There are many ways to define information privacy. Since the Cornell IT Policy Office is working with Professor Daniel Solove on assessing information privacy at the university, we have posted some basic concepts below, reproduced with permission from his Guide to Developing a Comprehensive Privacy Program (CUWebLogin required.)
Many commentators have lamented that the meaning of “privacy” is vague and elusive. According to Professor Solove, we should understand privacy is an umbrella term for a group of related yet distinct things. Privacy is about respecting the desires of individuals where compatible with the aims of the larger community. Privacy is not just about what people expect but about what they desire. Privacy is not merely an individual right – it is an important component of any flourishing community.
With regard to schools, some of the privacy issues include:
Cyberbullying occurs when students use the Internet (blogs, social media, texting, etc.) to harass, humiliate, or torment other students.
Students or employees can spread harmful, embarrassing, or discrediting information about other students or school employees.
Students or employees can spread false rumors about others.
Data Security Breaches
Personal information maintained in school record systems can be leaked, lost, stolen, or improperly accessed.
Personal information about students, employees, or other individuals can be improperly disclosed to others or the public.
Breach of Confidentiality
Secrets learned in confidence can be improperly revealed. Sometimes, these secrets should be revealed, such as when there is a duty to reveal such secrets when there is a health or safety threat.
School officials could engage in an improper search of a student or employee – either (1) without sufficient justification or suspicion of wrongdoing or (2) too broad or intrusive to achieve the purposes of the search. In addition to the Fourth Amendment, which regulates public schools, there are statutes that regulate both public and private schools.
The school’s use of surveillance cameras or monitoring of its computer network can cause problems if not appropriately limited or subjected to oversight.
To protect privacy adequately, all schools should develop a comprehensive privacy
program. A comprehensive privacy program is an orderly and thorough way to address all of the
school’s privacy risks by:
A comprehensive privacy program should ensure the privacy of everyone in the school community is protected—students, employees, families, alumni, donors, applicants, and others. A commonly asked question is, “My school has a program for following the Family Educational Rights and Privacy Act (FERPA). Is that sufficient as a comprehensive privacy program?”
No. Schools must do more than just follow FERPA, which covers just a fraction of the privacy issues schools must face. The Act does not address alumni and donor records, employee information, searches and surveillance of students, confidential information not maintained in records, cyberbullying, data retention and destruction, data security, sexting, and countless other issues. Dozens of other federal and state laws apply to schools.
A privacy risk includes any potential problems involving the collection, use, or disclosure of personal data by the school or by others within the school community.
There are several types of privacy risk:
All content on this page © TeachPrivacy, LLC.