Administrative Experience
Question 2.6 Details

What security and privacy policies are in place to protect student information?

Security and privacy are easily confused, but they are very important when it comes to how a campus manages your valuable personal information and what rights you have to control that information.

Security policies cover a campus's rules for protecting information, networks, and computers from unauthorized access and harm. In campus information systems, there will usually be two key elements in controlling access: authentication and authorization.

Authentication is the procedure by which individuals must identify themselves to the system, typically using (1) a username or ID and (2) a password. The process of authentication enables the system to recognize you as a specific individual and not an impersonator.

Find out how and when the campus will supply you with a user name/ID and start–up password. Will you have to go to the campus computing center or some other administrative office for this? If you established an ID and password during the admissions process, will those carry over to when you officially become a student? Will you have to change your password periodically as part of the campus security policy? Does your password have to have a special combination of letters, numbers, symbols, and capitalization? What happens if you forget your username/ID and/or password? Will you need different sets of usernames/IDs and passwords to log into different information services, or will one set work for all of them? A well–designed security process should walk you through this process and enable you to easily find answers to frequently asked questions.

Authorization is the second step in accessing secure information. Once you have been authenticated, or recognized, through the login process, the system will show you just what information you can see and what you can do with it, specifically, what you are "authorized" to access. Not everyone on a campus can see and update the same information. As a student, you will have access to a defined range of information about yourself and the campus. You will not have access to other students' sensitive information (such as grades) as a staff member in the student records office would. Find out what information and services you will be authorized to access. See questions 2.1, 2.2, and 2.3 on specific information you might be able to access and update.

Privacy policies explain the rules governing the use and protection of your personal information, including who can view it, who can change it, and what your rights are in controlling and managing this information. A privacy policy, in part, fulfills the campus's obligation to comply with federal and state laws that cover personal information. Most public institutions' privacy policies are subject to their states' "open records laws," which allow some information to be accessible to the public and other information to remain private. Find out where, online and in print, you can review the campus's privacy policies. Which office is charged with helping students if they have questions about their privacy rights? (This is usually the registrar's office, but it could be a student services/student affairs office, an office of judicial affairs, the advising center, or computing and information services.) Get answers to the following questions

• Who else has access to personal information, and under what circumstances? Faculty members? advisors? administrators? parents?
• Is certain personal information protected from inappropriate access, such as by individuals on the Internet looking through online directories?
• Can you allow certain information to be publicly accessed ("directory information") while blocking other information? Do these preferences have to be updated annually, or do they remain unchanged until you request? Where and how do you do this?
• Can people outside of the institution access personal information, such as campus address, phone number, or e-mail address?

Be sure to review the important related questions in this section on identity theft (2.7) and privacy rights under the Family Educational Rights and Privacy Act (2.8).