Privacy Emerges as a Top Concern for Higher Education IT
When EDUCAUSE released its 2019 Top 10 IT Issues, privacy made the list for the first time, debuting at No. 3. Although student privacy has always been a big concern in K–12 education, many IT professionals in higher education have primarily focused on the cybersecurity aspect of data — but that’s changing.
As colleges increase their use of data to develop student interventions and deliver personalized services, they have a growing responsibility to develop guidelines and best practices to protect students’ personal information.
The Top 10 IT list, developed by EDUCAUSE community members, defines the privacy imperative as “safeguarding institutional constituents’ privacy rights and maintaining accountability for protecting all types of restricted data.”
There’s no doubt the collection of data as a valuable asset has become commonplace in higher education: According to one study, 42 percent of institutions collect and integrate data from student information systems, for example, and another 31 percent actively use that data to inform student success initiatives.
Most data projects, in fact, focus on student success and academic progress. They track students’ progress through recruitment, admissions and enrollment; degree completion; and postgraduation outcomes, among other measures, the study found. And it’s important to note the vast majority of leaders in this study say they do respect privacy rights when conducting student success studies. That’s a good sign, but the issues are about to become much more complex, so administrators will need to be diligent to keep up.
MORE FROM EDTECH: See how higher education IT leaders are approaching new-age cybersecurity threats.
The Internet of Things Complicates the Data Privacy Landscape
As EDUCAUSE notes, privacy issues can be complex and nuanced. First, there are two types of privacy to worry about: autonomy privacy, or individuals’ right to go about their business without unwarranted oversight by an institution; and information privacy, or individuals’ right to have some say in how an organization uses their personal data.
Second, University of Wisconsin researcher and professor Alan Rubel noted the Family Educational Rights and Privacy Act, which governs much of the information that institutions traditionally collected, may not cover or clarify all of the data types that are now in play.
Third, the Internet of Things is allowing institutions to collect an ever-increasing amount of data, much of it unprecedented. Colleges could, for instance, track students’ movements around campus — to the library, say, or the recreation center — using beacons, smartphones, wearables, and ID cards linked to iPhones and Apple Watches.
Their intention in collecting such data may be noble; what if they could use this information to help students identify behavior patterns and draw connections with their academic performance? But the slope is slippery, and the territory uncharted.
Educators Advocate for a Broad Conversation About Data Privacy
That’s one reason EDUCAUSE members Martin Kurzweil and Mitchell Stevens advocate for higher education institutions to “invite others to help us define ethical practice and responsible use of student data in the rapidly changing digital world of the academic enterprise.” They note that among learning management systems, artificial intelligence–powered assistants and distance-learning solutions that facilitate remote interactions, our higher education campuses are filled with “digital traces.”
To help educators and institutions protect students’ data, and to generate a broad conversation about privacy and responsible data use, Kurzweil and Stevens developed the Responsible Use of Student Data in Higher Education project.
Although some surveys suggest that students are comfortable with the use of their data, as long as the applications are transparent and for their benefit, institutions should solicit students’ input into data initiatives.
That’s what the University of California, Berkeley did when it realized that some student information was housed in vendor systems that weren’t under its control. One best practice that UC Berkeley identified was to negotiate vendor agreements to include opt-in choices for students.
In a panel discussion about EDUCAUSE’s Top 10 IT list at the annual conference in October, Carlos Morales, the president of Tarrant County College’s Connect campus, noted that campus staff may be unclear about the boundaries between privacy and confidentiality.
Leaders should consider campuswide training to ensure that staff, faculty and even students understand these parameters and how to uphold them. IT staff should also work closely with other departments to help build privacy protections into any data-driven initiatives.
By continuing to have open conversations and by working to develop (and share) best practices, colleges will position themselves to take advantage of the advances data analytics make possible, while still upholding the highest privacy standards.
This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.