Privacy and Virginia Tech

Revelations in last week's report on the Virginia Tech massacre have sparked discussion over administrators' failure to act, despite clear warning signs of the shooter's proclivity towards desperate and violent behavior.

Washington Post columnist Marc Fisher says privacy regulations are to blame for inaction, that students' records are sealed by privacy laws that "do more harm than good."

The culprit here is the culture of privacy that we have allowed to pervade certain areas of life, especially health and education. We have done this even as we have relied on openness to lead us into enormous change in other social realms.

But Fisher has a binary argument--it's either privacy or safety, a false dichotomy. The Christian Science Monitor editorializes that both can be served through the proper balance, serving both legal obligations:

Lack of understanding about federal and state laws is a major obstacle to helping such students, according to the report. The legal complexity, as well as concerns about liability, can easily push teachers, administrators, police, and mental-health workers into a "default" position of withholding information, the report found.

There's no evidence that VT officials consciously decided not to inform Mr. Cho's parents. But the university's lawyer told the panel investigating Cho's case that privacy laws prevent sharing information such as that relating to Cho.

That's simply not true. The report listed several steps that could quite legally have been taken: The Virginia Tech police, for instance, could have shared with Cho's parents that he was temporarily detained, pending a hearing to commit him involuntarily to a mental-health institution, because that information was public.

And teachers and administrators could have called Cho's parents to notify them of his difficulties, because only student records – not personal observations or conversations – are shielded by the federal privacy law that covers most secondary schools.

Notifying Cho's parents was intuitively the right course. Indeed, his middle school contacted his parents to get him help, and they cooperated. His high school also made special arrangements. He improved.

The report points out that the main federal privacy laws that apply to a college student's health and campus records recognize exceptions for information sharing in emergencies that affect public health and safety.

Privacy is a bedrock of American law and values. In a mental-health case, it gives a patient the security to express innermost thoughts, and protects that person from discrimination. But the federal law, at least, does recognize a balance between privacy and public safety, even when colleges can't, or won't.

David Loukidelis, Information and Privacy Commissioner for British Columbia, also disputed media reports that pinned the tragedy on privacy:

The official report on the tragedy makes it very clear that those involved failed to properly apply privacy laws, which did allow them to share Cho's personal information and did allow them to take action. Canadian privacy laws similarly allow disclosure and action in such cases and privacy is not to blame for this tragedy.