Notice: This is a draft policy under consideration. It is not an official MIT document.


October 1997

STUDENT INFORMATION POLICY

DRAFT --- DISCUSSION DOCUMENT

1. PURPOSE
2. INTRODUCTION
2.1. Why is a revised policy needed?
2.2 What information is covered by this policy?
2.3 Who has responsibility for this policy?
2.4 Who should be consulted with questions about this policy?
2.5 Who should be consulted about the retention and destruction of student information?
2.6 Where will this policy published and made available to the Institute community?
2.7 What educational materials and programs will be made available to support the community in the implementation of this policy?
 
3. PRINCIPLES
3.1 Core principles: Privacy, Confidentiality, Security
3.2 Student information principles
3.2.1 Notification
3.2.2 Minimization
3.2.3 Reuse
3.2.4 Nondisclosure and consent
3.2.5 Need to know
3.2.6 Data accuracy, inspection, and review
3.2.7 Information security, integrity, and accountability
3.2.8 Education

 
4. DEFINITIONS

4.1 Education records
4.2 Non education records
4.3 Directory information
4.4 Lists of students
4.5 Inventory of education records and data pertaining to their use
 
5. DISCLOSURE OF STUDENT INFORMATION
5.1 Disclosure of student information to STUDENTS
5.1.1 Access to their records
5.1.2 Request to challenge and amend a record and the right to a hearing
5.1.3 Letters of recommendation
5.2 Disclosure of student information to INSTITUTE OFFICIALS
5.2.1 Disclosure of information for INSTITIONAL RESEARCH
5.3 Disclosure of information to FACULTY
5.4 Disclosure of student information to STUDENT EMPLOYEES
5.5 Disclosure of student information to PARENTS AND CUSTODIANS
5.6 Disclosure of student information to OUTSIDE AGENCIES
5.6.1 Disclosure of student information to OTHER ACADEMIC INSTITUTIONS
5.6.2 Disclosure of student information to GOVERNMENT AGENCIES
5.6.2.1 U.S. Immigration and Naturalization Services (INS)
5.6.2.2 Federal Bureau of Investigation and other security checks
5.6.2.3 National Institutes of Health, National Science Foundation
and other granting agencies
5.6.2.4 Commonwealth of Massachusetts
5.6.3 Disclosure of student information to ACCREDITING ORGANIZATIONS, AND STATE AND FEDERAL AUTHORITIES
5.6.4 Disclosure of student information for LEGAL PURPOSES
5.6.5 Disclosure of student information to the MEDIA
5.6.6 Maintaining a record of disclosures
 
6. POLICY OVERSIGHT
6.1 The Student Information Policy Committee
6.2 The Student Information Policy Officers
 

STUDENT INFORMATION POLICY -- DISCUSSION DOCUMENT

1. PURPOSE

The purpose of this policy is to inform students of their rights, and faculty and staff of their responsibilities as creators, custodians and users of student information. Recognizing that information about current (as well as former) students must be maintained for educational, research, and other institutional purposes, it is MIT policy that such information must be controlled and safeguarded in order to ensure personal privacy to the extent permitted by law. (P & P 11.2)

2. INTRODUCTION

2.1 Why is a revised policy needed?

MIT's policies on privacy and student information remain fundamentally unaltered. What has changed is that electronic systems have altered the way student information is collected, transmitted, and used. Electronic systems in a networked environment facilitate academic and administrative activities for students, faculty and staff. At the same time the increased access to information poses serious questions about how to implement MIT policies in this environment. Students, faculty and staff need guidance. The following document is therefore intended to:

2.2 What information is covered by this policy?

This policy covers all education records (see section 4.1 for full definition) of current and former MIT undergraduate and graduate students, and applies to information in all formats (paper, electronic, visual, etc.) that reside in all Institute locations. While applicants are not covered by this policy, application information submitted by students who are accepted and enroll at MIT, become part of their education record.

2.3 Who has responsibility for this policy?

Anyone who has access to student information in paper or electronic form is considered a custodian of these data. A custodian used to be the single officer who had responsibility for the maintenance and use of specific records. In a shared networked environment each person who has access to and uses student information has the responsibility to understand and abide by the regulations governing the use, security, accuracy and appropriate handling of those data. Improper use of student information is a violation of Institute regulations and may result in disciplinary proceedings within the Institute, legal proceedings outside MIT, or both. (adapted from P & P 9.7) As a data custodian, faculty and staff have the responsibility to understand and implement this policy.

2.4 Who should be consulted with questions about this policy?

The oversight for this policy will be carried out in two ways:
  1. Student Information Policy Committee – This committee will have ultimate responsibility for the oversight of this policy. (See section 6.1 for details.) (Discussion point – To be resolved is the question of who appoints this committee and to whom does it report, as well as the membership and responsibilities of this new group.)
  2. Student Information Policy Officer(s) – Each academic and administrative unit at MIT will name one or more Student Information Policy Officers (SIPO) who will serve as local information resources to respond to questions and monitor the appropriate use of student information. (See section 6.2 for additional details)

2.5 Who should be consulted about the retention and destruction of student information?

In compliance with MIT's archival policy (P & P #13.3) Institute records may not be destroyed without permission. The Institute Archivist in consultation with appropriate senior officers will make retention and destruction decisions about student information.

2.6 Where will this policy be published and made available to the Institute community?

The entire text of this policy will be published on the web (Discussion point – The appropriate location of the full text will have to be determined.) In addition, the entire policy or relevant portions will appear on appropriate websites and in other paper and electronic versions of publications including:

2.7 What educational materials and programs will be made available to support the community in the implementation of this policy?

Following the initial orientation that will be offered to the community about this new policy, educational activities will continue in three primary ways:
  1. A mechanism will be established to review this policy with the undergraduate and graduate students each year.
  2. Manuals of recommended procedures and best practices will be made available to the faculty and staff.
  3. Regular sessions will be held to review the policy and update the SIPOs.

3. PRINCIPLES

3.1 Core Principles – This policy builds upon the Family Education Rights and Privacy Act (FERPA) of 1974. The larger framework for the Institute's policy is based on the following three key principles (drawn from the National Research Council report, For the Record: Protecting Electronic Health Information, 1997):

Privacy – encompasses the rights and desires of an individual to limit the disclosure of personal information;

Confidentiality – recognizes that information may be released and shared for legitimate purposes as long as adequate provisions are taken to protect personal privacy. Confidentiality refers to the controlled conditions in which information is shared or released. These controlled conditions must be delineated in policies and procedures.

Security – consists of the tactics (e.g. policies and procedures, design and implementation of technical measures) established to protect information and systems. Such tactics are aimed not only at protecting privacy, but also ensuring the authentication, integrity, security, reliability and longevity of information systems.

3.2 Student information principles

In addition to the core principles, the following principles guide this student information policy. (Adapted from CAUSE. Privacy and the Handling of Student Information in the Electronic Networked Environments of Colleges and Universities, 1997)

3.2.1 Notification

Informed consent relies upon the knowledge that an individual has about the personal information that is collected and maintained about them. Notification is the means by which a student is informed about:

What information is collected,

Who is collecting the information,

From whom is it being collected,

Why the information is being collected (what are the intended purposes or uses),

What actions will be taken to protect that information,

What are the consequences to the student of withholding information,

What rights of redress such as inspection and correction does a student have.

The notification principle applies both to the information collected from and about each student. Annual notification of the students' privacy rights (as required by FERPA) should continue to appear in the Bulletin and other appropriate publications. The networked environment, however, suggests both the opportunity and obligation to provide more frequent notification. With each use of a student information system, students should be reminded of their rights and faculty and staff of their responsibilities.

3.2.2 Minimization

In making decisions about what information to gather and retain the guiding principle of minimization suggests that only the minimum amount of personally identifiable information should be collected to fulfill the students' and MIT's legitimate needs. Institute officials, working in conjunction with the Archivist, should determine how long these data should be retained.

3.2.3 Reuse

The principle of reuse, often referred to as "secondary use" addresses the constraints governing the reuse and dissemination of student information. FERPA incorporates the basic principle of privacy that restricts the use of information to the original purpose for which it was collected, or a use compatible with that purpose, unless additional consent is received. Recognizing that there are legitimate and important reasons for Institute officials to reuse student information, (e.g. institutional reporting and analysis) students must be notified of these intended uses when they are asked to provide information.

Reuse also refers to the prohibitions against further dissemination of student information. A member of the faculty or staff may have permission to have access to, download, print or use specific student information. However, that person may not further disseminate or transmit the information they receive to another person unless that use is totally compatible with the original approved purpose.

3.2.4 Nondisclosure and consent

Nondisclosure refers to the need to keep personally identifiable student information from third parties external to the Institute. The principle of consent, in this context, refers to the permission that must be obtained from the student to release personally identifiable information to third parties. While electronic systems can exacerbate the problems of the unwanted dissemination of information outside of the Institute, these systems can also facilitate the process of obtaining consent from the students about the manner of disclosure (print and/or electronic) and the specific data that the student agrees will be disclosed.

3.2.5 Need to know

The principle of need to know recognizes that faculty and staff may require access to student information. The Family Education and Privacy Act authorizes the disclosure of student information without a student's consent to a "school official" who "has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility." Therefore, this policy (in section 5.2) clarifies who are Institute officials and what activities constitute a legitimate need to know.

3.2.6 Data Accuracy, Inspection, and Review

MIT shares the responsibility for data accuracy with our students. FERPA grants students the right to review and correct information maintained about them. MIT has the obligation to facilitate this review process and also to ensure data accuracy, as well as the synchronization and currency of student information across distributed systems.

3.2.7 Information security, Integrity, and Accountability

These principles apply to student information in all formats, but are of particular concern for electronic records.

Security –protect student information from loss, damage, inappropriate access, and unauthorized disclosure or use.

Integrity - provide reasonable assurance that data, once entered, will not be subject to unauthorized modification, and that data will remain unaltered during transmission, storage, migration and reuse.

Accountability –monitor and record security-related events and link them to the originator.

Technical guidelines and collaborative solutions will be required to respond to these requirements.

3.2.8 Education

MIT has the obligation to provide continuing education to their students about their rights, and to the faculty and staff about their responsibilities in the administration of student information. The goal of such an educational effort must be to sensitize the community to the issues associated with students' privacy rights, and particularly about the steps that must be taken to protect this information in a networked environment.

4. DEFINITIONS – EDUCATION RECORDS, NON-EDUCATION RECORDS, DIRECTORY INFORMATION AND INVENTORY OF RECORDS

4.1 Education records

Under FERPA, "education records" includes all records, in all formats (print, electronic, visual, etc.) that are directly related to a student and are maintained by MIT. These include academic and administrative records that are created and maintained by the Office of the Dean of Students and Undergraduate Education, the Graduate Education Office, the Registrar's Office, Bursar, Student Financial Aid, Undergraduate Research Opportunities Program, academic departments and advisors, standing committees of the faculty, the Association of Alumni and Alumnae of MIT, and the Archives.

Examples of education records include:

4.2 Non-education records

The following records are NOT considered education records under FERPA:

4.3 Directory information

Certain categories of personally identifiable information are designated by the Institute as directory information and may be released without the student's prior consent and without a record being made of these disclosures. This information includes:

(Discussion point – Should photographs of the students, such as those on the MIT Card and class lists, be included as directory information?)

Students have the right to restrict any combination of the above information from either the on-line and/or the published version of the directory. (WebSIS contains information about how students may restrict information.) (see P & P section 11.3.2)

The Student Directory, which is published yearly in the fall, and equivalent electronic versions, are intended primarily for use by members of the MIT community. MIT telephone operators will normally provide only a student's term phone number in response to an individual inquiry from outside MIT. Providing the Student Directory or similar listings to persons outside MIT or using the Student Directory or similar listings for non-Institute purposes is a violation of Institute policy. However, MIT is not able to prevent the dissemination and use of directory information once it is acquired by outside parties. (P & P 11.3.2)

4.4 Lists of students (e.g. electronic class lists)

(Discussion point – What policy does the Institute want to have on the distribution of lists of students, (both paper and electronic versions) such as class lists? Do we need different policies for internal vs. external distribution? Do we need a policy also on the distribution of lists that include images of the students such as electronic class lists?)

4.5 Inventory of education records and data pertaining to their use

To support this policy and provide adequate notification to students about the information that exists about them, a list will be maintained indicating the location and types of education records at MIT (in paper and electronic form) and the officer to be contacted about those records. This list will appear… (Discussion point – The location of this list and the responsibility for maintaining it will have to be determined.) Though not comprehensive, the goal will be to be as inclusive as possible.

Each Institute office that maintains records, files, and data pertaining to students should also maintain a record of the persons who have had access to the office's files, records, and data. In addition, each office should periodically take inventory of its records, files, and data on students and review that information is being retained for appropriate periods of time and that it is being maintained to ensure both security and future needs. (P & P 11.3.5)

5. DISCLOSURE OF STUDENT INFORMATION

The following sections describe the rights of students to have access to and control their records and the conditions under which others may have access to student information.

Disclosure of information in educational records to persons within or outside the Institute, except as indicated below, requires the student's written consent. The written consent must be signed and dated and must include a specification of the records to be disclosed, the purpose of the disclosure, and the party to whom the disclosure may be made. Upon request, the student shall be provided with a copy of a record that is disclosed. A record of each request and of each disclosure must be made part of the student's educational record. (P & P 11.3.2)

In emergencies, Institute officials can provide information from education records to protect the health or safety of the student or others. (FERPA)

5.1 DISCLOSURE of student information to STUDENTS

The Family Education Rights and Privacy Act of 1974 (FERPA) gives students certain rights, consistent with the privacy of others, to review records, files, and data, including information stored in computer media, held about them on an official basis by the Institute, and also gives students the rights to challenge the content of those records, files, and data that they believe are inaccurate, misleading, or otherwise in violation of their privacy and other rights. This act also imposes certain controls on access to information about students. (P & P 11.3)

5.1.1 Access to their records

All education records of the Institute that are identified with an individual student or former student will be available for review at the request of that individual. Students will not be given access to those records defined in this policy as non-education records (see 4.2 above) nor to confidential letters of recommendation (see 5.1.4 below). In addition, an individual shall not be permitted to review those specific portions of his or her education records that refer to other identified students. (P & P 11.3.1) A student may make a request to see their record directly to the custodian of the record or the Office of the Dean of Students and Undergraduate Education. The right of access includes a right to an explanation or interpretation of the record, and the right to obtain copies of the record.

5.1.2 Request to challenge and amend a record and the right to a hearing

A student may challenge and/or add to the content of his or her educational record to ensure that their records are not inaccurate or misleading, or in violation of their privacy or other rights, and to correct or delete any inaccuracies or misleading or otherwise inappropriate data contained in their record. The substantive judgement of a faculty member about a student's work, expressed in grades and/or evaluations, is not included in this right to challenge.

Challenges should be submitted to the custodian of the record or through the Office of the Dean of Students and Undergraduate Education, or the Dean for Graduate Education. (P & P 11.3.1) The student will receive a written response to their challenge within ____ days. If the decision is not to amend, remove or destroy the challenged record the student has the right to a formal hearing within ___ days. The content of the student's challenge will remain a part of the record regardless of the outcome to the challenge. (Discussion point – Is it sufficient to say that students will receive "a prompt response" or should the policy specify the number of days allocated to these procedures? In addition, several institutions also include very detailed information about the hearing procedure. Do we need such detail in this policy?)

5.1.3 Letters of recommendation

Candid appraisals and evaluations of performance and potential are an essential component of the education process. With appropriate permission, the provision of such information to prospective employers, to other institutions, or to other legitimately concerned outside individuals or agencies, is in the interest of the student. A student's request for a letter of recommendation to be written by Institute faculty or staff constitutes consent to disclosure and should, therefore, be made in writing.

A student or former student may voluntarily waive his or her right to review or receive copies of letters of recommendation or other documents sent to MIT or written by a member of the MIT faculty or staff in connection with admission to education institutions, employment, or consideration for an honor or recognition. Such a waiver must be in writing and must include adequate identification of the concerned individual, the author of the letter, and the purpose for which the letter in intended. Such waivers must not be required as a condition for admission to, receipt of financial aid from, or receipt of any other services or benefits from an agency or institution. Faculty and staff should take care not to encourage waivers unnecessarily. (P & P 11.3.3)

5.2 Disclosure of student information to INSTITUTE OFFICIALS

Institute officials, both faculty and staff, who have a legitimate education interest may have access to student information needed to fulfill his or her professional responsibility without prior consent by the student. An Institute official is a person employed by MIT in an administrative, supervisory, academic or research, or support position (including law enforcement unit personnel and health staff); a person or company with whom the Institute has contracted (such as an attorney, auditor or collection agent); a person serving on the Corporation; or a student serving on an official committee, such as a disciplinary or grievance committee, or assisting another school official in performing his or her tasks. (From FERPA's model notification of rights document.)

Examples of responsibilities that constitute a legitimate need to know include:

5.2.1 Disclosure of information for INSTITUTIONAL RESEARCH

Included among the professionals whose responsibilities constitute a "legitimate need to know" are those MIT officials who carry out institutional research: the analysis of data, including information about students that supports the evaluation of educational programs and more broadly, the planning and decision-making by the MIT faculty and staff. Also included in institutional research is the reporting and analysis required by government and other outside agencies. Recognizing the legitimate nature of this work, it is also understood that research protocols must ensure the privacy of the subjects of this research. The following principles will guide this work. (Discussion point – What is the appropriate level of detail for the following principles?)

5.3 Disclosure of information to FACULTY

Members of the faculty are included, of course, as institute officials (in section 5.2 above) as they have legitimate needs for student information as teachers and advisors. This section addresses some additional issues particularly for the faculty and the staff that supports their work as teachers and advisors.

Electronic communication has transformed the teaching process and will continue to facilitate greater communication among faculty, students, and staff. Email and web based course work will remain central to the education process. Recognizing the benefits inherent in the technology, some precautions must be taken to insure personal privacy and the confidentiality of education records.

5.4 Disclosure of student information to STUDENT EMPLOYEES

Some students are employed at MIT in academic and administrative offices where their responsibilities give them access to education records of other students. When this is the case:

Student employees will be asked to review written policies that stipulate their requirement to maintain confidentiality, and each student will sign an agreement agreeing to abide by these conditions. (Note: This is the current procedure followed in the Student Financial Aid and Student Employment offices.)

Access to information (such as MITSIS) for each student employee will be as limited as possible for them to accomplish their specific assigned responsibilities.

5.5 Disclosure of student information to PARENTS and CUSTODIANs

FERPA prescribes that once a student has reached the age of 18 or has enrolled at a post-secondary institution, the right of access to the students' information passes from the parent or custodian to the student. MIT, therefore, protects the privacy of their students by restricting access to personally identifiable information (other than directory information) to the students themselves. Parents, family members or custodians contacting the Institute for information about a student should be referred to… (Discussion point – Can we establish one central contact point for the parents such as thee Student Services Center?)

5.6 Disclosure of student information to OUTSIDE AGENCIES

Except in cases of court orders and legal procedures or when the student consents, all educational records that are released to persons or organizations outside of MIT must be released on the condition that they will be used only for their stated purpose and that no other party will have access to them without the student's written consent. The disclosed material should contain an agreement to the effect that acceptance of these materials constitutes an agreement to abide by this condition. FERPA also permits the disclosure of disciplinary actions in certain specified circumstances. (P& P 11.3.2)

5.6.1 Disclosure of student information to OTHER ACEDEMIC INSTITUTIONS

Under FERPA, education records may be disclosed, without a student's prior consent, to officials of another educational institution in which the student seeks or intends to enroll, or in which the student is enrolled concurrently. In such cases, the student must be notified of the disclosure, provided with copies of the disclosed records if he or she requests them, and granted an opportunity for a hearing to challenge the contents of the disclosed records.

5.6.2 Disclosure of student information to GOVERNMENT AGENCIES

5.6.2.1 – U.S. Immigration and Naturalization Services (INS) – Students who hold temporary, non-immigrant visas with F-1 classification are required by the U.S. Immigration and Naturalization Services (INS), when applying for these visas, to authorize MIT to release to INS, upon its request, certain information and documents about themselves. A detailed description of the information subject to these requirements may be obtained from the International Students' Office. It is MIT's policy to release such information only to the extent required by law. (P & P 11.3.2) Refer questions about international students to… (Discussion point – To whom should these questions be referred?)

5.6.2.2 – Federal Bureau of Investigation and other security checks – (Discussion point – What are the accepted procedures? Who handles these requests, and to whom should questions be referred?)

5.6.2.3 – National Institutes of Health, National Science Foundation and other granting agencies (Discussion point – We understand that MIT is required to send annual reports to these agencies about graduate students who receives support. Who at MIT is responsible for these reports?)

5.6.2.4– Commonwealth of Massachusetts – Massachusetts law permits local municipalities, such as the cities of Cambridge and Boston, to obtain census information, similar to directory information, pertaining to students living in MIT residences.

(Discussion point - ARE THERE other government or outside agencies that should be included? ROTC?)

5.6.3 Accrediting and professional organizations, and other state or federal authorities

Student information can be released to these organizations when the information is needed to monitor, audit, or evaluate educational programs or for the enforcement of federal legal requirements related to educational programs. (MIT example AAU-AGS annual study of graduate students and CGS/GRE Survey of Graduate Enrollment) (Cornell University and other academic institutions include a list of specific federal authorities, e.g. Comptroller General, Department of Education)

5.6.4 Disclosure of student information for LEGAL PURPOSES

Subpoenas and court orders requesting information about a student(s) should be directed to…(Discussion point – To whom should subpoenas be directed: to the Dean of Students and Undergraduate Education or the Dean for Graduate Education?) In such cases, the individual student(s) will be notified of the request as soon as possible and the required information can be released only by an authorized officer of the Institute. (2nd sentence P & P 1.3.2)

5.6.5 Disclosure of student information to the MEDIA

Requests from the media about current and former students should be directed to the News Office. Permission from the student and…an "Institute official" (Discussion point – Who is the appropriate Institute official?) are required for the release of anything other than directory information.

5.6.6 Maintaining a record of DISCLOSURES

Each Institute office that maintains records, files, and data pertaining to students must also maintain a record of the persons who have access to the office's files, records, and data. (P & P 11.3.5) Information about each disclosure of information from an education record must be maintained as part of the student's record. (FERPA)

6. POLICY OVERSIGHT

Two mechanisms will be used to oversee and monitor this policy:
  1. The Student Information Policy Committee
  2. The Student Information Policy Officers

6.1 The Student Information Policy Committee

The purpose of the Student Information Policy Committee is to:

Structure and appointment (Discussion point – To be resolved is the question of who appoint this committee, to whom does it report and the membership. Among the possibilities to be considered is that this committee could be appointed by and report to either the Faculty Policy Committee or the Dean of Students and Undergraduate Education. Membership could include:

6.2 The Student Information Policy Officers

Each academic and administrative unit at MIT will be asked to name one or more Student Information Policy Officers (SIPO). Ideally the person(s) named will be a member of the faculty and/or staff who already has knowledge of and responsibility for student information issues. The SIPO will act as a local information resource responding to questions from faculty, staff, and students about access to and appropriate use of student information. They will review and advise about all local requests for reuse of student information. Questions that the SIPO's cannot answer should be referred to the Student Information Policy Committee. Regular briefings will ensure that the SIPO's are informed of new legislation and policy changes that affect access to student information.