University officials explain online privacy policy

May 18, 2011, 2:02 a.m.

University officials have confirmed that all electronic information transmitted on the Stanford network is accessible to privacy officers and other administrators.

In an email to The Daily, privacy officer Susan Weinstein ’72, MBA ’79, wrote that the University has access to “all electronic information stored on its systems.” This includes all emails sent to @stanford.edu addresses, Zimbra accounts, chat lists and any website requiring an SUID to log in, such as Coursework.

However, Weinstein maintains that the University does not routinely police this information. It is only retrieved in one of two situations.

“Since the University respects the privacy of its community, Stanford only accesses electronic information when necessary to complete an investigation, or if access is required to maintain its systems and keep them fully operational,” Weinstein said.

“In those rare instances when the University has a need to access this information, the access is limited to the minimum necessary to accomplish its purpose,” Weinstein said.

The reasoning behind this access lies in the University’s responsibility for all uses of its technological resources.

“When the @stanford.edu email address officially became the primary email address for students about four years ago the intention was that it be used for Stanford business only,” wrote Greg Boardman, vice provost for Student Affairs, in an email to The Daily. “When we create email address distribution lists internally they must meet that criteria…All are supposed to be for University business only and all should allow students to opt out. They are not to be shared or dispersed to other students or staff.”

All of this is in accordance with the U.S. Department of Education’s Federal Educational Rights and Privacy Act (FERPA), which prohibits educational institutions from sharing with outside sources much of the personal information they retain about students.

The notable exception to this policy is information transmitted over Stanford’s network — from a desktop, laptop or mobile device — which can only be accessed while in transit.

“Once transmission is completed, the information may only be accessed if stored on Stanford’s servers,” Weinstein said.

There are, however, several ways students can opt out of sharing personal information. Axess allows individuals to dictate what personal information will be shared on StanfordWho, the University’s public directory. Furthermore, some University-wide surveys are not sent to students who have indicated a preference against this practice.

“If a study/survey has been approved because it supports the academic mission of the University, one of two things happens concerning privacy: 1) if it is a survey approved by the Provost’s Office, all students are included; 2) if it is a study or survey that is approved but not directly related to an internal purpose, students who have requested privacy are excluded,” wrote Boardman.

“An example of the first would be the Senior Survey or the Enrolled Student Survey that we do every 4 years,” he added. “Examples of the second kind are specific studies run by a few faculty whose study will support and inform academic policy.”

Billy Gallagher contributed to this story.



Login or create an account