Re: plain text email of grades

[Kevin Shalla <kshalla () UIC EDU>]

It seems to me that the university responsibility to properly deliver
ends when the university sends a message to an address that the
student supplied or when the student sets up forwarding to an
off-campus e-mail account.

By analogy with other mail, if the university send a grade report on
a postcard to a student who lives in an off-campus apartment
building, is it the university's fault that the postal workers had
the opportunity to see the student's grades? Is it different if the
student lives in the dorms, and the postcard is delivered via campus
mail to the dormitory?

Perhaps we shouldn't send grades via postcards or e-mail, but instead
send e-mail saying that grades are available, and that they should
log into the student database to see them.

I don't think internal / external e-mail is the issue here, I think
the issue may be that it's not appropriate to send private data to
e-mail at any location, because the e-mail system administrators
could view the data.

At 11:15 AM 10/19/2009, Plesco, Todd wrote:
> Here is a FERPA question which has sprung up as the result of a function
> in Blackboard:
> Has anyone performed a risk analysis of grades being sent plain-text to
> students'/guardians off campus email?  How do you ensure non-institution
> email accounts are still valid?  Do you accept that risk or only allow
> internal emailing of PII?
> Thoughts? Opinions?
>
>
> Todd A. Plesco  CISM, CBCP
> Chapman University, Director of Information Security
> One University Drive, Orange, CA 92866
> Phone: (714) 744-7979/Fax: (714) 744-7041