Main Nav

All, This is certainly a good discussion and from a privacy perspective perhaps I have another vantage point. Let's back up on this discussion--the inquirer asked if email was okay/option to use in order to send grades to an individual student. Remember, whatever we recommend as a good/bad practice (and certainly email that is unencrypted or not otherwise through a secure system verifying the inquirer if not optimal.) However, lest we forget that the student is the holder of the "consent" or privilege of the privacy of their information and can approve any action regarding their private information. So, if for example the student provided a written, verified release to send info to them or anyone in the world via email, then they have the right to do so. That said, under FERPA, we cannot willy nilly send email to students and it is a poor choice to send info through email as anyone can grab it, see it, etc. The important part of this may be to have the professors understand that this can be a teaching moment regarding the student's privacy. The professor can set the tone from the first day by stating in the syllabus what will be acceptable and what will not. They can set the parameter of using Blackboard or another LMS for communication with the students and (drum roll) they can explain why they do this and the benefits of it. This is my $.02 but as this is Data Privacy Month, it would be a worthwhile discussion to have with faculty and staff regarding best options for private communication of private information. Jane Jane Rosenthal Director I KU Privacy Office Custodian of Public Records Office of the Provost The University of Kansas Tel +1.785.864.9528 I Fax 1.785.864.4463 jer@ku.edu I www.privacy.ku.edu This message may be confidential and is only for the intended recipient. If you receive it in error, please delete it and attachments from all systems/memory and notify the sender ASAP. Thank you. Rock Chalk! -----Original Message----- From: Mclaughlin, Kevin (mclaugkl) [mailto:mclaugkl@UCMAIL.UC.EDU] Sent: Friday, January 06, 2012 12:38 PM Subject: Re: FERPA and E-mailing grades I think that the cornerstone of Dean's argument was that a contractual relationship existed between the entities (in particular he referenced Google - not Yahoo, hotmail, ACME mail, etc. ) without that contractual relationship (just my opinion here) I believe that it is prohibited under FERPA. - Kevin Kevin L. McLaughlin, CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified Assistant Vice President, Information Security & Special Projects University of Cincinnati 513-556-9177 The University of Cincinnati is one of America's top public research institutions and the region's largest employer, with a student population of more than 41,000. cid:image002.gif@01C879E9.E20A0EF0 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Nathan Zierfuss Sent: Friday, January 06, 2012 1:22 PM To: SECURITY@LISTSERV.EDUCAUSE.EDU Subject: Re: [SECURITY] FERPA and E-mailing grades I have to agree with Dean. I'm not convinced FERPA prohibits providing students grades via email. In fact some CMSs can be configured to automatically email or text students their grades when the grade-book is updated. I use this feature and suspect most students do. My experience has been our institution is struggling with not being the source of a digital identity for students that we used to be and coming to trust the one students have established for themselves prior to entering university. I believe FERPA requires us to validate who we are communicating with but not to secure the communications methods they elect. Has anyone explored identity validation via credit report questions similar to what banks do when you open an account online and accepting gmail, yahoo, ect. as a students email address rather then issuing them a new one? Nathan

Comments

Excellent comments, Jane. Thanks!
My experience has been that the "teaching moment" is for faculty and not students ;-)  The situations have been driven by staff sending grades via e-mail because it is convenient and not driven by students requesting it that way. We do have 2 secure servers (one using Blackboard) for faculty to post grades, with one reserved for final grade posts. Most of the situations of transmission have been grades of assignments, projects, exams, etc., during the class and not the final posting.  We are trying to stop the habit, but the saddest issue of most of our society, and not an indictment of hard working faculty and staff, is we humans much prefer convenience over security.  Or at least that's my only explanation of unsecured mobile devices that auto-sync personal data to cloud systems. But that's another rant ;-)
 
Thanks again for your insightful additions to the discussion.
 
Bob
 


 
 
Robert E. Meyers,  Ms.Ed.
Educational Program Manager
  Office of Information Security
West Virginia University
office: (304) 293-8502
remeyers@mail.wvu.edu


>>> On Monday, January 09, 2012 at 10:52 AM, "Rosenthal, Jane E." <jer@KU.EDU> wrote:
All,
This is certainly a good discussion and from a privacy perspective perhaps I have another vantage point.  Let's back up on this discussion--the inquirer asked if email was okay/option to use in order to send grades to an individual student.

Remember, whatever we recommend as a good/bad practice (and certainly email that is unencrypted or not otherwise through a secure system verifying the inquirer if not optimal.)  However, lest we forget that the student is the holder of the "consent" or privilege of the privacy of their information and can approve any action regarding their private information.  So, if for example the student provided a written, verified release to send info to them or anyone in the world via email, then they have the right to do so.

That said, under FERPA, we cannot willy nilly send email to students and it is a poor choice to send info through email as anyone can grab it, see it, etc.  The important part of this may be to have the professors understand that this can be a teaching moment regarding the student's privacy.  The professor can set the tone from the first day by stating in the syllabus what will be acceptable and what will not.    They can set the parameter of using Blackboard or another LMS for communication with the students and (drum roll) they can explain why they do this and the benefits of it. 

This is my $.02 but as this is Data Privacy Month, it would be a worthwhile discussion to have with faculty and staff regarding best options for private communication of private information.

Jane


Jane Rosenthal
Director I KU Privacy Office
Custodian of Public Records
Office of the Provost
The University of Kansas

Tel +1.785.864.9528 I Fax 1.785.864.4463
jer@ku.edu I www.privacy.ku.edu

This message may be confidential and is only for the intended recipient. If you receive it in error, please delete it and attachments from all systems/memory and notify the sender ASAP.  Thank you.

Rock Chalk!


-----Original Message-----
From: Mclaughlin, Kevin (mclaugkl) [mailto:mclaugkl@UCMAIL.UC.EDU]
Sent: Friday, January 06, 2012 12:38 PM
Subject: Re: FERPA and E-mailing grades

I think that the cornerstone of Dean's argument was that a contractual relationship existed between the entities (in particular he referenced Google - not Yahoo, hotmail, ACME mail, etc. )   without that contractual relationship (just my opinion here) I believe that it is prohibited under FERPA. 



- Kevin





Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP, ITIL Master Certified

Assistant Vice President, Information Security & Special Projects

University of Cincinnati

513-556-9177



The University of Cincinnati is one of America's top public research institutions and the region's largest employer, with a student population of more than 41,000.



cid:image002.gif@01C879E9.E20A0EF0



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY@LISTSERV.EDUCAUSE.EDU] On Behalf Of Nathan Zierfuss
Sent: Friday, January 06, 2012 1:22 PM
To: SECURITY@LISTSERV.EDUCAUSE.EDU
Subject: Re: [SECURITY] FERPA and E-mailing grades



I have to agree with Dean. I'm not convinced FERPA prohibits providing students grades via email. In fact some CMSs can be configured to automatically email or text students their grades when the grade-book is updated. I use this feature and suspect most students do.



My experience has been our institution is struggling with not being the source of a digital identity for students that we used to be and coming to trust the one students have established for themselves prior to entering university. I believe FERPA requires us to validate who we are communicating with but not to secure the communications methods they elect.



Has anyone explored identity validation via credit report questions similar to what banks do when you open an account online and accepting gmail, yahoo, ect. as a students email address rather then issuing them a new one?

Nathan



Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.