Privacy for College Students

hi everyone thank you for being here like April said my name is Jessie I'm a student I've been for the last couple years now but my interest in privacy actually started way before that it happened to be one of the factors that I considered when I was weighing whether or not getting a college degree was right for me in the first place and if it doesn't now hopefully by the end of this talk it'll make a little bit more sense why we'll talk a little bit about what sort of information colleges collect how they use that information and some tips for anyone who wants to minimize their exposure so let's jump right into what sort of

information colleges collect it all starts at the application Phase One of the things one of the first things you'll do is fill out a FAFSA form this is a free application for federal student aid this is a requirement for obtaining student loans grants a lot of scholarships will also ask you for this information some States including the state that I live in also make this a requirement to graduate from high school and what this is going to do is it's going to link your tax records with your education records and up until you turn 24 not only will it have your tax information but it'll have your parents tax information as well now there's a couple exceptions to that

so if you're married if you have kids if you were an emancipated minor then you might not have to provide your parents tax information but if those don't apply to you chances are you'll have to and the schools get all of the information that you provide on this form including a section where they ask you to list the schools that you want to make your information available to and what they found is that a lot of students will actually rank that list they'll put those schools in order of preference and schools have been known to make admissions decisions based off of that if they fall very low on the list you might not get admitted at all

or if they're high on the list you might get admitted but they might not offer you as much financial aid they might also want your sat and your ACT scores when you provide them with that report it'll include your birthday your sex your high school and the date and location of your testing and of course your scores can affect admissions decisions for me I was a little bit older when I first enrolled in college so I do need to do this part those scores were already a little bit outdated so instead I just had to take a few placement tests so if you don't want to provide those scores then you can always reach out to

the school and see if they'll let you take a placement test instead your application is going to be different for every school but a lot of your demographic information will overlap with what you put on your FAFSA form besides that they'll probably want to know a little bit more about your background and about your goals and how they fit into that and then after you get admitted while you're a student they're going to continue to collect information about you and I'm sure you can probably guess what some of that information looks like they want to keep track of your grades your achievements any disciplinary action even in some cases your online habits if you're involved in any

organizations or study groups you'll probably have to download extra software like messaging services to keep in touch with them and all of those extra applications are going to also collect information about you and it's really up to the school how they want to handle approving software and to what standard of security that needs to live up to your professors are given pretty broad discretion when it comes to requiring software of their students for classes I've had to download things like text editors for coding classes another very common one is proctoring software there's a few different ones but what this will do is it'll make it so that you can't access any other applications or browser tabs

besides the exam that you're taking um and you can see in this screenshot here canvas has its own built-in doctoring software so what this allows your professor to see is how long you spend on each question and if you move to any browser tabs while you're taking this test now if that seems a little invasive to you there are some browser extensions that you can use that will prevent canvas from being able to see if you're moving between tabs a forensic investigator would probably still be able to see that something is blocking that but it shouldn't show up on canvas like this is available to you if you want it but really they're going to chalk this level

of monitoring up to ensuring academic integrity they want to make sure that students get the grades that they deserve and when you're in person and they can see you taking a test on paper it's a lot easier than when you're virtual and they can't necessarily see all of that so they're going to use these extra tools to help them out they might also be interested in your employment status so for example for me I'm in an apprenticeship so my school and my employer freely shares information between each other so my employer knows my schedule how much I'm paying um how I'm doing in my classes they can even share information like what my stress levels are like during exams and

if that's affecting my work I mean of course they would only know that if I told them but at that level of sharing sounds invasive to you then maybe that's something that you want to consider when you think about whether or not you want to go to school and work at the same time and how much of that activity you want to share between either party now when we talk about how they use their information there's going to be a few different laws that will sort of serve as guiding principles now I'm not a lawyer so if you want more information about these laws specifically I would recommend maybe going to the source I've included a

couple links to these at the end so you can find that there um this is just based off of my understanding from what I've read the big one here is this federal law the family educational rights and Privacy Act this is supposed to protect student information while they're in school and this only applies to schools that accept funding from the Department of Education so if you go to a private school this might not apply to them although many private schools do still accept funding from the Department of Education and this grants rights to your parents to protect your privacy up until you turn 18 or enroll in college and then those rights transfer to you you have

the right to access your educational records you also have the right to seek to change those so your school does not have to change anything they're only required to hear you out about it and if you and your school disagree about some of the accuracy of your information you have to request a hearing and defend your position and they can still decide not to change anything and sometimes different schools will have their own policies that require you to request changes within a certain period of time and you can find their verbal policies on their website you should also have control over how your information is shared except in certain circumstances and there are plenty of exceptions we'll go over that

in the next couple slides there's even more exceptions than these for example if you're involved in disciplinary action that might still be reported to your parents especially if it involves underage drinking also if a faculty member overhears or otherwise personally comes across information about you even if it's in your student record then that might not be protected under FERPA anymore and that's true whether or not you live on or off campus if you live on campus there might be higher levels of monitoring but even if you don't live on campus and a faculty member comes to find out information about you they can probably share that however they want one of the big exceptions is this first

one here school officials can access your personally identifiable information as long as they have legitimate educational interest in it now the school gets to Define what these terms mean a school official can include any of the staff at the school and it can also include anyone that they've outsourced their work to so if you want to know how your school is defining these terms that should also be on their verbal policy on their website also if your parents still claim you as a dependent on their taxes then they can still access your records now there's one big one that I didn't put on this slide here and that's directory information this is what gives your schools the ability to publish

yearbooks and Student Activities on their website so this is information that the school doesn't need your consent to give out this information that's not deemed to be private or harmful to you if it were to be released and that conclude any of the information on the left side of this slide here and more your school gets to decide what they consider directory information there's a couple things that they're not supposed to include such as your social security number but in 2012 the circumstances expanded so that your social security number your grades and other private information can still be shared with evaluating and government agencies who can then re-share your information in ways that probably isn't going to be

dictated by FERPA if they're not a educational agency so you can find out how to opt out of sharing your directory information and sharing your information with military recruiters and what the deadline is to do that by on their website it might be difficult to find I know it was difficult to find on my school's website so if you're having a hard time with that you could also probably contact the office of records and registration and they should be able to help you out now before we move on I think that it's worth noting some laws that may or may not apply in addition to this Federal one here there might be some state laws that also

protect student privacy that might be applicable here it's also very common for schools to ask for certain vaccination records but it's important to keep in mind that schools are not medical facilities so hippolas may not apply to them some states also have laws that protect your Public Library records many of them do consider your library records to be private information but that only applies to public libraries if your school has a private Library they might not fall under that if you're involved in any registered student organizations those may not be subject to FERPA so they could probably share the information that you give them however they want hopefully they have a privacy policy you can check with them

on that but these are student-run organizations that we're talking about here International laws might also apply for example if you're residing in Europe you might get some additional privacy benefits there but that only applies to the time that you're physically there the moment you come back to the United States and continue to share information about yourself you probably won't be protected by those European laws anymore it goes back under FERPA at that point so with that in mind let's talk about some of the things that we can do now there's always going to be some risk if someone wants your information they can probably get it but we can make it harder for them at least nothing's

perfect but we can have some peace of mind in the case of the data breach by following some of these steps that's what the first few bullet points are about it starts all the way back at the application process we want to be mindful of the information that we provide there this might be a good time to provide some misinformation or the very least a layer of Separation in case of the data breach probably your most private form of payment is going to be with cash if you can pay in full at the beginning of the semester um and not fill out a FAFSA form that's probably going to be the best way to do

it but if that's not an option for you you need to link your bank account information to make payments over time one thing that you can do is give them a masked debit card what that is it's a debit card number that is only linked to your school so if someone gets that number they can't use it for anything else besides with your school a credit freeze is going to basically password protect your credit so that anyone that has too much personally identifiable information about you won't be able to use that to open new lines of credit such as loans or a credit card a PO box or a commercial mail receiving agency is going to protect your physical

address where you and your family sleep at night we do want to be careful with this one though because a lot of schools will base your tuition rate on where you live so if you live in state you might pay a little bit less than someone who lives out of state or who lives internationally so this PO Box thing it's not meant to help you get a lower tuition rate it's adjustment to protect your physical address so your school might require you to provide your residential address but then you should be able to go into your profile after that and change it to a PO Box after they set your tuition rate a Voiceover IP number is going to

collect is going to protect your phone number and it will also protect you in the event of a Sim swapping attack they won't be able to take over your phone when we choose what sort of classes we want to take there's going to be some additional you know things that we want to keep in mind in regards to our privacy if you prefer in-person classes then like I said before there's probably going to be higher levels of monitoring on campus you'll also probably have to use the school's public Wi-Fi but the nice thing about taking in-person classes is that you're not necessarily creating this big digital Trail about your online habits like you would if you

were taking fully virtual classes if you do prefer virtual classes you can choose between synchronous or asynchronous classes in a synchronous class that means that you're going to be meeting with your class and your professor regularly so you'll probably have to download teleconferencing software for that you will probably also have to download proctoring software for tests and exams messaging services for keeping in touch with your groups for group projects if you don't like doing any of that stuff asynchronous classes might be a good option for you because you're um doing your classes completely independently you're probably not going to have group projects or proctored exams or anything like that when it comes to protecting our digital

devices um if you don't like using your own personal device a lot of schools will have laptop scholarships so you can probably borrow a laptop for the semester from your school regardless of whether or not you use your own device or use the skulls device you probably want to use a VPN especially if you're going to be using your campus public Wi-Fi um you also probably want to use unique passwords now your school is going to manage your accounts so chances are you're going to have one master password for all of the services that they offer you but when you're going through those and looking through your privacy settings and adjusting them to your preferences it might also be worth it to

see if they allow you to reset your password for that service specifically and do that whenever possible if you can use a password manager it's going to be a lot easier to keep track of those and it'll also provide you with passwords that are much more unique and secure than anything you could remember two-factor authentication is also going to help protect our accounts you can use a software or a hardware token that's probably going to be your best bet if they don't offer those you could have a code sent to you it's better than not having two-factor authentication but whenever possible in my opinion at least the software or hardware token is probably going to be

your most secure bet now I also talked a lot about additional software that you might have to download if that does apply to you I recommend only using those for school related things and then deleting them at the end of the semester if you are required to download things like proctoring software that you don't want on your personal device I know I didn't you can use a virtual machine and download it on that put a VPN on that it will um make it so that when you kill that session it'll delete your information it also protects your physical machine and you can still save your work off of it it's just going to offer you some

additional privacy and security there now there's a couple things that I didn't mention on this that might be good to keep in mind I'd say maybe you just don't give them information that they don't ask for I'll give an example from my personal experience when I went to my career services office to get some feedback about my resume they were very helpful they provided some really nice tips for me and then afterward they went on to post my resume publicly on their job Board site and I don't say that to call anyone out or anything I'm sure that they thought that what they were doing was very helpful they say that more is a Learning lesson

that any information that you provide to them can probably can be made public so if we operate under the assumption that any information will be made public it will probably help you out in the long run but even if we do everything on this list here our biggest area of exposure is still probably going to be our social media accounts the things that we choose to post publicly about ourselves so if you are a social media user it'd probably be a good idea to just review your activity and make sure that you're comfortable with the information that you've made public I would also maybe look into how these social media services collect your information outside of what

you decide to post how they collect information about your online habits and then go back through your old posts as well and make sure that there's still current our views don't always age well and they change as we grow so just go back through your old posts and make sure that they still reflect your views so I hope that some of this information was new or relevant to you even if you're not going to college maybe you have a child or grandchild that is or is going to and these are the sorts of things that they're going to have to deal with when they go so if you have any questions you can message me on Discord

um you can find these slides uh besides I believe is going to be making them available but if not you can always reach out to me either on Discord you can also find me on LinkedIn and I'd be happy to share these slides with you the last one includes a couple links if you want to do some more research about some of the laws that I had mentioned here so I want to thank everyone for coming to my talk I really appreciate you being here and I hope you enjoy the rest of your conference