Educause Security Discussion mailing list archives
Re: Faculty handling of student data
From: Jim Dillon <Jim.Dillon () COLORADO EDU>
Date: Wed, 2 Jul 2008 09:59:23 -0600
Brian, The difficulty with the "Privacy" rules is the essential concept - maintaining as secret something that must be shared among many persons (instructors, administrators, assistants, potential employers, regulatory concerns, ...) Additionally, the party with privacy aspirations is very likely to share their information with little restraint to potential employers, friends, through Linked-In, Face Book, Second Life, a mounted diploma, or whatever. In that case they have control, but it does seem to make the effort a bit overblown. Our primary product for most of our customers is a public assertion of the results of private interactions! I don't believe it is realistic to prohibit the movement of paper materials either, but if you read the regs with "purpose" in mind, then in the classroom no "paper" record would have publicly identifiable information on it - the class would be asked to "sign" with some campus-context identifier that could not be tied to identity outside the context of valid university operations. What I suspect is that many blindly trudge through doing exactly what they've always done on the paper end not making the connection that the core concept applies throughout their interaction with persons not only in their official role but in society in general at the moment. Best wishes in compiling your own policy considerations. If you have not found enough sources let me know and I'll steer you to ours, but be forewarned, ours are reasonably useful for electronic data, but like many I don't believe we've got a complete "information" policy, mostly "electronic information." Best regards, Jim -----------University of Colorado-------------- Jim Dillon, CISA, CISSP Program Manager Administrative Systems and Data Services jim.dillon () colorado edu 303-735-5682 -------------------Boulder------------------------ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian Sent: Tuesday, July 01, 2008 4:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Faculty handling of student data Jim,
To add a small bit of fuel to the fire - no one has mentioned yet the analog protection that should accompany the "paper" product (which may in fact still be electronically delivered depending on the ingenuity
of
the faculty member) that may go home with the instructor. The loss of a paper gradebook that had identifying info on it would be reported no less quickly or vigorously by the local press than the electronic records in question.
Thanks for your response. This is the kind of all-encompassing approach we are trying to grapple with. We aren't sure it is a reasonable/realistic expectation to bar faculty from having graded exams at home, or any other kind of student data pertaining to their class. I suppose it would be possible to mandate they do everything digitally, and then mandate they use encryption. We are not sure if this would be a reasonable expectation, e.g. if it would truly be implemented, but I'd like to hear how folks have worked with faculty to address their needs. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Re: Faculty handling of student data Jim Dillon (Jul 01)
- <Possible follow-ups>
- Re: Faculty handling of student data Basgen, Brian (Jul 01)
- Re: Faculty handling of student data Mclaughlin, Kevin (mclaugkl) (Jul 01)
- Re: Faculty handling of student data Jim Dillon (Jul 02)
- Re: Faculty handling of student data Allison Dolan (Jul 07)
- Re: Faculty handling of student data Basgen, Brian (Jul 07)