I know where my friends live. I know where my boss and co-workers live. I might even know where you live.
I’m not a stalker ““ I just looked at UCLA’s campus directory.
By default, a student’s full name, title, phone number, address and e-mail address are public in the online directory. Online directory settings can be changed on URSA, but many students neglect to do so because they fail to closely read the website. I was surprised to see my own information ““ which I automatically assumed was private ““ in the directory.
Although I’ll admit it’s kind of fun to creep out my friends, this is no laughing matter. A case of mistaken identity was caused by the campus directory, which listed a student who happened to share the same name as a suspect in the December Rose Bowl stabbing. He was contacted by a reporter because his was the one listed in the UCLA directory (the actual suspect was not a UCLA student).
Until the student’s information was removed from URSA, he remained fearful that those seeking revenge would find him. Though this student’s case is certainly unique, making personal information readily available on URSA is a potential risk for everyone.
The UCLA directory was created through one of the school’s privacy policies and is based on federal law. This policy allocates some of the information the law deemed public in 1974 into an online directory, which currently has information on more than 33,000 students. UCLA cannot change the default settings on URSA because that would violate UCLA’s policy, according to university registrar Anita Cotter.
While UCLA must adhere to the Family Educational Rights and Privacy Act (FERPA), the aforementioned law designed to protect students by allowing them access to their own records, there was no legal obligation for the university to create an online database with the information so readily available. This easily accessible database is UCLA’s own creation ““ a technological advancement with undesirable side effects.
There is an unprecedented amount of “personally identifiable information” that is deemed public and that does not require prior consent.
Startlingly, this ranges from home address to even the height and weight of athletes.
I don’t want to be too cynical, but the potential for misuse seems to outweigh the necessity of public access to such information. Because FERPA only applies to students, they are the most vulnerable ones in the online campus directory. Professors and staff have office addresses, e-mail addresses and phone numbers listed instead of personal ones.
Since there is little benefit to having student information online, I propose that students be removed from the campus directory altogether and that outsiders requesting information on students go through the registrar’s office. Although FERPA does not require record-keeping, it would be in the students’ best interest for the university to keep a record of all inquiries regardless. At least, I’d want to know if a recruiter (or anyone else) had been poking around in my file.
I don’t foresee an acceptance of this radical policy change anytime soon, so until then, students must control their privacy themselves. Changing your default settings on URSA will take care of some basic information and let you take your name out of the online directory. But that doesn’t secure other information such as your sex, marital status and parents’ addresses, which can be used by UCLA External Affairs. To make this information private, you must submit a request in writing.
The highest level of security comes with a full FERPA hold which must be made in person and makes all public information private. However, this is not recommended because this prevents the school from verifying degrees for potential employers. University registrar Anita Cotter said there are very few of these holds currently in place.
Cotter also said that students who are not given a summer orientation may not know how to properly use URSA. This may have been a factor in the Rose Bowl incident ““ the student was not an undergraduate, but in medical school.
Although URSA has some important information about privacy settings on the site itself, it doesn’t have all the details and gives a false sense of security. A formal e-mail or letter to students would carry more weight and would show that UCLA puts students first and takes privacy seriously.
It seems ironic that the system meant to protect students is doing just the opposite. But until reform takes place, students must be constantly vigilant, and administrators should work toward greater transparency of the policy and reconsider the online directory.
E-mail Nijhawan at anijhawan@media.ucla.edu. Send general comments to opinion@media.ucla.edu.