A senior at University of Kentucky has a column about the online student directory, privacy, and safety. Her commentary is a useful reminder that an exemption in the federal law that protects the privacy of students’ education records (FERPA) may pose a risk to student safety and that just because universities can reveal information does not mean they should. In this case, the directory information includes name, address, e-mail address, and cell phone number.
In her column, Sarah Winterton raises concerns about directory information in the context of one statistic that should be a game-changer:
Melanie O. Matson, director of the UK’s Violence Intervention and Prevention Center, said a recent study conducted by the UK Center for Research on Violence Against Women found that one-third of female graduates and undergraduates experienced at least one type of physical, sexual or stalking victimization while a student at UK.
“Reducing the ways (perpetrators) could access student information would increase student safety,” Matson said.
The university is working on the problem and considering revising its definition of directory information. That would be a good first step. But has the university tripped itself up? Winterton notes:
The university is searching for balance — trying to protect students who want privacy without impending on the rights of others.
What rights of others would those be? Why not just make privacy the default setting and allow students to make certain fields public if they choose?
This is not just a University of Kentucky issue. It is a nationwide issue. Exempting directory information may have seemed relatively benign in a brick and mortar world. But doesn’t it make sense to enhance privacy protections in a digital world? Is it hypocritical to tell kids to keep themselves safe online and not expose personal details when we default them to exposing where to find them?
The press and credit card companies would not be happy if directory information were no longer exempt, and I would expect a huge fight if Congress tried to amend FERPA to make it more protective. In the meantime, colleges and universities can and need to revisit their definition of directory information and reduce the amount of information publicly available. Such decisions might cost colleges income that they get from making these lists available to credit card companies or others, but it would be the right thing to do in terms of protecting student privacy and safety.