and from her dorm, Lovas would see her stalker lurking outside and found out he obtained her information from the online directory.
UK follows the 1974 Family Educational Rights and Privacy Act, which is a federal law that tries to protect privacy of personal information within student education records.
FERPA states that schools can give the following information without consent: a student’s name, address, phone number, date and place of birth, honors and awards and dates of attendance, according to the U.S. Department of Education Web site.
UK is required under FERPA to tell students several things about records, and this information is available in the Student Code of Conduct, said T. Lynn Williamson, senior associate in legal services.
While UK has the right to publish students’ personal information, the university must inform parents or students 18 years of age or older that this information is being available to the public, and the school must give parties sufficient time to request that the school not show the information.
Read more on the Kentucky Kernel.
The privacy notices often get lost in the shuffle of paperwork at the beginning of a school year. If colleges are serious about protecting student privacy, it’s time for them to switch to opt-in. FERPA was written before the explosion of information on the Internet, back in the day when “publishing” directory information was on paper and did not make contact info for students available to the world at large. The issue raised by the student in the story is not specific to U.K. and really needs to be addressed on a nationwide scale.