Policy Initiatives

General Student Life

We spoke with a student affairs Stanford official to find out what Stanford has planned regarding student privacy protection. The official mentioned that student privacy was a high priority and is always carefully considered when the Stanford administration makes any decision that could influence it. A topic the official discussed at length during the discussion was Honor Code violations.  He specified that restricting and preventing access to other students’ work would help decrease the number of violations which come out of disciplines in which copying work is fairly easy – for example, computer science programs.

The official strongly felt that the University maintained a “need to know” only policy regarding private student information.   That is, no private student data is revealed, unless there are strong reasons that legitimize such disclosure.  However, he was not specific in terms of which individuals decide what defines “need to know”.

Regarding email lists and any monitoring of that medium, the official mentioned that there is little time for administration to come in and actually screen what traffic flows through those lists.

Stanford Security

For more technology-oriented policy background, we spoke with a Stanford computer and network administrator.  When questioned about Stanford’s privacy policy, the administratortold us that it has been an item on his agenda for quite some time now.  However, he has been so busy with other functions that he has been unable to find the time to revise the current policy from March 1984.   The administrator has already developed, in practice, many procedures concerning privacy but has yet to formalize them into policy.  He hopes to hire an assistant to take over some of his administrative responsibilities so that he can concentrate on developing university policies for the next two years.  When questioned about the approach he would take in policy development, the administrator told us that he would first research the privacy policies of comparable universities.  Since these policies are often very similar across institutions, this would serve as a good basis for composing a preliminary draft.  From there, he would solicit input from the different University constituencies (students, staff, faculty).  The administrator recognizes the immediate need for a privacy policy and comments that we cannot wait five years before developing Stanford University’s policy.

Regarding current practice, the administrator commented that all requests to compromise a person’s private files or even web server logs must go through him.  Since he controls this access, he has been able to limit privacy compromises as much as possible except in cases where Judicial Affairs or other legitimate parties request information.  If information from a user’s account must be gathered, only he can go into the account and extract the wanted data; user information is never simply divvied out. 

With respect to FERPA as well as other privacy legislation, the administrator has no control over student information, which is strictly handled by the Registrar.  However, he does manage actual user accounts on the Leland systems, as well as web logs.  The administrator is doing an excellent job of upholding the privacy of all users on campus to the best of his ability.  The only problem now is to put his practices into writing to provide public review of Stanford policy, and insure that Stanford students will be protected even after this particular administrator moves on.