Blog - Degree Analytics

Higher Ed - Taking Data and Privacy Governance Seriously?

Written by Aaron Benz | Feb 17, 2022 5:39:16 PM

Part I - The Problem (4 min read)

It's time to give this discussion the proper focus and attention it deserves within the scope of Higher Education.

So let’s talk about an “Invasion of Privacy”. One area most of us can agree on is we don’t want it… but what is it exactly?

For the purposes here, the important aspect of this complex topic is that “invasion of privacy” has something to do with someone gaining access to another person’s private information without their permission, or when a reasonable expectation of what is private, is violated.

The problem: there is a lack of awareness of the data that is being collected; even more so, there is a lack of understanding of the data we are giving away and for what purposes.

This is made plainly obvious from a EDUCAUSE poll in 2020, in which only 22% of students agreed or strongly agreed with “I understand how my institution uses my personal data.” From the same poll, not even half could agree or strongly agree that “I trust my institution to use my personal data ethically and responsibly.” Those results should be shocking.


To be clear, this is not a problem that institutions need to think about and solve for the future. This is a problem that every institution already has! And - it's probably more serious than you think.

Here are some data use cases that are happening and have been occurring on campuses everywhere since these systems were put in place:

      • Student Information System (SIS): A core system at a University. It contains academic records, demographic information, and sometimes health-related data. In short, it contains some of the most sensitive information about students. So… who has access to it? Is it restricted in any way? How long does data remain in the system? As a student, how can you validate what information (about you) that’s in the system? Did you know that your basic information is considered “directory information” and can effectively be shared with anyone?

      • Learning Management System (LMS): This is the system that is logged into to see courses, submit assignments, write forum posts etc… In any modern LMS, every single click is collected and stored to be used in basic-to-advanced analysis. Haven’t logged on in a while? This might be why you received that email from an advisor. By the way, a user's IP address (meaning, relative location when logging in) will be in the access logs of any of these systems.

      • Customer Relationship Management (CRM) System: Are you a prospective student that’s applying? A student emailing, or needing to schedule an appointment with an advisor? Or, are you an alumnus who the institution would like to get to donate? This tool stores every email, phone call, and interaction you have with the school, in addition to your email open rates and responses.

      • Student Issued Laptops: While these are more common in K-12 environments, every single keystroke and website may be recorded and analyzed. This is primarily used to block access to pornography or prohibited sites, but, for example, it is also used to flag and identify students who may be considered suicidal.

      • Any Student Portal/Online System Provided by the School: Similarly, your login activity, as well as your relative location (IP address) is collected and may be stored for at least some period of time. Not to mention, the web pages and content you accessed

      • Student ID Card: Used for swipe access to a building, checking out a library book, and buying a meal on campus, among many other uses. What’s logged? The time you swiped, the location, and the event/activity.

      • Student App: Used for navigating campus, course schedule, communicating with advisors or professors, etc... Will collect all interactions on the app, including time and relative (IP address) or specific location (GPS)

      • Campus WiFi: Every wireless platform in the world stores log data of your time and approximate location (which access point you're connected to) for some period of time by default. Your last known location or connection to an access point is able to be seen through built-in functionality.

      • Misc: School website, Alumni Network, Video Conferencing platform, Campus App, Residential/Housing System, Auxiliary Services, etc…

Are you starting to get it?

To give an idea of the overall landscape, below is a list of vendors and additional categories beautifully produced by encoura and Eduventures Research. Make special note of the "Data & Privacy Governance Solutions" category that keeps track of all the places student/visitor/faculty/staff data is being stored...

Here is the reality - any time you interact with any technical system (University/College or otherwise), you should know that data is being collected. That is not only the norm but is a foundational requirement for the operation of systems. To be precise, that is not a call for the removal of these valuable systems.

The question is not “is my data being collected?” - It is, rather, who has access to it? How is it being applied? Who is ensuring it is not being abused or misused?

These are questions that every University needs to take seriously. As in, seriously evaluating their processes and governance structures given the lack of trust from students.

If these questions can be clearly answered and those answers are made transparent to students, we might find that students will actually trust the systems at work to enable their experience and success. Even more so, we might find those systems now do a better job of enabling students and their success.

This is Part I in a multi-part series on Data Governance

  1. The Problem
  2. Purpose of Data Collection
  3. Background
  4. The Solution?

An Open Invitation

At Degree Analytics, we recognize how much of a gap exists, and continues to grow, between privacy and the pursuit of a better campus and student experience.

We believe that data can, and ought to be, used for the purpose of student success. We also recognize that protections and governance are needed to advance these technologies, their use cases, and to create trust with students, faculty, and staff.

We are starting an initiative to create an open-source bundle of materials to help jumpstart data governance at institutions of any size. Simply, the goal and purpose are to create best practices that will allow institutions to put this necessary governance in place. However, we cannot do that alone.

This is an open invitation to those in Higher Education and those who are experts in privacy to help establish generalized and repeatable processes.

If you are interested in participating in any manner, please fill out this contact form, and we’ll reach out to you: degreeanalytics.com/privacy-and-data-governance