undefined | Better HN

0 pointsskeeter20201mo ago0 comments

...then all those clicks juice engagement and utilization numbers; why would someone want to just know their grade when they can use more clicks and custom apps to get the same info? </s>

The party line is probably something about "a lack of data security" with email, which would almost be funny given the current situation if it wasn't so stressful for those impacted...

0 comments

3 comments · 1 top-level

crazygringo1mo ago· 2 in thread

No, students are already forced to use Canvas enough as is. This is enterprise software, it's not a consumer phone app. This is nothing to do with "engagement".

This is to do with FERPA which requires that student grades be kept private. There is a small but still a significant legal risk that someone else such as a parent or roommate could have access to a student's email. And so to avoid even the possibility of a court case, schools prefer to play it safe and display grades only to a user they can authenticate directly.

This doesn't have anything to do with common sense, it's simply about legal risk. And it's not about security in a broader sense, it's specifically about privacy FERPA legislation.

trollbridge1mo ago

FERPA allows emailing confidential information to a student email on record if the university controls the email account. Most universities offer their own email service (and require using it) for this exact reason.

There is no more risk of access to email than there is to Canvas. They are usually secured by the same SSO, too.

However, congratulations for finding the exact dodge around implementing a useful feature. Back when I worked at a university, it was apparent we had a “toolbox” of reasons to deny requests we didn’t want to do: HIPAA, FERPA, ERISA, PCI, GLBA, Title IX, ADA.

“We can’t do that integration with student health services due to HIPAA concerns.”

“We can’t implement that sign up form due to FERPA.”

“We can’t update that site because we’d have to do so and be ADA compliant and that would cost too much.”

“Due to Dining Services’ server being in scope for PCI, we can’t run reports off of it.”

“Adding that ability to Student Affairs’ portfolio app would raise Title IX concerns.”

It was great. You had endless excuses to say why you can’t email a student their grade.

crazygringo1mo ago

I already said it's not about common sense, it's about legal risk.

It's about edge cases like someone set up your email to forward all your emails to their account without you knowing. Or other additional situations you could imagine.

There is no benefit to not emailing grades directly, from the perspective of Instructure. There is no ulterior motive here. But universities are genuinely risk-averse and their lawyers tell them that not including the grade in the email simply shuts down one more avenue for some potential lawsuit. Which costs money to defend even if a university wins it.

This isn't some kind of "dodge". This is literally just Instructure doing what university lawyers demand.

I agree with you that the email address is generally always also controlled by the school and has the same login authentication. It doesn't matter. I told you this isn't about common sense. This is about lawyers saying that it could reduce legal risk. And that is a true thing that is coming from real lawyers. Even if you disagree with those lawyers.

And Instructure isn't going to try to disagree with lawyers for its own potential customers. It's going to give the schools what they want, which is not revealing grades via email.

It's not a "dodge."

2 more replies

j / k navigate · click thread line to collapse