EPIC Student Privacy Project

Student Privacy imageStudents do not shed all of their rights at the schoolhouse gate, including the right to privacy. Although recent Supreme Court decisions have diminished this right, there are substantial federal and state protections for the privacy of students' educational records. The most prominent of the federal protections for student privacy is the Family Educational Rights and Privacy Act (FERPA), also known as the "Buckley Amendment," FERPA protects the confidentiality of student records to some extent, while also giving students the right to review their own records.

Congress does not always expand privacy when it addresses the collection of student information. Another provision of No Child Left Behind mandates that high schools turn over student contact information to military recruiters, unless parents or students explicitly opt out of such disclosure. And in 2002, Congress amended FERPA, via the USA PATRIOT Act, to require schools to transmit information about immigrant students to the INS. Under this program, the Student and Exchange Visitor Information System, schools had to begin in 2003 reporting immigrants' academic information, such as disciplinary actions or changes in programs of study.

Top News

EPIC Student Privacy Project

Currently Featured Topics




Agency Comments

FTC Complaints


Additional Topics


Related Student Privacy Issues

Military Access to Students and Student Information

Two laws were passed in 2001 which make it easier for military recruiters to access high school students' contact information. The laws changed schools' previous ability, under the Family Educational Rights and Privacy Act (FERPA), to choose to whom they would release such information.For more information about this issue, see EPIC's DOD Recruiting Database page.

Tracking and Managing Student Information

Although the No Child Left Behind Act explicitly prohibits the creation of a nationwide student database, the Act does set up requirements for collecting information from students that may encourage school districts and states to develop new ways to track students. The NCLB requires each state to create procedures for "facilitating the transfer of disciplinary records" to any school in which a student enrolls or seeks to enroll. (20 U.S.C.S. § 7165). NCLB also includes vast guidelines and requirements for monitoring student achievement. Schools, districts and states will link test scores to, for instance, information like race and socioeconomic status. Some states have created unique identifiers for all students that can carry many pieces of information, and some of these systems have raised the concern of groups like the ACLU.

Federal Substance Abuse Records Laws: If a state law gives older minors the right to get treatment or counseling for substance abuse problems without parental consent, and school-based persons operate a program to provide that assistance, the federal laws require that any record in the student's file relating to the assistance be kept confidential—even from the minor's parents—unless the minor consents to a release.

Student and Exchange Visitor Information System (SEVIS)

In January 2002, FERPA was amended to permit the Attorney General to obtain a court order to collect education records from schools for the purposes of investigating or prosecuting terrorism. The Immigration and Naturalization Services (INS), in conjunction with a number of other federal agencies, is currently in the initial stages of implementing the Student and Exchange Visitor Information System (SEVIS).

SEVIS is an Internet-based system that allows schools to transmit student information to the INS for purposes of tracking and monitoring non-immigrant and exchange students. Accessible information includes a student's personally identifiable information, admission at port of entry, disciplinary information, and academic information, such as changes in program of study. Schools will be required to transmit such information to the INS for the duration of a student's stay in the United States. The USA PATRIOT Act requires that SEVIS be fully implemented by January 1, 2003.

Campus Identification Cards

Many colleges and universities are employing identification cards that are used to access every facility or service on the campus. The goal of these cards is to create a seamless system where students can purchase items or access services with just one card.

These systems of identification pose new risks to privacy and autonomy. First, such systems can create a log of students' movements, which later can be accessed by police or other authorities. There is also the problem of malicious student or employee access, caused in part by institutional hiring of students for positions where they can access the personal data of other students. With ubiquitous campus identification schemes, student employees or others may use the data to stalk or harass other students and employees.

Second, it creates an infrastructure that allows dataveillance. Such systems can allow secondary use of location or consumption data, much like supermarket-shopping cards are used now to profile what individuals purchase at stores. These cards eliminate cash transactions, and in doing so, may tie identity to every transaction. For instance, Blackboard's student identification system notes that it:

"Provide you [sic] users with identification cards and track user data. All user profiles are stored in a central database, and user data can be imported from a variety of commercial Student Information Systems (SIS)".

NuVision Networks, Corp. markets their student identification system as one that can accommodate a number of campus activities, including student voting:

"Voting We've taken all the work out of college voting. With Campus Center it's easy to manage complex voting situations involving an unlimited number of specialized groups. Votes can be multiple choice or Yes/No, and since the actual tally is constantly displayed for each vote, there is really no need to post results. Student can watch the voting as it happens from any network computer.

One cannot take "all the work out" of voting. Electronic voting is an extremely complex topic that implicates risks to the secret ballot, and inference with the vote. Bryn Mawr Professor Rebecca Mercuri, a leading authority in electronic voting notes:

Fully electronic systems do not provide any way that the voter can truly verify that the ballot cast corresponds to that being recorded, transmitted, or tabulated. Any programmer can write code that displays one thing on a screen, records something else, and prints yet another result. There is no known way to ensure that this is not happening inside of a voting system.

Another service offered by Blackboard, "Bb One," allows off-campus use of campus identity cards. This system specifically allows direct marketing based on the identification system:

Bb One™ is a transaction-based outsourcing solution that enables the acceptance of the university ID card as a form of payment off-campus. Bb One provides students with a cashless, safe, and secure way to transact on and around campus while offering parents the assurance that their funds will be spent within a university-approved network. Blackboard develops a comprehensive off-campus merchant network on behalf of each university and manages every aspect of the program from merchant acquisition to merchant support. Participating merchants also benefit from access to a university-endorsed spending program and direct-to-student and parent marketing programs.

The security of these identification systems is also questionable. Most of the systems operate on Windows platforms, which are particularly vulnerable to malicious cracking. Furthermore, Blackboard Inc. has employed the Digital Millennium Copyright Act to stop two students from delivering a lecture on the security vulnerabilities of the cards.

Third, and most importantly, pervasive identification systems acclimatize students to the custom of carrying an identity card and using it for routine purposes. We do not live in a society where individuals are required to carry identification, but these systems essentially force students to do so. Campuses that employ these systems are likely to breed a generation of students who don't see the fundamental privacy risks that flow from eliminating anonymous systems, and from requiring individuals to carry credentials.

Campus Credit Card Marketing

Financial institutions are very aggressive in attracting student customers. New students generally have no debt, and little understanding of how credit cards and compound interest work. Many financial institutions actually have exclusive credit card marketing agreements on certain campuses, where the school profits from the issuance of credit cards to students. The pursuit of students after graduation is also privacy invasive, as alumni associations receive payment for selling personal information to the credit card companies.


Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.


EPIC Bookstore

Communications Law and Policy

Communications Law and Policy
Jerry Kang and Alan Butler