The Cavalier Daily
Serving the University Community Since 1890

Jackie, FERPA and your right to privacy

What the discovery of Jackie’s information says about FERPA

On Dec. 7, 2014, a journalist released the full name of Jackie, the University student at the center of the Rolling Stone article “A Rape on Campus.” Following this, Jackie started receiving threats at her home address.

Jackie’s name was found via the website of the company University Directories, an arm of The AroundCampus Group that has since gone bankrupt. The University has a standing contract with University Directories to make its student directory, which, for the first time, it arranged to put online this year.

Public access to student directory information is allowed under and regulated by the Family Educational Rights and Privacy Act. Elements of FERPA allow students to request information that was otherwise not disclosed by universities. But, according to the U.S. Department of Education, under FERPA schools may disclose directory information without student or parental consent, so long as individuals are given enough time to request information not be disclosed — effectively an opt-out system. This request must come in a written document.

According to Carol Stanley, the University’s registrar, “[FERPA] was passed to allow students to have some authority over their academic information.” When the law was passed in 1974, universities were already providing information about students to the public. But the importance of FERPA is, as Stanley said, that it “gives the student ownership and authority over. . . information — there is a huge piece that’s the student’s responsibility.”

But the major downside of this opt-out system of releasing student directory information is that students may not know their information is out there. There is an explanation of students’ rights under FERPA on the Registrar’s site, and at the start of a student’s first year, the Registrar sends out an email detailing students’ rights under FERPA and the topic is discussed at orientation. But FERPA has so many layers to it — including academic information, not only directory information — that details can slip through the cracks. Moreover, should students find later in their University careers they wish to remove their information, at that point it may be too late.

This is primarily due to the switch the University is attempting to make from print directories to online-only ones. According to Susie McCormick, the assistant vice president for Information Technology Budget and Administration, the school is “in a process of trying to eliminate the printed phonebook.” This process took a dark turn following the Rolling Stone article, but reveals the problems with privacy flagging directories in general: should a student wish to make her information private years into her University career — which she is able to do — the information that was previously made available will still be available. With online directories, the chance of such information remaining public is obviously heightened.

Interestingly, while FERPA allows the release of directory information, it by no means requires it. According to Laurie Casteen, associate dean of students, “FERPA allows [the University] to give out information — it doesn’t require that you do.” The University doesn’t, for example, tend to release date of birth information, though it does release a number of other identifiers, such as name, home and school address, home and school phone number, email address, country of citizenship and photographic images — to name just a few.

It is easy to question the University’s decision to do this, if administrators do indeed have the ability to decide both what constitutes directory information and what they wish to divulge. But questioning University policy does not do justice to the obvious issues with FERPA as it exists now. The fact of having an opt-out system — as opposed to an opt-in one — makes it more likely students’ information will be released without their ability to restrict such releases. If the release of such information does indeed start with the student’s consent, students should be given the option to allow the release of their information, not the option to prevent its release.

The downside to restricting the release of directory information is that relevant information may not be accessible. For example, the University email addresses of students who request privacy flags become unsearchable. Other consequences can be worse. According to Casteen, “If a student has financial aid or requires other release of their information. . . they would need to fill out additional documentation.” This challenge is certainly surmountable, but still an inconvenience to students receiving financial aid.

Perhaps the answer to these issues lies in creating more nuance in FERPA: for starters, preventing the public from accessing directory information should not necessarily prevent the distribution of directory information within an institution of higher learning. While financial aid information may be more difficult to address, the possibility of allowing students to specify what information they would like private may enable schools to release financial aid information and not information like students’ photographs or other questionable materials.

In the meantime, the school has taken down the directory once on University Directories’ site, and, according to McCormick, does not intend to restore it in the near future — instead taking this next year to organize a better way to make an online directory available. But we should not leave this conversation at the University level: FERPA itself is a flawed law. Between 1974 and 2015, with the rise of the Internet, the accessibility of information has changed. With it, so should students’ ability to curb the release of their information.

Correction: an earlier version of this article included the name of the journalist and news outlet that reported Jackie's information. In order to ensure the protection of her privacy, this has now been removed.