System Upgrade Required: Student Information Protections for the 21st Century

System Upgrade Required: Student Information Protections for the 21st Century

When I was five years old, there was a power outage in my neighborhood. Frightened and confused, I remember hearing my parents mention that the electricity went out. What was that, electricity? The sound of the word itself hissed and crackled. I had nightmares of this ghost covered in a shroud of sparks and shadows. I knew its name, but my limited understanding could not make sense of such a complex and vital system.

Similarly, privacy can evade understanding and evoke our worst fears when it does not work effectively. Universities hold a staggering amount of information about their students: academic, health, financial, research, personal contact information. As students, we provide our information to our institutions trusting that our data will be handled responsibly.

This is a technical topic, but we are all connected to it. There is a reason to be concerned, and there is a reason to learn more. Privacy plays a unique role in higher education, and students are essential to the conversations that will determine the best steps moving forward.

There are two levels to the conversation about information access: privacy and security. Privacy deals with permission: with these rules, who is allowed to access this information? Security addresses capability: with this infrastructure, who is able to access this information? (Think of the “may versus can” distinction.)

Prior to attending university, I felt no need to be concerned about information privacy. I assumed the best intentions of everyone using my information, and I am fortunate to have not been adversely affected by my ignorance.  My advocacy work in college has made me keenly aware of the need for robust privacy frameworks for students. Each year, millions of students enter college and experience an unprecedented degree of freedom: their curfew, their meals, their wardrobe, and their information.

Our privacy policies often lag far behind our technology; the widening gap between what is permitted and what is possible leaves information vulnerable to exploitation. For instance, as a result of governmental and institutional policy on student records, my university’s directory of student information is accessible to external parties by default. Directory information includes student name, phone number, and physical address. A student may elect to suppress their information, but the burden rests on the student, not the institution, to remove information from public view.

Colleges have an opportunity to demonstrate their commitment to students by establishing an environment of trust when it comes to the treatment of student information. Recently, I authored a resolution to institutionalize student information privacy at my university, and the student government legislative body voted to adopt the resolution. The resolution made specific recommendations for the university to strengthen its information privacy protocol, and I continue to work on implementing those protections.

I am not alone in this work. More than 50 elected members of the undergraduate student government at my university voted to approve the resolution. After all, today’s students are tomorrow’s programmers, policymakers, and consumers. For example, engineering and computer science students lend immense technical know-how in navigating university databases, and international students and first-year students shape this advocacy with their experiences and positions.

When I bring up information privacy to fellow students, they might shrug and assume that the topic is too complicated for their opinion to be considered valid. I am working to make this dialogue an inclusive one. When I educate student groups about privacy, I rely on intuitive concepts instead of legalese and programming jargon. As the technology industry and the international community respond to data misuse, it behooves all of us to educate one another on information privacy.

Progress comes through education and ownership of our ability to enact change. With an elusive topic like privacy, it can be easy for a student to assume that they are not educated enough to use their voice. However, privacy is everyone’s conversation; it affects us each and every day, whether we know it or not.  Data and privacy are not going anywhere, and it is time to get to work.


Austin Kraft (pronouns: he/him/his) is a third-year undergraduate student at the University of Minnesota – Twin Cities, where he studies mathematics, linguistics, and computer science. This blog was previously published on the Young Invincibles blog

Image: “Electricity” by Mary Anne Enriquez  is licensed under CC BY-NC-ND 2.0.

Related Resources

  • FPF Perspectives

    FPF Responds to the FTC’s COPPA Policy Statement

    May 19, 2022

    On May 19, 2022, the Federal Trade Commission (FTC) held an open meeting where it approved a policy statement prioritizing enforcement of the Children’s Online…

    Learn More
  • Higher Ed Perspectives

    The Datafication of Student Life and the Consequences for Student Data Privacy

    Apr 11, 2022Kyle M. L. Jones (MLIS, PhD) Indiana University-Indianapolis (IUPUI)

    The COVID-19 pandemic changed American higher education in more ways than many people realize: beyond forcing schools to transition overnight to fully online l…

    Learn More
  • Blog

    So Much Data: Thinking About How We Govern with Data and How We Are Governed by Data in US Higher Education

    Apr 11, 2022Michael Brown, Assistant Professor of Higher Education and Student Affairs, School of Education, Iowa State University

    As a researcher who focuses on how US higher education institutions construct data systems to support students’ success, I find myself having the same conversa…

    Learn More