By Stacey Askew
Student personal information is just that — personal. However, a few students at Ryerson have found this right violated on Ryerson websites.
At academic council last week, President Sheldon Levy told professors and students to be aware of the dangers that come with posting student information online.
Some students informed the school that their names, student numbers and grades have been posted beside one another on Blackboard, in e-mails and on faculty websites. They feel this is a violation of privacy. It’s also illegal, according to the Freedom of Information and Protection of Privacy Act (FIPPA).
While private information sometimes seeps through Ryerson sites, it is far from an epidemic, said Julia Hanigsberg, general counsel and secretary for the board of governors.
“It’s not like this is a flood of things that have happened, but we’re not just waiting for more complaints to surface. We want students to know if they see anything they are concerned about they should let us know.”
The school has policies about how grades are to be posted. If teachers wish to post grades online, they should cut off the last two digits of the students’ number for security purposes.
Since June 2006, the school has been not only morally, but legally obligated under FIPPA to protect student information.
Hanigsberg believes the act might have helped students become more aware of their rights and caused them to report the recent breaches. Professors informed of the breaches said they had never heard of any and were aware that such actions violated school and government policy.
Ryerson Students’ Union (RSU) president-elect and current VP education, Nora Loreto, said that although she’s never considered student numbers and grades being posted online side by side an issue, the inclusion of names along with grading information is surprising. “With privacy laws being such an issue right now, I’m surprised this breach managed to go through at Ryerson,” said Loreto.
A University of Toronto computer science professor said the posting of student numbers and names together can contribute to “mineable information” on the web.
“There may have been a record of you and your student number for what seemed a completely legitimate use,” said professor Eugene Fiume, “but the moment a name appears with a student number on one page and then a student number appears with a grade on another page, there’s a way of getting grades.”
Fiume said it is likely that what happened at Ryerson has occurred at other universities. “Most (professors) are posting these things out of a simple desire to get information out to students without recognizing how public the information can become.”
In the United States, there have been at least two reported breaches in the last month and a half, both the result of technical errors. The breaches occurred on an even greater scale than those at Ryerson.
At a Sacramento community college, a student ‘Googled’ his name and came across his own and about 2,000 other student names, birth dates and social security numbers. At East Carolina University, 65,000 students, staff and alumni had their names, addresses, social security numbers and, in a few cases, credit card numbers posted online. Both issues were solved when the school became aware of them, but the pages that posted the info were reportedly up for a number of days before anyone noticed.
Hanigsberg said any breaches that have occurred at Ryerson were fixed.