Privacy... The Buck Stops with ???
Mar 17, 2022
Given the nature of our work at Degree Analytics, we discuss privacy probably more than most software vendors in education. In short, we specialize in utilizing the transactional log data that is present in systems like enterprise wireless management systems to help universities understand how the campus is actually used.
In the same way that grocery stores and retail environments monitor customer walkways and optimize the store for a better shopping experience (note: with effectively no “intrusion”), shouldn’t we be doing some translated version of this to elevate a student’s experience at our campuses?
What does that mean exactly?
A Little Background And Ideology
We say, “Students Vote with Their Feet.”
If students go to class, they are telling you it's important, or that it is at least more valuable that they go than do something else. The same goes for how they use the fitness center, the library, the new tutoring and student center, events on campus, etc… If they use Zoom, Webex, LMS, etc…
Likewise, if they stop going, part of what they are saying is “this is no longer valuable” or “something else is more important than X.”
At Degree Analytics, we count those votes and help Universities correlate them towards student success initiatives, investments in new buildings, revitalization of space, as well as simply understanding the pulse of campus from a security and safety perspective.
We have spent an inordinate amount of time creating preventative mechanisms, restricting data, and aggregating data to guard against unnecessary access and applications (we call it “privacy by design”). For example, while we do not need to know the name of the students we’ve helped (restriction through IDs or mass de-identification for aggregate level analysis), there are students who have graduated or are still pursuing their degree that otherwise would not have, thanks to our work.
It is not because our data is a perfect silver bullet - it's because good and well-intentioned people have received the minimum level of access needed to do small actions that greatly impact students.
We take privacy very seriously. We talk about it and discuss it daily. And from those conversations, we continue to evolve and grow our practices to meet the evolving and growing data privacy needs. We view privacy innovation and structure as a necessary good that is oftentimes overlooked.
Yes, Privacy… Let’s Talk About Anything Except That!
It is usually the case that we are much more informed about privacy than the audience we may be talking with as they evaluate our tools and products for use. It is quite typical that even discussing analytics and using student data is uncomfortable to many. In general, while data illiteracy is a problem in higher ed, privacy literacy is worse. This may be partly due to the lack of supporting systems in place that help to educate staff and faculty about data and privacy, but even more fundamental, the general structure around privacy.
For example, compare Privacy and Finance. It might go without question that talking about money is one of the quickest ways to raise anxiety levels. Relatively few people really understand finance (thank you financial advisors) and all of the topics surrounding money - debt, budgets, accrual, depreciation, etc… Let's just say, finance has a natural ability to repel people. Nonetheless, there might not be a more fundamental aspect of an institution than money.
Thus, every institution has a CFO and finance team, often many specialized teams, with generally very well-defined processes and structures to deal with all things finance - Financial Aid, Title III/IV/V, Athletics, Scholarships, Depreciating Assets, Deferred Maintenance, etc… There are committees to help evaluate how money is spent, budget meetings to talk about previous budget meetings, and teams dedicated to raising more dollars to impact new initiatives going into the budget.
But when it comes to Privacy, an aspect that also touches every aspect of what a University does, who should be consulted?
In recent years, this might have fallen to the CISO, but their real focus is on enforcing security practices and security systems - not establishing privacy processes (although some certainly have). So the provost/faculty/staff? Where to even start?
The new trend is that of the Chief Privacy Officer (CPO). Currently, there seem to be around 40 in US higher education institutions. Partly driven by the increasing legal governance getting created, this specialty may quickly become a necessity for every campus. But while this is an important role, it's just as important to acknowledge that this step does not solve the problem.
While having dedicated resources, like a CPO, certainly gives privacy efforts a clear direction, smaller institutions might not be able to afford this new role. Not only that, it should not be mistaken that it is the accountability of 1 officer to dictate all things privacy on campus – rather, the responsibility of 1 to establish a committee/process/structure to evaluate the desire, need, and risk of any particular project/system/process, as well as to create transparency with students on those data efforts.
More to come on this…
This is Part III in our Privacy Blog Series. Check these out if you missed Part I and II
- Part I: Higher Ed: You're Not Taking Data and Privacy Governance Seriously
- Part II: Higher Ed's Big Data Privacy Problem