Miami University collects a wealth of information about students using I.D. cards. When students purchase something at a dining hall or swipe into a building, that information does not just disappear but is stored electronically. Now that students use I.D. cards instead of keys to enter dorm rooms, the amount and detail of data the university collects has reached new levels, raising concerns about student privacy.
It is time to evaluate what information the university collects, why and for a shorter time period it is stored and under what circumstances it can be accessed.
Transaction log software is found within each swipe card and the new cards have more advanced software because now students need swipe access for their individual rooms instead of just to gain access to the building. This wealth of information creates a sort of record of students’ daily lives.
These records are not actively monitored because the information is protected by federal privacy laws. However, if the police or other university employees need access to the logged information, it is readily available. It is not clear whether there is a precise protocol for accessing these records.
The editorial board of The Miami Student sees problems with the current approach to managing this data. If this information gets into the wrong hands, it could be detrimental for students. According to the university, the information that is tracked monitors how often and when a student accesses his or her room and if a student tries to open a room they do not have access to. The argument is that the information has the potential to assist police and the Office of Ethics and Student Conflict Resolution (OESCR) to identify trends for delinquent students.
The board questions the necessity of the university keeping records of students’ comings and goings for one years time. Since the transaction log software is fairly new, the university appears to not have determined protocols on how to manage the data. At this time, the university is keeping the logged data for a year but that may be too long.
This board suggests the university reassess the security of the data logs. In order to ensure student privacy, significant measures articulating access policies need to be implemented. Moreover, the university needs to be transparent to students about how their movements are being tracked. Instead of relying on the code of conduct to detail the power of swipe cards, the university should tell students upfront when they first receive I.D. cards all that the system entails. Ultimately, students deserve to know what data the university collects.
This board would like to see an open dialogue between students and the administration about what data should be collected and what privacy rights students have.