Educause Security Discussion mailing list archives

Re: Privacy Implications of using Student Photos

From: Bob Bayn <bob.bayn () USU EDU>
Date: Tue, 15 Dec 2009 15:16:54 -0700

At USU, Student ID card photos are accessible to instructors, advisors and others who need to confirm identity.  They 
are not accessible by students or the public.  Any time we present photo or info about a student in response to a query 
that is part of university business, we prominently display any FERPA privacy flags that are set for that student.  The 
URL of an ID photo bears no resemblance to the user identity and is restricted by a web_referrer match to pages that 
are authorized to query for photos.

Because the only opt-out is via a general FERPA privacy flag, and the registrars office isn't fond of dealing with 
those, we try to make sure that our use of photos does not prompt someone to want a FERPA flag (Besides, our uses are 
for university business that are exempt from the privacy restrictions).  For $5 anyone can get their ID photo re-taken.

Bob Bayn        (435)797-2396      Security Team coordinator
  Don't let hackers use your computer when you aren't.
  Turn off your computer at the end of your work day.
Office of Information Technology   at  Utah State University
________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade 
[Anand.Malwade () SHU EDU]
Sent: Tuesday, December 15, 2009 3:08 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Privacy Implications of using Student Photos

I was curious to know what position other Universities have regarding the posting of Student photos on a web 
application that can be accessed by faculty and other students.

Is an Opt out policy mandatory ?


if there any FERPA or other privacy guidelines around the same ?



Thanks,
Anand



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Howell, 
Paul
Sent: Sunday, December 13, 2009 6:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Models for Effectively Operating in Highly Decentralized Environments

Hi Chris,

The topic of centralized vs. decentralized IT environments is a common
topic for many of us.  Did you get many comments on your message?  If
you did receive comments, would you mind summarizing them for us?

The effective practices working group (part of the Educause security
task force) discussed your question this week, which triggered an
interesting conversation.  We're all facing budget pressures (some much
worse than others) and how we deal with becoming more efficient such
that our IT spend rates are reduced varies.  Some schools see further
decentralization by moving some functions and people to other areas as a
means to reduce costs, while others are moving to a more centralized
model to also reduce costs.  Both approaches can be beneficial,
particularly when they align to the desired direction of the academy.
How does responding to the budget pressures affect your security
program?  Are you considering consolidating security functions and teams
in a core team to enable efficiency, or are you distributing security
functions and staffs out into other area thereby reducing the size of
the central security team?

Cordially,

Paul Howell
Chief Information Technology Security Officer
The University of Michigan
(O) 734-763-0609
(C) 734-996-8008




-----Original Message-----
Subject:         Models for Effectively Operating in Highly
Decentralized Environments
From:    Chris Kidd <chris.kidd () UTAH EDU>
Reply-To:       The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
Date:   Wed, 11 Nov 2009 09:54:23 -0700

We're working with some of our colleges to better coordinate security
efforts. How have you effectively integrated security into academic and
research environments, particularly Colleges that are extremely
decentralized and where the ownership of IT resources are fiercely
defended as "mine"?

Thanks,
Chris

Chris Kidd
650 Komas Drive, Suite 102
Salt Lake City, UT 84108
Office: 801.587.9241
Cell: 801.747.9028
chris.kidd () utah edu

http://www.secureit.utah.edu

Current thread:

Privacy Implications of using Student Photos Anand S Malwade (Dec 15)
- <Possible follow-ups>
- Re: Privacy Implications of using Student Photos Bob Bayn (Dec 15)
- Re: Privacy Implications of using Student Photos Chris Kidd (Dec 15)
- Re: Privacy Implications of using Student Photos Brad Judy (Dec 15)