With this statement that just came out today from LeRoy Rooker, what will be Instructure’s take on this interpretation of FERPA? What will your institution's take be on this interpretation?
Essentially, LeRoy Rooker’s statement is that an institution can allow a student to see other students in a course for which the student is officially registered, but cannot allow a student to see (or be seen by) other students in another (cross-listed) class in the LMS. To me, it sounds like the door remains open for true cross-listed, in-person courses (like a Psychology and Neuroscience course which are really one-in-the-same, but some students register as PSY and others as NEU) since those students meet at the same time in the same physical classroom with each other. But this new interpretation seems to shut down courses where one instructor teaches 4 sections of the same Accounting course and simply wants to cross-list those into one course shell in Canvas for the sake of their own convenience and the students would not normally see each other in the physical classroom since they are 4 separate Accounting classes.
Thoughts? Comments? Alternate interpretations of LeRoy's answer? How will you adapt in Canvas?
Having worked in compliance for many years in a past life (with much experience in the HIPAA privacy regs) , and having further researched this provision of FERPA, I believe this interpretation to be accurate. Faculty convenience does not trump FERPA privacy protections. I can think of many reasons why a student in Class A would not want to be identified by students in Class B, but reasons do not matter, what matters is the student's right to opt out of directory disclosure. A simple expediency might be to give the student a pseudonym, but the choice to do so would still rest with the student. We need to seriously rethink cross-listing. A solution that cross-listed courses be listed in the course schedule is workable and acceptable if students are advised clearly that the rosters will be combined and available for student review. In our student FERPA notices we should mention the possibility of course cross-listing (if we do that), and what it means in regards to the availability of student directory information. If unsure of this interpretation and the actions needed, we should consult with our AAGs and document their opinions, keeping that documentation on file. I will be opening conversations with our Registrar (our Keeper-of-all-things-FERPA). when I return to work next week. We do manually cross-list, and our policies and procedures will need to change, and I would rather have the bad news come to faculty from her, than from us.
If you guys do make a feature request for this, please make the option so you dont have to restrict cross listed course roster sharing. FIPPA/FERPA in other countries outside of the US do not yet have this restriction.
Our FIPPA is more concerned about storage of data more so than access.
Thanks Keroleen for mentioning FIPPA. You reminded me of a similar awareness-raising experience I had at tpriester's excellent session at InstructureCon this year where I learned the regulations for Australian primary schools are not quite the same as they are for American colleges. Learning "how the coffee tastes in other empires" is one of the best parts of being in an international community. After reading your suggestion I would recommend making this an option at the sysadmin level, where each client could set a default "limit this user to only see...." setting that best serves their institution's local laws.
"I can think of many reasons why a student in Class A would not want to be identified by students in Class B, but reasons do not matter, .."
Kelly, out of curiosity, might you be able to give some reasons?
In a physical classroom, a student in class A can be identified by any other student in Class A, and this doesn't seem to be a problem. Also, a student in Class B can walk by the Class A classroom and see who is in it. In fact, anyone can walk by a classroom and see who is in it. (Will schools need to cover all classroom windows?)
Yes, reasons do not matter, but if there is not solid logic behind the reason, maybe the rule should be challenged.
(I am probably the only one who does not understand this, so I look forward to some explanations. I anticipate being sorry that I asked.)
Maybe not cover all classroom windows, but if the institution posted a class schedule (not class roster, just course ID & section & day/time each meets) on or by the door of a classroom, and someone walked by, wouldn't they be privy to Personally Identifiable Information regarding the students they see in the class at a certain time?
Can a student "sign away" their FERPA rights in order to participate in a cross listed course?
Referring to my previous post, while I would not ask students to "sign away" all of their FERPA rights, if they were asked to opt-in to a feature in order to participate in some aspect of a course that the instructor feels all students might gain something from, I do not see an issue with this. We are asked to do this all the time when we agree to use certain services online that might use or sell our information for marketing purposes in exchange for using their services, which to me is a much more egregious violation of an individual's privacy than whether one student know which students are in another section of the same college course.
Again, as I stated in my previous post, I believe the important aspects here are 1) to provide the students with adequate information about what they would be opting into to make an informed decision as to whether or not to participate and 2) to also provide adequate means for the students who choose not to opt-in to obtain, as close as possible, an alternate source for the same or a similar educational experience.
Maybe we are talking about the same thing. At my university, class schedules, times, and locations are public. So if a student wanted to see if someone they know is taking a certain class, all that they have to do is physically go to where this class is being held and either look in the door's window, or wait to see who enters or leaves this room. I really don't understand how a university can keep this private.
The difference is disclosure. When an instructor/institution cross-lists two disparate courses, the instructor/institution is responsible for that disclosure. To me, this is like saying that you saw kids in the college cafeteria discussing their final exam grades around the table with each other VS the instructor posting final exam grades in the hallway. One is a disclosure from the institution, and one isn't.
The section-based privacy wall in Canvas can -- at a technical level -- help prevent institutional disclosure. Canvas already has this feature available at the user-level. It is just extremely difficult to set and has to be set on a user-by-user basis. A simple solution would be to make this a section or course-level setting that can be configured by the institution's Canvas Admin to be "on" by default but would allow individual instructors to disable to section-based privacy wall on a course-by-course basis if there is a need for a legitimate academic purpose.
When you manually enroll a user into a course in Canvas, we have the option of making that user only see other users in their own section. Unfortunately, that same option doesn't seem to exist for cross-listed sections. Instructure may need to create that as an option for cross-listed courses ASAP and allow institutions to set that as the default. That would at least keep students in Class A from seeing students in Class B in cross-listed courses, and would give institutions the power to enforce or at least default that privacy-first behavior.