Web Policy  |  Intranet  |  Contact SCHEV    
SCHEV Research Data Blog

The official blog of @SCHEVResearch at the State Council of Higher Education for Virginia. Discussions about our work, national higher education data policy, and highlights about the data we publish.


Recent Posts Blog Archives Subscribe Feed All Blogs

Rights & Privacy

by Tod Massa 10. November 2018 09:57

Yesterday I was sitting in meeting during a discussion of privacy laws and the changing landscape of data privacy. During the section on FERPA, I felt compelled to remind others that it is the Family Educational Rights and Privacy Act. Far too often the focus on FERPA is on privacy, forgetting that FERPA guarantees access to a student's education records and defines who has right of access to those records (the parents until age 18, and then the student; but parents who support college students as evidenced by claiming them as dependents for tax purposes may also have access). FERPA's roots are in the 1974 privacy act which also provides that citizens have a right to know and inspect the records that government keeps on them. 

Virginia's Government Data Collection and Dissemination Practices Act provides for the same rights of access and states basic principles for collection, use, and review that are key to good government.

C. Recordkeeping agencies of the Commonwealth and political subdivisions shall adhere to the following principles of information practice to ensure safeguards for personal privacy:

1. There shall be no personal information system whose existence is secret.

2. Information shall not be collected unless the need for it has been clearly established in advance.

3. Information shall be appropriate and relevant to the purpose for which it has been collected.

4. Information shall not be obtained by fraudulent or unfair means.

5. Information shall not be used unless it is accurate and current.

6. There shall be a prescribed procedure for an individual to learn the purpose for which information has been recorded and particulars about its use and dissemination.

In short, privacy law is not about keeping data secret and safe. It is about good and fair practices and the right of those the data represent to review the data. As we move into a new era of privacy, as with the European Union's General Data Protection Regulation (GDPR) which provides for the "right to be forgotten" our understanding and practice of rights of access and privacy will continue to evolve.  In yesterday's discussion of the GDPR and the right to be forgotten, there was mention of how some college students looking for a fresh start may wish to exercise this right to engage in a fresh start. This reminded me of the debates in 2004 during the IPEDS Unit Record Feasibility Study about the appropriateness of the federal government having a record of everyone ever enrolling in college, and whether or not someone formerly a student had a right to a fresh start by ignoring previous college experience.

So, these discussions are familiar. Ultimately, I suspect the answers will be tied to requirements and limits on student aid and public subsidies, which is where we left things in 2004. Sometimes it is indeed true that more things change, the more they stay the same.




blog comments powered by Disqus
Follow SCHEV Research on Twitter