Personal data protection has been in the news lately. Apple’s most recent iOS updates and the marketing campaign around them are all about protecting data privacy from the ecosystem of advertisers and other digital snoops, for example. California and Virginia have passed state-level consumer data protections, while a number of other states (as well as the US federal government) have their own privacy bills in the works. Meanwhile, in higher education, students are raising concerns about the way various educational software and services are protecting data privacy. For instance, the University of Illinois recently announced that they would no longer work with the online proctoring platform Proctorio after student outcries of data misuse.
With the growing awareness around personal data privacy and the protection of meaningful data ownership, it’s important that universities partner with technology solutions they can trust. Everyone is generating more data these days than ever before — every action online, every purchase, every clicked link — leaves a trail of behavior that can be parsed by advanced AI algorithms to create a valuable profile for advertisers and marketers. Without a federal law to regulate the collection and use of such data, states are creating a patchwork approach that will almost certainly lead to a number of headaches for higher education. Many schools have students and faculty from all over the country, and as more states roll out legislation you’ll have more and more regulations to remain in compliance with.
International laws complicate matters further. Europe’s GDPR legislation is often looked to as a model for protecting personal data and privacy, and if you have students or faculty from the EU you might already be familiar with the data protection they’re privy to. Now just imagine navigating a similar set of protocols for each state, and you have an idea of what things could look like in the near future.
So how does higher education deal with big data, and the growing concern over personal data protection?
The easiest answer is to familiarize yourself with the laws, then adhere to practices that protect data privacy and ensure compliance with the strictest regulations. Here’s an example. One of the most common topics covered in data legislation is how long a business or other entity is allowed to store user data. If you have one set of state-level legislation that mandates all data must be wiped after seven days, and another saying it must be deleted after only three days, it’s best to adhere to the stricter policy and delete all collected data after three days. You’ll ensure compliance with both sets of rules and won’t have to go through the added effort of figuring out which rule affects which students’ data.
It is also highly important to fully understand the policies of your technology partners. Proctorio’s mistreatment of student data reflects poorly on the University of Illinois and others who have adopted the system, but at least they can point to the pressures of adapting to socially distant learning forced on them by the pandemic. There’s no such excuse now, and you can rest assured that students will do their due diligence even if the university itself does not. After all, who do you think first noticed the way Proctorio was mishandling their data? The students.