Student privacy remains one of the top concerns for high schools, colleges, and universities as well as the students and their families. The educational centers are increasingly collecting and digitizing student records for easy access and information sharing internally and with other institutions. Similar to businesses, the educational institutions are not immune to online hackers interested in student records. Interestingly enough, there have been cases of students hacking into their college systems to view and modify test scores, however, while these student hackers look into their own information, they also sometimes violate other students’ privacy rights. The implication of the Internet can not be underestimated for online collection, storage and sharing of student personal records. Most educational centers have resorted to the Internet and online resources for processing applications and allowing students to select and pay for courses or modify their personal information.
As mentioned, the educational institutions are having some difficulties with protecting the students’ personal records technically, legally and operationally. Many colleges have implemented information security governance to comply with the Family Educational Rights and Privacy Act (FERPA) of 1974, also known as the Buckley Amendment, which provides legal guidelines regarding the privacy of student records. However, constant changes in the privacy environment and the US Patriot Act, which amends some provisions of FERPA, continuously force colleges to reexamine how they can protect student records.
There are certain domestic laws that affect the way student private information must be maintained in the United States which spell out the rights of students and responsibilities of educational institutions. For example, FERPA:
1- enforces the right of students to inspect their records,
2- allows parents or students to request a correction of erroneous student records when they are discovered,
3- forces schools to obtain written permissions for disclosing student records, although, student privacy may be disclosed without permission to some parties, and
4- recognizes the right of parents and students to opt out of school directory.
The laws do not discriminate and the US Patriot Act even requires school monitoring and disclosure of foreign student records to law enforcements which could potentially have privacy invasion consequences if requests are not justified. In conclusion, the educational institutions must implement policies, procedures and checklists to strictly comply with the laws while maintaining student privacy. In particular, electronic information and communication must be secured to allow only authorized access and prevent unauthorized disclosure.