Principles of Privacy in the University

Stanford’s two-page, available only in print, and outdated Principles of Privacy in the University outlines privacy protections afforded to students by Stanford University as an entity, while not specifically addressing privacy protections guaranteed to students from other Stanford students, staff, and faculty.  For example, the policy states “The University should obtain information only with the informed consent of the individual.”  Furthermore, if “information” can be interpreted as a student’s emails, data files, programs, and Leland account, then one might argue that Stanford is compromising students’ privacy rights, since Stanford Security Officers and/or system administrators are allowed to access a student’s emails, data files, programs, and Leland account without the student’s consent.  Accordingly, Stanford’s Principles of Privacy needs to clearly define “information” – ideally, this definition should be consistent with but more well-defined than FERPA’s definition of a student educational record.  There will be more discussion on Stanford Security Officers and/or system administrators being allowed to access a student’s emails, data files, programs, and Leland account without the student’s consent in the section about Computer and Network Usage Policy.  In the meantime, although Stanford’s Principles of Privacy in the University meets the requirements of the Fair Information Practices, it addresses privacy protection only as an issue between a student or individual and Stanford University.

Stanford’s Principles of Privacy in the University conforms well to The Fair Information Practices Principles.  The Fair Information Practices principles (The Fair Information Practices principles, U.S. Dept. of Health, Education and Welfare, 1973:  The Law of Privacy in a Nutshell by Robert Ellis Smith, Privacy Journal, 1993, pp. 50-51) serve to characterize privacy policies that provide adequate protection by supporting the following principles:

(1) Collection limitation. There must be no personal data record keeping systems whose very existence is secret. (No secret collection of information.)

(2) Disclosure. There must be a way for an individual to find out what information about him is in a record and how it is used.

(3) Secondary usage. There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent.

(4) Record correction. There must be a way for an individual to correct or amend a record of identifiable information about him.

(5) Security. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.

In response to principle (1), the privacy policy states that Stanford can only obtain information with the informed consent of the individual.  Stanford’s privacy policy address principle (2) by stating that individuals should be able to easily find out what information about them is being collected and what purpose it serves.  Stanford’s privacy policy states, “Personal information . . . derived from official University records should be disseminated outside the University only (1) with the consent of the person . . .” in response to principle (3).  In response to principle (4), the privacy policy states that individuals should be able to learn the content of information systematically maintained about them, thereby having the opportunity to make necessary corrections. Finally, with respect to principle (5), the privacy policy addresses:  nature of information being collected; purpose for which it is collected; population represented; persons to whom, and circumstances under which the information is made available; and life expectancy of files and computer records.  The privacy policy also promises that University collections of personal information should not include uniquely identifying data elements that interlock with non-University data systems.  For example, the government should not be able to interlock a social security number to identify a student to acquire personal information about the student’s University-related records.  

In sum, Stanford’s Principles of Privacy in the University addresses privacy protection only as an issue between a student and Stanford University, albeit it does so conforming superbly well to the Fair Information Practices principles. The policy needs to clearly define “information” as well as expand to address network privacy issues to protect students from other students, staff, and faculty.