Recently Asked Questions

I’d like to ask this as generally as I can so that the answers are as applicable as possible, but I’m writing from a small college library in NY, so I’d like to get a sense for myself and my staff about what our rights, obligations and protections for students and patrons are as Librarians in the event of a “visit” or raid by Immigrations and Customs Enforcement.

We haven’t received guidance from our institution and we’re a small place, but want to be prepared in case our students or staff are targeted.

What are we required to do? What is ICE currently allowed to do on a college campus or in a library? How can we protect our students from these actions by ICE?

I don’t know and wouldn’t ask about a student’s immigration status, but I know for instance that we have graduate assistants and Faculty who are here on visas and who are non-white.

Recently a question has come up at our academic library concerning patron privacy and the notification to a patron (usually a student) concerning excessive downloading of content from databases in our collection. Our current practice has been to receive notification from the vendor about perceived illegal downloading. We then ask a member of our library IT team to investigate the situation, based on the information from the vendor. The contact information acquired by that IT staff member is then provided to the e-resource librarian. That librarian then contacts the individual via email, explaining the situation and indicating that such behavior must cease. Once that is done, the librarian notifies the vendor that the situation has been addressed, and there is no need to withhold access to the product from the campus. No personal identification of the user or student is provided to the vendor, nor distributed to anyone else. The question now: Is this process appropriate in resolving the misuse of a database, or does it violate the user’s/student’s privacy rights?

My institution has a small number of documents in our archives related to previous graduate students. Some are definitely educational records (transcripts, field placement evaluations). Then there are a) letters of recommendation received by the school or written by school faculty/administrators and sent to other schools, b) some correspondence between a student and the school/administration, and other items like c) copies of images or articles from student publications.

The documents span decades.   Most --- but not all--- of these former students are confirmed deceased. Most items in this small group of documents relate to alumni who were/are notable, but in widely varying degrees.

A few of these documents concern a famous alum, who passed away.  An outside researcher is asking about the documents related to that alum, and unfortunately, there are no surviving institutional access policies related to student records or unpublished correspondence in our archives. We want to respect copyright, FERPA, and the alum's estate.

For the educational records, I can't find clear guidance on how long FERPA access restrictions last, but other academic collections seem to allow access 50-75 years after the former student's death.

So, a few questions:

1) When should on-site access to historical educational records be allowed (if ever), with reference to FERPA? What about providing copies of historical educational records?
 

2) When should on-site access to unpublished, non-educational records related to former students be allowed, in reference to state and federal copyright and privacy laws, and possibly FERPA? What about providing copies of these documents?
 

3) Should we take a more risk-averse approach to high-profile alumni materials, or should our policies apply equally to all alums?

We have a question that relates to the intersection of New York state level library privacy laws (https://www.nysenate.gov/legislation/laws/CVP/4509) and FERPA. Our campus has a newish system that is attempting to correlate student actions and activities with academic success and retention. As such, it could be helpful to include things like visits to the writing center, appointments with academic advisors, and also library activities, such as whether a class came in for a library information literacy session or whether a student made an appointment for a library one-on-one consultation. FERPA lets institutions share academically related information within certain bounds.

We are wondering what the privacy balance is here given that the information would stay in-institution, but not in-library. Here's what we are considering doing:

1) Noting in the system which classes had a library session(s). Within the system, that would identify individual students within those classes.
2) putting an opt-in statement on our one-on-one research appointment form and if the student consents, then providing to system the student name, appointment date/time, and course that the help was for (but not anything about the specific content of the appointment).

Have we crossed any lines here? Do we even need the opt-in statement? Is this something clear or fuzzy/grey? What should we be considering that we haven't thought of? Thanks.