UA bookstore worker violated privacy act, director acknowledges
Arizona Summer Wildcat
A U of A Bookstore employee inappropriately requested student Social Security numbers from campus club members, violating federal privacy regulations, bookstore Director Frank Farias said yesterday.
As part of a club fund-raising contest to encourage early textbook ordering, bookstore marketing specialist Beth Bujarski released a letter asking student organization presidents to gather the last four digits of club members' SSNs for a contest, Farias said.
When he heard about the release, Farias said he informed Bujarski that asking for such information to identify students is against the 1974 Family Education Rights and Privacy Act, which protects student information.
"They were trying to determine the identity of the person through that means - you don't have to do that," he said.
Bujarski was unaware that the bookstore does not use SSNs to identify students. She said the letter was circulating for about a day before the error was discovered, and no numbers were submitted.
Farias said all releases from the bookstore must be reviewed by him "to avoid having these kinds of things slip by." But Farias said he had not approved the letter.
"She wasn't aware of this, even though she should be very sensitive (with use of SSNs)," Farias said.
Upon discovery of the error, the bookstore released a retraction letter telling club presidents that the document was a mistake.
University of Arizona attorney Mike Proctor was informed of the error and provided legal assistance on the matter.
While Proctor declined to comment on his advice, he said that use of SSNs is not necessarily a violation of FERPA, but the bookstore's "request for information was ambiguous."
He added that the university "shouldn't put a club president in charge of gathering student (SSNs)."
Any time UA employees are involved with identification numbers, his office encourages legal notification, Proctor said.
The university's approach to handling student information has "been very consistent," but the community has become more concerned recently, Proctor said.
Last year, the UA illegally released thousands of student and faculty SSNs to Saguaro Credit Union and MCI Telecommunications Corp. during its implementation of the CatCard system. The UA retrieved the numbers, but fallout from the incident continues and several privacy committees have been formed as a result.
Associated Students President Cisco Aguilar said the bookstore made a mistake, but the violation was minor because the request was not mandatory and the entire SSN was not involved.
"The whole bookstore has learned from this," he said.
|