Over the course of four years, Carleton’s administrative offices collect an astonishing amount of data from its students. From the moment we submit applications to Carleton and until long after we graduate, our names and their corresponding information will dot Carleton databases and archives.

This information includes, but is not limited to all admissions materials, financial aid records, Academic Standing Committee actions, academic records, and student health records.

Many students wonder where the college keeps this data, how long it is kept, and who has access to it. Unfortunately, there is no easy answer to this question. I had an interview with Janet Scannell, Carleton ITS’ Chief Technology Officer; Rich Graves, Carleton’s Network Security Administrator; and David Frey, the Senior Systems Administrator, to put the pieces together and figure out what agency students have in the administration of their own records.

Carleton College has established a number of policies in regards to the retention of records, student and otherwise. For many records, there exists a “data retention period” that mandates a minimum amount of time to pass before a record can be deleted. The retention periods for most re- cords, such as financial aid and student health records, fall somewhere between one and seven years after graduation. Other records, including admissions materials of enrolled students and academic records, the col- lege holds permanently.

These retention periods, which can be found in the online student handbook, follow the retention period times as recommended by the American Association of Collegiate Registrars and Administrators (AACRAO), and are not arbitrarily decided.

Many of them reflect legal obligations to preserve files for potential lawsuits or investigations, and other reflect requirements set by federal departments. For example, accord- ing to Rich Graves, the Department of Education requires student loan records be kept for a number of years after the loan has been paid.

Interestingly, the retention of record policy only mandates that departments keep data the minimum number of years; according to Janet Scannell, it does not mandate the data’s deletion thereafter.

The choice to delete data is up to its custodian, and to quote the online Campus Handbook, can be disposed of “in a manner convenient to the person undertaking the destruction”. Oftentimes, the deletion of unneeded records depends on a department’s need to create more hard drive space. Otherwise, the department can hold on to records for an indefinite period.

According to Scannell, whose access to records depends on the department by which they are controlled, some departments share databases in an effort to crowd-source, and oftentimes student workers have access to those databases. Student workers in Alumni Relations, for example, have access to admissions ap- plications of fellow students as well as the donation records of alumni.

However, the college does not classify all information on students as official records thus does not require periods of retention. RA duty and weekly reports for example, in- clude a notable amount of qualitative information on students. The director of Residential life, Andrea Robinson, said that this data is stored on a secure database and cleared out every year. The only other copy of the reports are sent to respective Area Directors via email.

This leads to another cache of information at Carleton: Zimbra. In addition to RA reports, Zimbra witnesses all correspondence between Carleton staff, faculty, and students. This likely includes conversations on sensitive material, such as ADVOCATE reports, community concern forms, and any form of disciplinary procedure. What protection has ITS put into place for Zimbra, the campus’ universal mode of communication?

Rich Graves claims that Carleton ITS rarely accesses the email account of a student. “To my knowledge, this has only been done for technical support purposes — weird webmail behavior with certain settings or certain incoming emails, calendaring conflicts, etc.”

Graves adds that Carleton recently started to host Zimbra off-campus, and only a small group of staff employees has the authority to gain access to an email account from that off-site location. Graves estimates six people have that authority.

When a staff member accesses a student’s email account, does it leave a footprint? Graves states that the network “creates an audit trail on both Carleton systems and Merit systems that cannot be erased by ITS staff.”

For the individuals who do have access, no authorization procedure currently exists for when they wish to access a student, faculty, or staff email account. However, Graves claims that no known case of abuse exists that would point to the need of such a procedure. Self-monitoring for conflicts of interest additionally prevents problems from arising, points out Scannell.

So what, if anything, can students do to ensure the maximum protection of their data at Carleton? An alumnus can potentially call Carleton and ask the college to delete a record after its period of retention expires. Whether the college would comply, however, is unknown – nobody has ever asked.

However, the college must comply with, students’ rights as outlined in a federal law called FERPA, the Fam- ily Educational Rights and Privacy Act of 1974. According to FERPA, all students “have the right to inspect and review the student’s education records maintained by the school.” Furthermore, students “have the right to request that a school correct records which they believe to be inaccurate or misleading.” While students infrequently demand their rights under FERPA, the option remains open to them.