Security and privacy are two different concepts — even if they’re often discussed as if they are interchangeable. Allen boiled it down to this: While security can exist without privacy, privacy isn’t guaranteed if institutions don’t have the right security protocols in place.
And with the European Union’s General Data Protection Regulation and an expanding set of similar U.S. state laws pressuring institutions to improve how they handle and protect student data, it’s even more imperative for educators and administrators to have a clear understanding of these interrelated concepts and their role in data protection practices.
Yet for many in higher education, the line between security and privacy is still blurry. That needs to change.
The Difference Between Security and Privacy
Security and privacy go hand in hand when it comes to protecting data. Institutions can’t start developing strong data privacy policies without security controls that can safeguard that data against threats such as email hacks and breaches.
But what’s the real difference between the two? Security involves using technical and physical strategies to protect information from cyberattacks and other types of data disasters. That includes preventing unauthorized access or accidental corruption of data and maintaining its integrity.
Privacy is concerned with protecting the rights of individuals and ensuring they have control over their personal data that institutions may use. It involves defining and creating procedures and policies that best guide how data is collected, stored and used, as well as whom it can be shared with.
Balance Security and Privacy for Optimal Data Protection
It’s important for institutions to balance these two concepts today. More than ever before, colleges and universities rely on data collection to inform student success initiatives and develop personalized services such as financial support and student life programs. In fact, 49 percent of U.S. colleges and universities have data analytics initiatives underway, according to a 2018 white paper by Ovum.
But Big Data comes with big responsibilities beyond that of having the technical infrastructure and tools that make data analytics possible. As the value of data increases, so do information security risks. To mitigate those, campuses have to tighten their cybersecurity measures, which should also prompt on-campus discussions about related privacy measures.
For example, as schools like Syracuse University and Virginia Commonwealth University began to use phone sensors and Wi-Fi networks to monitor student performance and behavior, some campus community members expressed immediate concern. They felt that this breached students’ privacy and digital rights and undermined their independence.
That’s why it’s necessary for higher education communities to have continuing conversations about handling student data in an ethical and responsible way. As Baylor’s Welch noted, an emerging best practice is to establish a separate privacy program led by a privacy officer who can monitor and advocate for data privacy compliance, training and enforcement.
Layering transparent policies about data collection, access, monitoring and sharing with security systems is also key to upholding stakeholder trust. Meanwhile, campuswide training on data privacy for staff, faculty and students can educate them on data management risks. They can also learn about state and federal laws such as the Family Educational Rights and Privacy Act and understand security protocols such as different forms of encryption and authentication.
By recognizing how security and privacy work together, along with being transparent about student data, colleges and universities can develop best practices for data protection while keeping their students’ best interests in mind.
This article is part of EdTech: Focus on Higher Education’s UniversITy blog series.
