Students do not shed all of their rights at the schoolhouse gate, including the right to privacy. Although recent Supreme Court decisions have diminished this right, there are substantial federal and state protections for the privacy of students' educational records. The most prominent of the federal protections for student privacy is the Family Educational Rights and Privacy Act (FERPA), also known as the "Buckley Amendment," FERPA protects the confidentiality of student records to some extent, while also giving students the right to review their own records.
Students' personal information is often collected through in-school surveys, sometimes for commercial use. Congress most recently addressed such surveys in the No Child Left Behind Act, a broad federal educational act. The Act provides parents and students the right to be notified of, and consent to, the collection of student information. However, the Act includes many exceptions to this right.
Congress does not always expand privacy when it addresses the collection of student information. Another provision of No Child Left Behind mandates that high schools turn over student contact information to military recruiters, unless parents or students explicitly opt out of such disclosure. And in 2002, Congress amended FERPA, via the USA PATRIOT Act, to require schools to transmit information about immigrant students to the INS. Under this program, the Student and Exchange Visitor Information System, schools had to begin in 2003 reporting immigrants' academic information, such as disciplinary actions or changes in programs of study.
For more information on Student Privacy see:
- Student Privacy Bill of Rights
- EPIC v. U.S. Department of Education
- EPIC v. Education Department - Private Debt Collector Privacy Act Compliance
- Department of Education FERPA Enforcement FOIA Request
- Family Education Right to Privacy Act (FERPA)
- No Child Left Behind
- Senators Markey and Hatch Propose Student Privacy Act: Senator Edward Markey (D-Mass) and Senator Orrin Hatch (R-Utah) have reintroduced the "Protecting Student Privacy Act.". The Act would strengthen the Family Educational Rights and Privacy Act, a federal student privacy law. The Student Privacy Act would also implement several of the recommendations EPIC set out in the Student Privacy Bill of Rights, including data security safeguards, students access to their information held by companies, prohibiting the use of personal data for marketing purposes, and minimizing the personal information schools transfer to third parties. (May. 13, 2015)
- EPIC Launches State Policy Project: EPIC has launched the EPIC State Policy Project to track legislation across the county concerning privacy and civil liberties. The EPIC State Project will identify new developments and model legislation. The Project builds on EPIC's extensive work on emerging privacy and civil liberties issues in the states. The new State Project will focus on student privacy, drones, consumer data security, data breach notification, location privacy, genetic privacy, the right to be forgotten, and auto black boxes. (May. 5, 2015)
- House Members Introduce Student Privacy Bill: Congressmen Luke Messer (R-IN) and Jared Polis (D-CO) have introduced the "Student Digital Privacy and Parental Rights Act of 2015." The student privacy bill would prohibit companies from selling student information, using student information for targeted advertising, or otherwise disclosing student information for non-educational purposes. The Student Digital Privacy Act would implement portions of EPIC's Student Privacy Bill of Rights, including granting students access to their personal information collected by companies and requiring companies to provide notice of data security breaches. The bill is modeled on a new student privacy law in California. (Apr. 30, 2015)
- Congress Proposes Bipartisan Student Privacy Bill: The House Education and Workforce Committee has proposed a discussion draft amending the Family Educational Rights and Privacy Act, a federal student privacy law. The draft recommends ways to strengthen the law, including: (1) protecting student data maintained by private companies; (2) shorter wait times for students to access their records; (3) permitting students to opt out of disclosing their data for certain research studies; (4) mandatory data security for schools; (5) written agreements detailing obligations of third parties receiving student data; (6) enhanced enforcement mechanisms; and (7) narrowing exceptions under which schools may disclose student data without consent. (Apr. 23, 2015)
- EPIC Urges House to Safeguard Student Privacy: EPIC has sent a statement to a House Committee in advance of the Committee's hearing on "How Emerging Technology Affects Student Privacy." EPIC urged the Committee to "pursue effective measures that meaningfully safeguard student data," including adoption of the Student Privacy Bill of Rights, privacy enhancing techniques, and a private right of action against companies that unlawfully disclose student data. Last month, President Obama proposed legislation to "ensure that data collected in the educational context is used only for educational purposes." EPIC has previously urged Congress, the Education Department, and the Federal Trade Commission to strengthen student privacy. (Feb. 11, 2015)
- Congress to Hold Hearing on Student Privacy: Next week, a House committee will hold a hearing on "How Emerging Technology Affects Student Privacy." Last month, President Obama proposed legislation to safeguard student data. The legislation would "ensure that data collected in the educational context is used only for educational purposes" And prohibit companies from selling data for non-educational purposes and targeting advertising. Last year, EPIC proposed the Student Privacy Bill of Rights following growing concerns about misuse of student data. EPIC has urged Congress, the Education Department, and the Federal Trade Commission to strengthen student privacy. (Feb. 5, 2015)
- President Obama Backs Student Privacy Law: Today the President will propose legislation to safeguard student data, to "ensure that data collected in the educational context is used only for educational purposes." The Student Digital Privacy Act, based on a landmark California statute, will prohibit companies from selling data for non-educational purposes and from using data for targeted advertising. Last year, EPIC called for a Student Privacy Bill of Rights to safeguard student information. EPIC has urged Congress and the Department of Education to strengthen student privacy. (Jan. 12, 2015)
- EPIC Uncovers DOD Student Data Collection Procedures: The Department of Defense has released to EPIC documents on the "Joint Advertising and Market Research Studies" Recruiting Database. The database includes sensitive student information, including home address and grade point average. DOD obtains this information from high schools offering military aptitude tests, state DMVs, and commercial data brokers. The documents sought by EPIC shed light on how DOD collects, retains, uses, and safeguards student information within the database. The documents provided to EPIC also reveal that many parents demanded that DOD remove their children's records from the system. In 2005, EPIC, joined by more than 100 organizations, urged former Secretary of Defense Donald Rumsfeld to end the database because it collected unnecessary information, did not permit individuals to opt-out, and was housed at a private-sector direct marketing company. The agency now permits individuals to opt-out. For more information, see EPIC: Student Privacy and EPIC: DOD Recruiting Database. (Nov. 26, 2014)
- EPIC Obtains New Documents About Lack of Student Privacy Enforcement: EPIC has obtained new documents from the Department of Education detailing parent and student complaints about the misuse of education records. The Department released the documents in response to an EPIC Freedom of Information Act request. EPIC is expecting to receive more documents about the agency's enforcement of the Family Educational Rights and Privacy Act. Other documents that EPIC has uncovered reveal that schools and districts have disclosed students' personal records without consent, possibly in violation of the federal student privacy law. The documents also reveal that the Department failed to investigate many FERPA complaints. For more information, see EPIC: Department of Education's FERPA Enforcement, EPIC: Student Privacy, and EPIC: Open Government. (Oct. 15, 2014)
- California Enacts Comprehensive Student Privacy Law: California has passed the "Student Online Personal Information Protection Act," a comprehensive student privacy law. Among other provisions, the new law: (1) prohibits K-12 mobile and online service operators from using student information to target advertisements to students; (2) prohibits online service providers from creating K-12 student profiles for commercial purposes; and (3) forbids companies from selling student information. The law also requires K-12 mobile and online service operators to establish security measures and to delete student information at the request of a school or district. California also passed a law requiring schools that outsource student records to include privacy in contracts, and a law governing school social media monitoring programs. The Student Online Personal Information Protection Act incorporates many proposals EPIC outlined in the Student Privacy Bill of Rights. For more information, see EPIC: Student Privacy, EPIC: EPIC v. Education Dept., and EPIC: Echometrix. (Oct. 2, 2014)
- EPIC Urges FTC to Investigate Maricopa Data Breach: EPIC has filed a complaint with the Federal Trade Commission concerning the loss of personal information of almost 2.5 m current and former students, employees, and vendors in Maricopa County. According to EPIC, the District's failure to maintain a comprehensive information security program led to a "massive breach of names, addresses, phone numbers, e-mail addresses, Social Security numbers, dates of birth, certain demographical information, and enrollment, academic, and financial aid information." EPIC further alleges the District violated the Federal Trade Commission's Safeguards Rule by failing to protect students financial information. EPIC's complaint follows a similar complaint by DataBreaches.net. EPIC said that, "many education institutions in the United States are subject to the Safeguards Rule. The District's case is a particularly egregious example of the risk of failing to safeguard sensitive personal information." For more information, see EPIC: Student Privacy. (Sep. 29, 2014)
- Education New York Urges Parents to Protect Student Privacy: Education New York, a leading student privacy rights organization, is urging students and parents to opt-out of the use of educational records for marketing purposes. The data typically includes name, address, telephone number, birth date, and other personal information in student records. Education New York’s founder Sheila Kaplan stated, "I'm thrilled that with greater awareness of the issues, more parents have been joining the fight for students’ privacy rights." EPIC has long supported stronger privacy protections for student records. In 2012, EPIC sued the Education Department concerning changes to the student privacy law. Earlier this year, EPIC a hosted panel in Washington DC with Senator Ed Markey, "Failing Grade: Education Records and Student Privacy." For more information, see EPIC v. the Department of Education and EPIC: Student Privacy. (Sep. 8, 2014)
- Senators Markey and Hatch Introduce Student Privacy Legislation: Today, Senators Edward Markey (D-MA) and Orrin Hatch (R-UT) introduced legislation to require privacy safeguards for education records and prohibit the use of student information for advertising purposes. The "Protecting Student Privacy Act of 2014" would give students the right to access and amend their records that are held by private companies. The bill also requires schools to minimize the amount of personally identifiable information transferred to private companies. The bill requires companies to destroy student information "when the information is no longer needed for the specified purpose." The bill incorporates many of the proposals EPIC set out in the Student Privacy Bill of Rights. Senator Markey announced plans to introduce student privacy legislation earlier this year at EPIC's public panel on student privacy. For more information, see EPIC: Student Privacy. (Jul. 30, 2014)
- EPIC Uncovers Complaints from Education Department about Misuse of Education Records: EPIC has obtained documents from the Department of Education detailing parent and student complaints about the misuse of educational records. The Department released the documents in response to an EPIC Freedom of Information Act request. The documents reveal that schools and districts have disclosed students' personal records without consent, possibly in violation of the Family Educational Rights and Privacy Act. The documents also reveal that the Department failed to investigate many FERPA complaints. EPIC is expecting to receive more documents about the agency’s enforcement of the federal student privacy law. For more information, see EPIC: Student Privacy and EPIC: Open Government. (Jul. 18, 2014)
- EPIC Testifies on Student Privacy before California State Assembly: EPIC's Student Privacy Project Director Khaliah Barnes testified before the California State Assembly Education Committee and Select Committee on Privacy, on "Ensuring Student Privacy in the Digital Age." EPIC's testimony: (1) explained how the U.S. Education Department’s regulations encourage mass collection of student data; (2) described the privacy risks that students today face; (3) underscored the need for data security safeguards for states, schools, and private companies accessing student information; and (4) recommended that California adopt EPIC's Student Privacy Bill of Rights. Earlier this week, Senators Markey and Hatch proposed bipartisan student privacy legislation. For more information, see EPIC: Student Privacy. (May. 16, 2014)
- Senators Markey and Hatch Propose Student Privacy Legislation: Senator Edward Markey (D-Mass) and Senator Orrin Hatch (R-Utah) have proposed a "Protecting Student Privacy Act." The draft bill would "(1) requires that data security safeguards be put in place to protect sensitive student data that is held by private companies; (2) prohibits the use of students' personally identifiable information to advertise or market a product or service; (3) provides parents with the right to access the personal information about their children - and amend that information if it"s incorrect — that is held by private companies just as they would if the data were held by the school itself; (4) makes transparent the name of companies that have access to student information by directing school districts to maintain a record of all outside companies with which the school contracts; (5) minimizes the amount of personally identifiable information that is transferred from schools to private companies; [and] (6) ensures private companies cannot maintain dossiers on students in perpetuity by requiring the companies to later delete personally identifiable information." The legislation highlights many of the protections EPIC endorsed in its Student Privacy Bill of Rights. Senator Markey announced plans to introduce student privacy legislation earlier this year at EPIC's public panel on student privacy. For more information, see EPIC: Student Privacy. (May. 15, 2014)
- Google Stops Scanning Student Emails, Ends Data Collection for Advertising: Google has announced it will stop scanning student emails for advertising purposes. Google has also stated that it will no longer display new advertisements in its Apps for Education. Google's announcement follows the demise of inBloom, a private company that acquired student data from school districts across the country. Amid public backlash, inBloom announced it was shutting down. Google and inBloom gained access to student data pursuant to the Education Department's revised regulations that significantly weakened the Family Educational Rights and Privacy Act, a federal student privacy law. EPIC had previously sued the Education Department for weakening the privacy law that protects student data. Earlier this year, EPIC called for a Student Privacy Bill of Rights, an enforceable student privacy and data security framework. For more information, see EPIC: Student Privacy. (Apr. 30, 2014)
- Amid Privacy Backlash, Student Data Firm Dissolves: inBloom, a private company that acquired student information from school districts across the country, has shut down. The company said its work "has been stalled because of generalized public concerns about data misuse..." inBloom and other companies, including Google, acquired student data following revisions to the Family Educational Rights and Privacy Act by the Department of Education that significantly weakened the student privacy law. In 2012, EPIC sued the Education Department for removing student privacy protections. Last year, EPIC testified before the Colorado State Board of Education on student privacy issues concerning inBloom. Early this year, EPIC called for a Student Privacy Bill of Rights, an enforceable student privacy and data security framework. For more information, see EPIC: Student Privacy. (Apr. 21, 2014)
- Google Admits to Data-Mining Student Emails: In a sworn statement filed with a federal court, Google has admitted to scanning student emails to serve students targeted advertisements. Although Google does not display ads in Apps for Education, Google "does scan [student] email" to "compile keywords for advertising" on Google sites. Google has gained access to student emails pursuant to the Education Department's recently revised regulations, which significantly weakened the Family Educational Rights and Privacy Act, a federal student privacy law. Still, Google's practices appear to contravene the Education Department's "best practices" for online educational service providers. EPIC had earlier sued the Education Department for weakening the privacy law that protects student data. For more information, see: EPIC Student Privacy and EPIC: EPIC v. Dep't of Education. (Mar. 19, 2014)
- After Weakening Privacy Law, Education Department Proposes "Best Practices" for Student Data: The Education Department has issued recommendations for schools that transfer student records to online educational service providers. Following the Department's changes to a federal student privacy law, private companies and government agencies have access to student records without obtaining student consent. In the recommendations, the agency explained that the current regulations do not require written agreements for schools to disclose student information to private companies. The Education Department recommended that schools establish policies for approving online educational services, create written contracts with private companies for the use of student data, and explain to parents and students how schools collect, use, and disclose student information. The agency warned that student data held by private companies may not be protected under federal privacy laws. EPIC had earlier sued the Education Department for weakening the privacy rule that prevented companies from getting access to student data. On March 13, 2014, the Education Department will hold a webinar on its student privacy best practices. For more information, see: EPIC: Student Privacy and EPIC: EPIC v. Dept. of Education. (Mar. 7, 2014)
- Senator Markey Outlines New Student Privacy Legislation at EPIC Event: At a briefing on Capitol Hill hosted by EPIC, Senator Ed Markey announced plans to introduce legislation protecting student data. Senator Markey set out four principles his bill would cover: (1) student information may never be used to market products to children; (2) parents must have the right to access and amend student information held by private companies; (3) schools and private companies must safeguard student information; and (4) companies must delete student information after it is no longer needed for educational purposes. Senator Markey made the remarks at EPIC event "Failing Grade: Education Records and Student Privacy," which included leading experts in technology, student privacy, and the Chief Privacy Officer at the Department of Education. Last year, Senator Markey sent a letter to the Education Department, requesting information on the "impact of increased collection and distribution of student data" on privacy. The Education Department provided a response, suggesting that when schools outsource to private companies, they should ensure that the companies protect student data. For more information, see EPIC: Student Privacy. (Jan. 14, 2014)
- Company Adds Encryption to Website After EPIC Files Complaint: Following EPIC's complaint to the Federal Trade Commission about Scholarships.com, the company has improved security on its website. Scholarships.com encourages students to divulge sensitive medical, sexual, and religious information to obtain financial aid information. The company claims that it uses this information to locate scholarships and financial aid. In fact, the company transfers the data to a business affiliate American Student Marketing, which in turn sells the data for general marketing purposes. EPIC's complaint to the FTC alleged that Scholarships.com’s failure to use reasonable security practices is an unfair trade practice. The company has since implemented HTTPS. For more information, see EPIC: Student Privacy. (Dec. 19, 2013)
- EPIC Files Privacy Complaint to Protect Student Data: EPIC has filed an extensive complaint with the Federal Trade Commission concerning the business practices of Scholarships.com. The company encourages students to divulge sensitive medical, sexual, and religious information to obtain financial aid information. The company claims that it uses this information to locate scholarships and financial aid. Scholarships.com, however, transfers the data to a business affiliate American Student Marketing, which in turn sells the data for general marketing purposes. EPIC alleges that this is an unfair and deceptive trade practice. EPIC’s complaint also alleges that Scholarships.com’s failure to use reasonable security practices is an unfair trade practices. EPIC has asked the FTC to require the company to change its business practices. Earlier this year, EPIC urged Congress to restore privacy protections for student data following recent changes to the Family Educational Rights and Privacy Act. For more information, see: EPIC: Student Privacy. (Dec. 12, 2013)
- EPIC FOIA - EPIC Uncovers Information About Debt Collector Practices from Education Dept.: Pursuant to a Freedom of Information Act lawsuit against the Education Department, EPIC has obtained documents which reveal that many private debt collection agencies maintain incomplete and insufficient quality control reports. As government contractors, debt collectors are required to follow the Privacy Act, a federal law that protects personal information. The Education Department also requires student debt collectors to submit quality control reports indicating whether the companies maintain accurate student loan information. The documents obtained by EPIC in this FOIA lawsuit reveal that many companies provide small sample sizes to conceal possible violations of the Act. The documents also show that many companies do not submit required information about Privacy Act compliance to the Education Department. EPIC has recently settled the case and obtained attorneys fees for making this information available to the public. For more information, see EPIC v. Education Department - Private Debt Collector Privacy Act Compliance. (Nov. 1, 2013)
- Senator Markey Investigates Student Data Disclosures: Senator Edward Markey has sent a letter to the Education Department, requesting information on the "impact of increased collection and distribution of student data" on student privacy rights. Among other questions, Senator Markey asks why the Department made changes to the Family Educational Rights and Privacy Act, a federal student privacy law; whether the Department "performed an assessment of the types of information" that schools disclose to third party vendors; and whether students and their families can obtain their information held by private companies. The letter states, "By collecting detailed personal information about students' test results and learning abilities, educators may find better ways to educate their students. However, putting the sensitive information of students in private hands raises a number of important questions about the privacy rights of parents and their children." EPIC has sent a letter to the Senate and House Committees on Education, urging Congress to restore privacy protections for student data. For more information, see EPIC: Student Privacy and EPIC: EPIC v. The Deptartment of Education. (Oct. 24, 2013)
- EPIC Urges Congress to Protect Student Privacy: In a letter to the Senate and House Committees on Education, EPIC has asked Congress to restore privacy protections for student data. EPIC's letter follows a court opinion concerning recent changes to the Family Educational Rights and Privacy Act. EPIC has warned that the changes in the student privacy law allow the release of student records for non-academic purposes and undercut parental and student consent provisions. EPIC has urged Congress to investigate the impact of the revised regulations. "Students and families are losing control over sensitive information," EPIC wrote, "and private companies are becoming the repositories of student data and even the data maintained by the schools is far more extensive than ever before." For more information, see EPIC: Student Privacy. (Oct. 10, 2013)
- Judge Rules that EPIC Lacks Standing to Challenge Education Department's Unlawful Regulations: A federal court dismissed EPIC's lawsuit against the Education Department. EPIC has challenged the agency's 2011 changes to the Family Educational Rights and Privacy Act (FERPA) which allow the release of student records for non-academic purposes and undercut parental and student consent provisions. The court held that neither EPIC nor any of its Board of Director co-plaintiffs "have standing to bring the claims asserted in the complaint." The judge did not reach EPIC's substantive claims asserted in the complaint. EPIC argued that the Education Department exceeded its authority with the changes and that the revised regulations violate the federal student privacy law. Before initiating the lawsuit, EPIC submitted extensive comments to the Education Department, opposing the unlawful regulations. EPIC intends to take further steps to safeguard student privacy. For more information, see EPIC: EPIC v. The U.S. Department of Education and EPIC: Student Privacy. (Oct. 1, 2013)
- EPIC to Defend Student Privacy Rights in Federal Court: On July 24, EPIC President Marc Rotenberg and EPIC Administrative Law Counsel Khaliah Barnes will present arguments in federal district court in Washington, DC in support of student privacy. In EPIC v. Dept. of Education, No. 12-327, EPIC is challenging recent changes to the Family Educational Rights and Privacy Act (FERPA) that allow the release of student records for non-academic purposes and undercut parental consent provisions. In 2011, EPIC submitted extensive comments to the agency opposing the changes. After the Education Department failed to modify the proposed regulation, EPIC filed a lawsuit and argued that the agency exceeded its authority with the changes, and also that the revised regulations are not in accordance with the 1974 privacy law. EPIC is joined in the lawsuit by members of the EPIC Board of Directors Grayson Barber, Pablo Garcia Molina, Peter Neumann, and Deborah Peel. For more information, see EPIC: EPIC v. The U.S. Department of Education and EPIC: Student Privacy. (Jul. 23, 2013)
- EPIC Testifies Before Colorado Board on Student Privacy: EPIC Administrative Law Counsel Khaliah Barnes testified before the Colorado State Board of Education on privacy issues concerning inBloom and other companies that acquire student information. In response to public outcry over a pilot program which grants these companies access to sensitive student data, the Colorado Board of Education hosted a public session. Representatives from inBloom, the Colorado Attorney General's Office, a local school district, and EPIC participated. EPIC recommended that Colorado ensure that students and parents have access to education records maintained by third party providers, and that students and their parents should be able to limit disclosure to third parties. In 2012, EPIC sued the Education Department for issuing regulations that failed to safeguard student privacy. For more information, see EPIC: EPIC v. The U.S. Department of Education and EPIC: Student Privacy. (May. 21, 2013)
- EPIC Sues Education Department, Seeks Documents about Debt Collectors and Student Privacy: EPIC has filed a Freedom of Information Act lawsuit against the Education Department, following the agency's failure to release documents about private debt collection and compliance with federal privacy law. The Department has contracts with at least twenty-three private debt collectors who obtain sensitive personal information, including contact information, loan status, income, Social Security number, and credit history. The Department is expected to publish a procedures manual that instructs debt collectors on privacy safeguards. The Department is also supposed to require debt collectors to submit compliance reports to the agency. EPIC's sought release of the procedures manual and compliance reports for the last three years. After the Department failed to disclose any records in response to the FOIA request, EPIC sued. For more information, see EPIC: Open Government and EPIC: Student Privacy. (Mar. 18, 2013)
- In Federal Court EPIC Defends Student Privacy: In documents filed with a federal court in Washington, DC, EPIC is challenging changes to the Family Educational Rights and Privacy Act (FERPA). The revised regulations, issued by the Education Department, allow the release of student records for non-academic purposes and undercut parental consent provisions. The rule change also promotes the public use of student IDs that enable access to private educational records. In 2011, EPIC submitted extensive comments to the agency, opposing the changes and arguing for the need to safeguard privacy. After the Education Department failed to make necessary changes, EPIC filed a lawsuit and argued that the agency exceeded its authority with the changes, and also that the revised regulations are not in accordance with the 1974 privacy law. EPIC is joined in the lawsuit by members of the EPIC Board of Directors and Advisory Board Grayson Barber, Pablo Garcia Molina, Peter Neumann, and Deborah Peel. For more information, see EPIC: EPIC v. The U.S. Department of Education and EPIC: Student Privacy. (Jan. 22, 2013)
- EPIC Supports Moratorium on RFID Student Tracking : EPIC, along with Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) and other leading privacy and civil liberties organizations, issued a Position Paper on the Use of RFID in Schools. Radio Frequency Identification is an identification tracking technology "designed to monitor physical objects," such as commercial products, vehicles, and animals. Some school districts are proposing to use RFID ID tags to monitor students, teachers, and staff. The report warns of significant privacy and security risks. If RFID techniques are adopted, the groups urge that schools adopt robust privacy safeguards. In 2006 and 2007, EPIC submitted comments to federal agencies recommending against the use of RFID technology to track air travelers. The State Department subsequently made changes to the "e-Passport," to address privacy and security concerns. For more information, see EPIC: Radio Frequency Identification (RFID) Systems and EPIC: Student Privacy. (Aug. 21, 2012)
- EPIC Urges Education Department to Protect Student Privacy: EPIC has submitted comments to the Education Department, recommending the agency collect only "relevant and necessary" student information when it undertakes educational studies. The agency's Institute of Education Sciences has proposed a "Study of Promising Features of Teacher Preparation Programs" to help assess teacher effectiveness. The new database will contain records on "approximately 5,000 students and 360 teachers." EPIC urged the agency to only collect student data germane to teacher effectiveness, such as test scores, and opposed the agency's collection of detailed student information such as actual name and "disciplinary incidences." Earlier this year, EPIC sued the Education Department for issuing regulations that failed to safeguard student privacy. For more information, see EPIC: EPIC v. The U.S. Department of Education and EPIC: Student Privacy. (Jul. 31, 2012)
- EPIC Sues to Block Changes to Education Privacy Rules: EPIC has filed a lawsuit under the Administrative Procedure Act against the Department of Education. EPIC's lawsuit argues that the agency's December 2011 regulations amending the Family Educational Rights and Privacy Act exceed the agency's statutory authority, and are contrary to law. In 2011, the Education Department requested public comments regarding the proposed changes. In response, EPIC submitted extensive comments, addressing the student privacy risks and the agency's lack of legal authority to make changes to the privacy law without explicit Congressional intent. The agency issued the revised regulations despite the fact that "numerous commenters . . . believe the Department lacks the statutory authority to promulgate the proposed regulations." EPIC is joined in the lawsuit by co-plaintiffs Grayson Barber, Pablo Molina, Peter G. Neumman, and Dr. Deborah Peel. The case is EPIC v. US Department of Education, No. 12-00327. For more information, see EPIC: Student Privacy. (Feb. 29, 2012)
- Department of Education Issues Unlawful Regulations that Harm Student Privacy: The Department of Education has released final regulations concerning the Family Educational Rights and Privacy Act (FERPA). These regulations exceed the agency's legal authority and expose students to new privacy risks. The new rules permit educational institutions to release student records to non-governmental agencies without first obtaining parents' written consent. The new rules also broaden the permissible purposes for which third parties can access students records without first notifying parents. The agency rules also fail to appropriately safeguard students from the risk of re-identification. In response to the Department of Education's request for public comments, EPIC submitted extensive comments to the agency in May 2011, addressing the student privacy risks and the agency's lack of legal authority to make changes to FERPA without explicit Congressional intent. For more information, see EPIC: Student Privacy. (Dec. 5, 2011)
- Seventh Circuit Court Hears Oral Argument in Students' Privacy Case: The US Court of Appeals for the Seventh Circuit heard oral arguments today in Chicago Tribune v. University of Illinois. EPIC filed a "friend of the court" brief in the case, which concerns student privacy rights protected by the Family Educational Rights and Privacy Act ("FERPA"). EPIC's brief argued that Congress intended to protect student records, including admissions files, from unauthorized release and that Illinois' open government law must yield to the federal privacy law. In this case, the Tribune requested documents from the University of Illinois, under Illinois' open government law, while investigating alleged corruption in the admissions practices of the University. The University denied the Tribune's request, stating that the requested documents contained the personally identifiable information of students and were thereby protected by federal law. A lower federal court found that Illinois law required the documents to be released. The Depart of Justice also filed a brief in support of student privacy in the case. For more information, see EPIC: Chicago Tribune v. University of Illinois and EPIC: Student Privacy. (Sep. 30, 2011)
- EPIC Urges Seventh Circuit to Protect Students' Privacy Rights: EPIC filed a "friend of the court" brief in Chicago Tribune v. University of Illinois, a case involving student privacy rights protected by the Family Educational Rights and Privacy Act ("FERPA"). EPIC's brief argues that Congress intended to protect student records, including admissions files, from unauthorized release and that Illinois' open government law must yield to the federal privacy law. While investigating alleged corruption in the admissions practices of the University of Illinois, the Tribune sought documents from the University under Illinois' open government law. The University denied the Tribune's request, stating that the requested documents contain the personally identifiable information of students and are thereby protected by federal law. A lower federal court found that Illinois law required the documents to be released.The Depart of Justice has also filed a brief in support of student privacy in the case. For more information, see EPIC: Chicago Tribune v. University of Illinois and EPIC: Student Privacy. (Jul. 21, 2011)
- EPIC Calls Proposed Student Privacy Exemptions "Unlawful": EPIC submitted a detailed statement to the Department of Education in response to a request for public comment on a proposal to expand exemptions in a law that protects the privacy of student information. The Family Educational Rights and Privacy Act limits the release of students' educational records. However, the Department of Education has proposed to relax privacy safeguards to permit widespread disclosure of student data, including unique students identification numbers, across federal and state agencies. EPIC said that the agency lacks the legal authority to establish the exemptions and that proposal would result in an "Unprecedented and Unlawful Release of Confidential Student Information." Individuals can submit their own comments on the Regulations.gov website. For more information, see EPIC: Student Privacy. (May. 23, 2011)
- Department of Education Plans to Disclose Confidential Student Data: The Department of Education has proposed new regulations to transfer student data from schools to state agencies. The regulations will revise key provisions of the Federal Educational Rights and Privacy Act, which was enacted to protect privacy, security, and confidentiality of student data. The proposal is part of a new federal program that requires schools to disclose student data, including enrollment information, degree of success transitioning from secondary to post-secondary institutions, and demographic data, to states to receive federal funding. The student information will be compiled into large databases and used to track and analyze student's progress through the education system. The Department is accepting comments on the proposed regulations. Deadline for comment is May 23, 2011. For More Information, see EPIC: Student Privacy. (Apr. 8, 2011)
- Report Says School Officials At Fault in High School Spycam Episode: An independent report finds the Lower Merion School District at fault for the remote monitoring of laptop computers that the District issued to high school students. The report followed a complaint filed by Blake J. Robbins, a student at Harriton High School, alleging that school officials used the laptops to spy on students. The report concluded that 30,564 webcam photographs and 27,428 screen shot images were captured because of "the District's failure to implement policies, procedures, and record-keeping requirements and the overzealous and questionable use of technology" by personnel "without any apparent regard for privacy considerations or sufficient consultation with administrators." EPIC has extensively documented students' privacy rights, see EPIC: Student Privacy. (May. 14, 2010)
- Supreme Court: Strip-Search of Teenager Violated Constitutional Rights : The Supreme Court delivered a 8-1 opinion ruling that a strip-search of a thirteen-year-old girl by school officials looking for an ibuprofen tablet violated the Fourth Amendment. Justice Souter writing for the Court held that the search was unreasonable and that school searches are permissible when they are "not excessively intrusive in light of the age and sex of the student and the nature of the infraction." But a majority of the Justices also said that the school officials were not liable for damages because it had not been "clearly established" that the search was unlawful. Justices Stevens and Ginsburg disagreed and said that a previous Supreme Court case made clear that the search was "excessively intrusive." Justice Thomas wrote in dissent that the search was permissible. See also EPIC's page on Student Privacy. (Jun. 25, 2009)
- Supreme Court Hears Case on Strip-Search of Young Student by Schools Officials Looking for Advil: The Supreme Court heard a case involving a traumatic strip-search of a thirteen-year-old girl by school officials looking for an ibuprofen tablet. The search was conducted based on allegation by another student, who had been caught with drugs. A federal appelate court held that the search of the student was unreasonable and that a school official could be liable for violating the girl's Fourth Amendment rights. The school appealed to the Supreme Court and argued that the search was reasonable and the school official had qualified immunity. The respondent student replied that the search was highly invasive and the official should be held responsible. See also EPIC's page on Student Privacy. (Apr. 21, 2009)
- EPIC and Over 100 Groups Seek End to DOD Recruiting Database. The Electronic Privacy Information Center (EPIC) and more than 100 local, state, and national organizations today urged Secretary of Defense Donald Rumsfeld to end the "Joint Advertising and Market Research Studies" Recruiting Database. The groups cited the broad exemptions to federal privacy laws that would allow the Defense Department to disclose personal information to others without an individual's consent or knowledge. The database would include name, date of birth, gender, address, telephone, e-mail address, Social Security Number, ethnicity, high school, education level, college, and intended field of study for more than 30 million Americans who are 16-25 years old. For more information, see EPIC's page on the DOD Recruitment Database Page. (Oct. 18, 2005)
- Spotlight: Database Tracks Foreign Students, Visitors in United States. September's "Spotlight on Surveillance" scrutinizes the Student and Exchange Visitor Information System (SEVIS), a Homeland Security program that monitors and tracks students and exchange visitors at all times. SEVIS is also a part of the controversial US-VISIT program. Through SEVIS, the federal government is accumulating a massive amount of data on foreign students and exchange visitors and their dependents, including biographical, academic, and employment information. The stated goals of SEVIS concern immigration and education, but the database is also available to other federal, local, state, tribal and foreign agencies. For more information, see EPIC's Spotlight on Surveillance and US-VISIT pages. (Sept. 9, 2005)
- EPIC Releases Memorandum on DOD Recruiting Database, Privacy Act Violations. EPIC has drafted a memorandum (pdf) describing the Department of Defense (DOD) recruiting database. The memorandum discusses the sources of the data and the Privacy Act violations in the creation of the database. Of particular concern is the use of commercial data brokers and Social Security Numbers. EPIC concludes with specific recommendations. Pending resolution of these issues, it is the view of EPIC that the use of the database should be immediately suspended. For more information, see EPIC's page on the DOD Recruiting Database Page. (Jul. 27, 2005)
- Recruiting Database Established in Violation of Privacy Act. In a media roundtable Department of Defense officials admitted to consolidating a massive database of student information for recruiting in 2003, however the agency did not list this database in the Federal Register until May 2005. The Privacy Act requires that new systems of records be published in the Federal Register before they become operational. Last week, EPIC urged the agency to scrap the database, as it collected unnecessary information, offered no opt-out rights, and was to be housed at a private-sector direct marketing company. For more information, see EPIC's DOD Recruiting Database Page. (Jun. 27, 2005)
- Groups: DOD Should Scrap Massive Database. In comments to the Department of Defense, EPIC and 8 privacy and consumer groups objected to the creation of a massive database for military recruitment purposes. The database would contain the Social Security Numbers, race, and educational information on up to 25 million people as young as 16 years old. The database would be operated by a commercial data marketing company, and individuals would not be able to opt-out. The groups called upon the Department of Defense to terminate the database program, as the database is fundamentally incompatible with the government's responsibilities under the Privacy Act. For more information, see EPIC's DOD Recruiting Database Page. (Jun. 21, 2005)
- EPIC Objects to Student Data Matching. A coalition of groups has objected to data sharing between the Selective Service System (SSS) and the Department of Education to determine whether students have registered for the draft. In a letter to the SSS, EPIC argued that a data matching arrangement does not comply with the Privacy Act, and that it should be suspended immediately. (Dec. 21, 2004)
- EPIC, Student Privacy Bill of Rights
- Department of Education's FERPA Web site.
- Department of Education's Family Educational Rights and Privacy Act Regulations, December 2, 2011.
- Department of Education's Family Educational Rights and Privacy Act Regulations, December 9, 2008.
- Recent Changes Affecting FERPA and PPRA, Department of Education, October 2002.
- Department of Education's Model Notification of Rights for Elementary and Secondary Students.
- Department of Education's Model Notification of Rights under FERPA for Post-secondary Institutions.
- Department of Education's Model Notification of Rights under FERPA for Directory Information.
- Department of Education's Model Notice and Consent/Opt-Out for Specific Activities under PPRA.
- Joint letter from Departments of Defense and Education Regarding Military Recruiter Access to Secondary Students, July 2003. (PDF file).
- Q&A Policy Guidance on Access to High School Student by Military Recruiters, Departments of Education and Defense.
- Report to the Nation: State Implementation of the No Child Left Behind Act, Education Commission of the States.
- Guidance for School Districts on Student Education Records, Directory Information, Health Information and Other Privacy Provisions, National School Boards Association.
- NYCLU Guidance on the Military Recruiter Provision of No Child Left Behind.
- Recent Amendments to Family Educational Rights and Privacy Act Relating to Anti-Terrorism Activities, Department of Education, April 2002.
- SEVP Student and Exchange Visitor Program, Immigration and Naturalization Service.
- Students, American Civil Liberties Union.
- GAO Report on Commercial Activities in Schools, September 2000.
- Jennifer C. Wasson, FERPA in the Age of Computer Logging: School Discretion at the Cost of Student Privacy?, 81 N.C.L. Rev. 1348 (March 2003).
- Rebecca N. Cordero, Comment: No Expectation of Privacy: Should School Officials Be Able to Search Students' Lockers Without Any Suspicion of Wrongdoing? A Study of In Re Patrick Y. and its Effect on Maryland Public School Students, 31 U. Balt. L. Rev. 305, Spring 2002.
- Tamu K. Walton, Protecting Student Privacy: Reporting Campus Crimes as an Alternative to Disclosing Student Disciplinary Records, 77 Ind. L.J. 143, Winter 2002.
- Lynn M. Daggett, Bucking Up Buckley I: Making the Federal Student Records Statute Work, 46 Cath. U. L. Rev. 617, Spring 1997.
- David A. Banisar, Privacy of Education Records, Electronic Privacy Information Center, January 1994.
- Gonzaga Univ. v. Doe, 122 S. Ct. 2268 (2002). In Gonzaga, the Supreme Court held that a student could not privately enforce rights conferred under FERPA by bringing a § 1983 civil rights action against a private university because the Act's nondisclosure provisions did not create any enforceable rights.
- Owasso Indep. Sch. Dist. No. I-011 v. Falvo, 534 U.S. 426 (2002). In Owasso, the Supreme Court determined that grades on peer-graded papers do not qualify as education records, and thus are not protected by FERPA.
- In Board of Ed. of Independent School Dist. No. 92 of Pottawatomie Cty. v. Earls, 536 U.S. 822, (2002), the Court ruled that students who voluntarily participate in extracurricular activities have a limited expectation of privacy because they voluntarily subject themselves to intrusions on their privacy, such as "occasional off-campus travel and communal undress." Furthermore, the Court found that requiring students to submit urine samples (by urinating in a bathroom stall while the teacher stood outside the stall listening "for the normal sounds of urination in order to guard against tampered specimens and to insure an accurate chain of custody") was "minimally intrusive" and a "not significant" invasion of students' privacy. In a concurring opinion, Justice Breyer compared student drug testing to other responsibilities that schools must bear, such as providing school lunches. Schools "prepare pupils for citizenship in the Republic [and] inculcate the habits and manners of civility as values in themselves conductive to happiness and as indispensable to the practice of self-government in the community and the nation," Breyer said.
- United States v. Miami Univ., 294 F. 3d 797 (6th Cir. 2002). In Miami, the Sixth Circuit held that a newspaper does not have unrestricted access to unredacted student disciplinary records because such records are "education records" within the meaning of FERPA. Jensen v. Reeves, 3 Fed. Appx. 905 (10th Cir. 2001). In Jensen, the Tenth Circuit determined that limited disclosure to interested parties about a child's misbehavior in school is legitimate under FERPA.
- Vernonia School Dist. 47J v. Acton, 515 U.S. 646 (1995). Upheld the random, suspicionless drug testing of student athletes. The Court said that athletes had a diminished expectation of privacy in relation to other students, noting that athletes were required to undergo physical exams before being allowed to join a team and undress and shower in communal locker rooms.
- Bauer v. Kincaid, 759 F. Supp 575 (WD Mo. 1991). In Bauer, a district court held that a public university student newspaper may obtain and publish criminal investigation and incident reports prepared by a campus security department because such documents are not "education records" under FERPA.
- Red and Black Publ'g Co. v. Bd. of Regents, 427 S.E.2d 257 (Ga. 1993). In a suit filed by the University of Georgia's student newspaper after it was denied access to campus court records and proceedings about hazing charges against two fraternities, the Georgia Supreme Court held that student court records were subject to the state open-records law and that disciplinary proceedings were subject to the state open-meetings statute.
- In New Jersey v. T.L.O., 469 U.S. 325 (1985), the Supreme Court held that the Fourth Amendment's prohibition on unreasonable searches and seizures applies to searches conducted by public school officials, who are not exempt from the Amendment's dictates by virtue of the special nature of their authority over schoolchildren. However, the Court said that school officials do not have to obtain a warrant before searching a student who is under their authority if the officials have reasonable grounds for suspecting that the search will turn up evidence that the student has violated the law or the rules of the school. The court held that searches of students' belongings are permissible if the measures adopted are reasonably related to the objectives of the search and not excessively intrusive in light of the student's age and sex and the nature of the infraction.
- Planned Parenthood of Cent. Mo. V. Danforth, 428 U.S. 52 (1976). If a student confides in school personnel about pregnancy or birth control issues, case law establishing minors' reproductive rights probably limits schools' ability to disclose this information to the student's parents without his or her consent.
American Student List (ASL) sells databases of children's names in grades K-12 overlaid with data on sex, age, whether they own a telephone, income, religion, and their race or ethnicity. This information is often gleaned from surveys that are administered while children are in school under the pretense of college admissions and other education-related purposes. Students and parents do not know that their personal information is being used for the secondary purpose of marketing. The data is used for hawking credit cards, catalog items, magazines, student "recognition" products, and job recruitment. This image of ASL data comes from the SRDS Direct Marketing List Manual, a list of marketing lists. It is not available online, but one can often find it in a library.
Student "recognition" products, such as "Who's Who Among American High School Students" and the "National Dean's List" have a strong marketing function. Information collected in composing both directories is used for marketing a wide variety of products wholly unrelated to education. And, although teachers and administrators are encouraged to nominate students and transfer data to the company, the reality is that a growing number of employers and colleges don't consider such recognition directories as meritorious.
In October 2002, the Federal Trade Commission (FTC) settled cases against ASL and the National Research Center for College and University Admissions (NRCCUA) for collecting personal information from children using deceptive practices. The FTC complaint alleged that the companies operated a scheme to cull marketing data from student through surveys administered under the pretense of college admissions and scholarship opportunities.
NRCCUA sent letters to schools asking teachers to dedicate classroom time to administering detailed surveys for college admissions and financial aid purposes. These "Post-Secondary Planning" surveys elicited detailed personal information from students, including their religious affiliation, personal interests, and social attitudes. The surveys did have a privacy notice, but the language implied that the information was for educational purposes only. NRCCUA marketed the information collected to higher education institutions, but also shared the information with ASL, which used the data for direct marketing.
In August 2002, the New York Attorney General filed suit against Student Marketing Group (SMG), a company that collected information from students for direct marketing. The company was alleged to have formed a non-profit subsidiary, Educational Research Center of America (ERCA) which sent millions of surveys to high schools to collect information for college financial aid and scholarship opportunities. ERCA, without notice to the schools or students, was also using the information for direct marketing of magazines, credit cards, and other items. In January 2003, SMG and ERCA settled the New York Attorney General's case, and a separate investigation brought by the Federal Trade Commission.
Student profiling does not end with grade school. Profilers collect and use information from students in higher education as well. College students are targeted for magazine subscriptions, student "recognition" programs, credit cards, insurance solicitations, long distance plans, toys, cell phone plans, mail-order food, and other products. Often, college students' personal information is obtained through the institution itself. Institutions may reveal students' contact and activities (club membership) information through student directories, joint marketing agreements, or through state open records acts that require the release of enrollment lists.
- FOIA documents obtained from the Department of Education (PDF 1.1M). These documents were obtained in summer 2004 and pertain to compliance with student privacy protections afforded by No Child Left Behind.
- Student Marketing Group Consent Order, New York Attorney General, January 2003.
- Student Survey Companies Settle FTC Charges, FTC Press Release, January 29, 2003.
- FTC Eyes 'Educational' Marketers, Wired, January 3, 2003.
- Long Island "Educational Survey" Firm Agrees to Halt Deceptive Practices, New York Attorney General, January 29, 2003.
- Sallie Mae's Definition of Success Student Loan Firm Hopes to Capitalize on Customer Base With Marketing Partnerships, Washington Post, January 7, 2002.
- Daniel Golden, College-Survey Firm Quietly Peddles Student Information to Big Marketer, Wall Street Journal (Dec. 3, 2001).
- ASL Marketing: Markets data on teens, college students and their parents.
- Dunhill's College Students: "This is a comprehensive list of students currently attending a four-year college or university."
- Dunhill's High School Students "Select high school students by class year, age, with head of household income, mail order buyer, and computer owner."
As of September 2002, thirty-five states have passed laws supplementing the protection of education records provided by FERPA. The states that offer the most protection include:
California: College and university students have a right to privacy under the state Constitution. Parents have a right to inspect children's records in both public and private schools. (Cal. Educ. Code §§ 49060-49083.)
Louisiana: A 1974 Louisiana Attorney General's opinion states that children have a right to privacy in schools. Their records are considered confidential.
Nebraska: Academic and disciplinary records are to be kept separate. Disciplinary records are destroyed at the time of the student's graduation if authorized by the state records board. (Neb. Rev. Stat. § 79-4,157.)
Ohio: Schools are forbidden to release education records for any profit-making activity. (Ohio Rev. Code § 3319.321.)
Oklahoma: It is a misdemeanor for a teacher to reveal any information about a child obtained in the teacher's professional capacity, except as required by fulfillment of contractual obligations or as requested by a parent. (Okla. Stat. Ann. 7-6-115.)
Texas: Education records are considered confidential and can be released only upon request of school personnel, a student, parent, or spouse. (Tex. Gov. Code § 552.114).
Military Access to Students and Student Information
Two laws were passed in 2001 which make it easier for military recruiters to access high school students' contact information. The laws changed schools' previous ability, under the Family Educational Rights and Privacy Act (FERPA), to choose to whom they would release such information.For more information about this issue, see EPIC's DOD Recruiting Database page.
Tracking and Managing Student Information
Although the No Child Left Behind Act explicitly prohibits the creation of a nationwide student database, the Act does set up requirements for collecting information from students that may encourage school districts and states to develop new ways to track students. The NCLB requires each state to create procedures for "facilitating the transfer of disciplinary records" to any school in which a student enrolls or seeks to enroll. (20 U.S.C.S. § 7165). NCLB also includes vast guidelines and requirements for monitoring student achievement. Schools, districts and states will link test scores to, for instance, information like race and socioeconomic status. Some states have created unique identifiers for all students that can carry many pieces of information, and some of these systems have raised the concern of groups like the ACLU.
- Recent State Policies and Activities for Storing and Using Data under NCLB, Education Commission of the States.
- No Child Left Behind Act Prohibition on Nationwide Database, Section 9531.
Federal Substance Abuse Records Laws: If a state law gives older minors the right to get treatment or counseling for substance abuse problems without parental consent, and school-based persons operate a program to provide that assistance, the federal laws require that any record in the student's file relating to the assistance be kept confidential—even from the minor's parents—unless the minor consents to a release.
Student and Exchange Visitor Information System (SEVIS)
In January 2002, FERPA was amended to permit the Attorney General to obtain a court order to collect education records from schools for the purposes of investigating or prosecuting terrorism. The Immigration and Naturalization Services (INS), in conjunction with a number of other federal agencies, is currently in the initial stages of implementing the Student and Exchange Visitor Information System (SEVIS).
SEVIS is an Internet-based system that allows schools to transmit student information to the INS for purposes of tracking and monitoring non-immigrant and exchange students. Accessible information includes a student's personally identifiable information, admission at port of entry, disciplinary information, and academic information, such as changes in program of study. Schools will be required to transmit such information to the INS for the duration of a student's stay in the United States. The USA PATRIOT Act requires that SEVIS be fully implemented by January 1, 2003.
- USA PATRIOT Act, P.L. 107-56.
Campus Identification Cards
Many colleges and universities are employing identification cards that are used to access every facility or service on the campus. The goal of these cards is to create a seamless system where students can purchase items or access services with just one card.
These systems of identification pose new risks to privacy and autonomy. First, such systems can create a log of students' movements, which later can be accessed by police or other authorities. There is also the problem of malicious student or employee access, caused in part by institutional hiring of students for positions where they can access the personal data of other students. With ubiquitous campus identification schemes, student employees or others may use the data to stalk or harass other students and employees.
Second, it creates an infrastructure that allows dataveillance. Such systems can allow secondary use of location or consumption data, much like supermarket-shopping cards are used now to profile what individuals purchase at stores. These cards eliminate cash transactions, and in doing so, may tie identity to every transaction. For instance, Blackboard's student identification system notes that it:
"Provide you [sic] users with identification cards and track user data. All user profiles are stored in a central database, and user data can be imported from a variety of commercial Student Information Systems (SIS)".
NuVision Networks, Corp. markets their student identification system as one that can accommodate a number of campus activities, including student voting:
"Voting We've taken all the work out of college voting. With Campus Center it's easy to manage complex voting situations involving an unlimited number of specialized groups. Votes can be multiple choice or Yes/No, and since the actual tally is constantly displayed for each vote, there is really no need to post results. Student can watch the voting as it happens from any network computer.
One cannot take "all the work out" of voting. Electronic voting is an extremely complex topic that implicates risks to the secret ballot, and inference with the vote. Bryn Mawr Professor Rebecca Mercuri, a leading authority in electronic voting notes:
Fully electronic systems do not provide any way that the voter can truly verify that the ballot cast corresponds to that being recorded, transmitted, or tabulated. Any programmer can write code that displays one thing on a screen, records something else, and prints yet another result. There is no known way to ensure that this is not happening inside of a voting system.
Another service offered by Blackboard, "Bb One," allows off-campus use of campus identity cards. This system specifically allows direct marketing based on the identification system:
Bb One™ is a transaction-based outsourcing solution that enables the acceptance of the university ID card as a form of payment off-campus. Bb One provides students with a cashless, safe, and secure way to transact on and around campus while offering parents the assurance that their funds will be spent within a university-approved network. Blackboard develops a comprehensive off-campus merchant network on behalf of each university and manages every aspect of the program from merchant acquisition to merchant support. Participating merchants also benefit from access to a university-endorsed spending program and direct-to-student and parent marketing programs.
The security of these identification systems is also questionable. Most of the systems operate on Windows platforms, which are particularly vulnerable to malicious cracking. Furthermore, Blackboard Inc. has employed the Digital Millennium Copyright Act to stop two students from delivering a lecture on the security vulnerabilities of the cards.
Third, and most importantly, pervasive identification systems acclimatize students to the custom of carrying an identity card and using it for routine purposes. We do not live in a society where individuals are required to carry identification, but these systems essentially force students to do so. Campuses that employ these systems are likely to breed a generation of students who don't see the fundamental privacy risks that flow from eliminating anonymous systems, and from requiring individuals to carry credentials.
Campus Credit Card Marketing
Financial institutions are very aggressive in attracting student customers. New students generally have no debt, and little understanding of how credit cards and compound interest work. Many financial institutions actually have exclusive credit card marketing agreements on certain campuses, where the school profits from the issuance of credit cards to students. The pursuit of students after graduation is also privacy invasive, as alumni associations receive payment for selling personal information to the credit card companies.
- Prepared Statement of Dr. Robert D. Manning, Hearing on "The Role of FCRA in the Credit Granting Process," Before the Subcommittee on Financial Institutions and Consumer Credit, (June 12, 2003).
- Prepared Statement of Dr. Robert D. Manning, "Credit Cards on Campus: A Growing Collegiate Crisis or Benign Societal Trend?," expert testimony before the U.S. Senate Banking, Housing, and Urban Affairs Committee, hearing on "The Importance of Financial Literacy Among College Students," Dirksen Senate Office Building, Washington, D.C., (September 2002).
- Robert Manning, Credit Card Nation: The Consequences of America's Addiction to Credit, Basic Books, December 2000.
- Robert Manning, Credit Cards on Campus: Current Trends and Informational Deficiencies, 1999.
- Robert Manning, Credit Cards on Campus: Social Costs and Consequences of Student Debt, 1999.
- Benjamin Herold, Google Under Fire for Data-Mining Student Email Messages, Education Week, Mar. 13, 2014
- Khaliah Barnes, Why a 'Student Privacy Bill of Rights' is Desperately Needed, Washington Post, Mar. 6, 2014
- Stacy Khadaroo, Data Breach at Indiana University: Are Colleges Being Targeted, Christian Science Monitor, Feb. 26, 2014
- Benjamin Herold, Education Leaders Tackle Student Data Privacy Issues at Summit, Education Week, Feb. 24, 2014
- Barbara Liston, Florida Lawmakers Push Bills Banning Biometric Scans of School Children, Chicago Tribune, Feb. 4, 2014
- David Nagel, Student Data Not a ‘Product’ To Be ‘Sold to the Highest Bidder’, The Journal, Jan. 14, 2014
- Ann Dornfeld, State Deal to Give Media Organizations Student Data Alarms Privacy Experts, KUOW.ORG, Dec. 19, 2013
- Ariel Bogle, Study: Student Data Not Safe in the Cloud, Slate, Dec. 16, 2013
- Molly Hensley-Clancy, U.S. Schools'; Approach to Student Data Threatens Privacy: Study, Reuters, Dec. 13, 2013
- Natasha Singer, Senator Raises Questions About Protecting Student Data, New York Times, Oct. 22, 2013
- Natasha Singer, Group Presses for Safeguards on the Personal Data of Schoolchildren, New York Times, Oct. 13, 2013
- Natasha Singer, Deciding Who Sees Students'; Data, New York Times, Oct. 5, 2013
- Sam Sanders, Students Find Ways to Hack School-Issued iPads Within a Week, Northwest Public Radio, Sept. 27, 2013
- Diane Ravitch, 3 Dubious Uses of Tech in Schools, Salon, Sept. 25, 2013
- David Kravets, Student Suspended for Refusing to Wear RFID Chip Returns to School, Wired, Aug. 22, 2013
- Todd Engdahl, Data Fears Aired Before State Board, ChalkBeat Colorado, May 16, 2013
- Valerie Strauss, Lawsuit Charges Ed Department with Violating Student Privacy Rights, The Washington Post, Mar. 13, 2013
- Chacour Koop, E-number Spreadsheet Leaked, Daily Eastern News, Jan. 23, 2013
- Margo Pierce, The Price of Free Cloud Resources, The Journal, Dec. 4, 2012
- Heather Sells, Big Brother? School District Tracks Kids with RFID, CBN News, October 9, 2012.
- Gazzang, Gazzang Recommends Five Tips to Protect Student Data in the Cloud, September 25, 2012.
- Bailey McGowan, Florida Colleges Ask Court to Revisit FERPA Case Involving Student Who Complained About Professor, Student Press Law Center, September 11, 2012.
- Student Data Will be Given to Military Recruiters, Morning Sentinel, August 22, 2012.
- Mark Boxley, University of Kentucky, Louisville Monitor Athletes' Tweets, USA Today, August 20, 2012.
- Francisco Vara-Orta, Students Will be Tracked via Chips in IDs, San Antonio Express-News, May 26, 2012.
- Lynn Stratton, Erosion of Privacy Reaches Schoolhouse St. Petersburg Times, July 25, 2004, at 7P.
- Recruiting Student Privacy, Los Angeles Times, April 18, 2004, at Part B, 1.
- Privacy Worries Dog Bill Designed to Track Students, The Union Leader (NH), March 24, 2004, at C10.
- Student IDs to Ease Transfers, But Privacy Fears Raised, Milwaukee Journal Sentinel, January 24, 2004, at 1A.
- Union Likely to Test Student ID Program, Tulsa World, December 14, 2003, at A30.
- Erica Hill, Cyber rights... and wrongs, CNN, May 7, 2003.
- Fred Lohmann, New music rules are needed, Daily Princetonian, April 14, 2003.
- Julie Hilden, Should Universities Crack Down on File Swapping?, Findlaw.com, March 4, 2003.
- John Borland, Fingerprinting P2P pirates, CNET, February 20, 2003.
- Leonie Lamont, Recording Firms Ask To Scan University Computers, Sydney Morning Herald, February 19, 2003.
- Erika Hayasaki, Districts Taking on Recruiters, The Los Angeles Times, February 13, 2003.
- Tamar Lewin, Uncle Sam Wants Student Lists, and Schools Fret, The New York Times, January 29, 2003.
- Long Island "Educational Survey" Firm Agrees to Halt Deceptive Practices, New York Attorney General, January 29, 2003.
- Student Survey Companies Settle FTC Charges, FTC Press Release, January 29, 2003.
- Kendra Mayfield, FTC Eyes 'Educational' Marketers, Wired, January 3, 2003.
- S. David Brazer, They Have Brad's Name, Class and Phone Number, The Washington Post, December 22, 2002, at B2.
- Amy Harmon, Students Learning to Evade Moves to Protect Media Files, New York Times, November 27, 2002.
- Mary Shanklin, School Board votes 6-1 to share student names, Orlando Sentinel, October 9, 2002.
- High School Student Survey Companies Settle FTC Charges, FTC Press Release, October 2, 2002.
- With Court Nod, Parents Debate School Drug Tests, New York Times, September 29, 2002.
- Jayson Blair, Students' Privacy Records Found Outside City School, N.Y. Times, June 30, 2002.
- Mary Shanklin, District Handed Out Kids' Names, Orlando Sentinel, September 28, 2002, at A1.
- Robert Lemos, Secret Service Probes School Hackings, CNET News.com, June 20, 2002.
- Tracking Foreign Students, Editorial, N.Y. Times, June 17, 2002.
- Taming 'Animal House' students, Philadelphia Inquirer, May 31, 2002.
- Ohio Student Database Sparks Privacy Questions, Newsbytes, April 24, 2002.
- Taylor Loyal, Don't Leave College Without It Universities are cutting big-dollar deals with credit card companies, and students are paying the price, Mother Jones Magazine, March/April 2002.
- Reginald Fields, Students' personal data to go to state, Ohio Beacon Journal, April 19, 2002.
- State Supreme Court sides in favor of police roadblocks; it also allows schools to randomly test students for drugs, Indianapolis Star, March 6, 2002.
- Robert Gellman, Education statistics agency plays loose with privacy, Government Computer News, March 4, 2002.
- Daniel Golden, College-Survey Firm Quietly Peddles Student Information to Big Marketer, Wall Street Journal, December 3, 2001.
- Eric Hoover, The Lure of Easy Credit Leaves More Students Struggling With Debt, Chronicle of Higher Education, June 15, 2001.
- FERPA Fundamentalism: How a federal law designed to protect student privacy is being misinterpreted to injure press freedom, Student Press L. Center Rep., Vol. 22, No. 2, p. 35, Spring 2001.
- Education Department issues guidelines for release of campus court information, Student Press L. Center Rep., Vol. 21, No. 3, p. 4, Fall 2000.
- Credit Card Debt Imposes Huge Costs on Many College Students, Consumer Federation of America, June 8, 1999.
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.