Home page logo

educause logo Educause Security Discussion mailing list archives

Re: email as directory info
From: "Shalla, Kevin" <kshalla () UIC EDU>
Date: Wed, 5 Jun 2013 16:32:50 +0000

For schools that leave the e-mail directory open to students and define it as FERPA non-directory information, isn't 
that a FERPA violation (because students aren't university officials with a legitimate education interest)? For those 
schools that define e-mail as FERPA directory information but require login to access, can't FOIA requests still get 
the data?


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Rosenthal, Jane E.
Sent: Wednesday, June 05, 2013 10:03 AM
Subject: [SECURITY] email as directory info

Hello all,
I've seen other U's that have the email directory behind the portal log-in-still allows for collaboration, but is not 
"public" or open to the world.  I would love to see this model here-just cuts down on external crawling of our site and 
protects the users.

We have 2 things at KU-one a student may choose to restrict their email address from showing up in the public/online 
directory if they do that in the privacy settings.

Second, at KU we have email as directory info, however, our policy states that email in bulk is not released due to 
privacy issues.
Further, our state Open Records/Sunshine laws allows us to not provide bulk listings e.g. name + email of all students 
if the requesting party is asking for the listing for purposes of selling goods or property to the list.  So you might 
check your state Sunshine Laws if you are a public and see if there may be an exception to disclosure of this type of 

Just a couple thoughts.  Has anyone with the information "behind the portal" experienced issues?

Rock Chalk~

Everyday is a Data Privacy Day
Respect Privacy | Safeguard Data | Enable Trust

Jane Rosenthal
Director | Privacy Office
Custodian of Public Records
785.864.9528 | Fax 785.864.4463
jer () ku edu<mailto:jer () ku edu> | www.privacy.ku.edu<http://www.privacy.ku.edu/>

Please consider this as a KU business communication and handle according to policy.  Please consider the environment 
before printing this note.
Thank you

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]