Educause Security Discussion mailing list archives
Re: plain text email of grades
From: Kevin Shalla <kshalla () UIC EDU>
Date: Mon, 19 Oct 2009 11:49:41 -0500
It seems to me that the university responsibility to properly deliver ends when the university sends a message to an address that the student supplied or when the student sets up forwarding to an off-campus e-mail account. By analogy with other mail, if the university send a grade report on a postcard to a student who lives in an off-campus apartment building, is it the university's fault that the postal workers had the opportunity to see the student's grades? Is it different if the student lives in the dorms, and the postcard is delivered via campus mail to the dormitory? Perhaps we shouldn't send grades via postcards or e-mail, but instead send e-mail saying that grades are available, and that they should log into the student database to see them. I don't think internal / external e-mail is the issue here, I think the issue may be that it's not appropriate to send private data to e-mail at any location, because the e-mail system administrators could view the data. At 11:15 AM 10/19/2009, Plesco, Todd wrote:
Here is a FERPA question which has sprung up as the result of a function in Blackboard: Has anyone performed a risk analysis of grades being sent plain-text to students'/guardians off campus email? How do you ensure non-institution email accounts are still valid? Do you accept that risk or only allow internal emailing of PII? Thoughts? Opinions? Todd A. Plesco CISM, CBCP Chapman University, Director of Information Security One University Drive, Orange, CA 92866 Phone: (714) 744-7979/Fax: (714) 744-7041
Current thread:
- plain text email of grades Plesco, Todd (Oct 19)
- <Possible follow-ups>
- Re: plain text email of grades Kevin Shalla (Oct 19)