Empowering Instructors and Students: Learning Data
Privacy in the Classroom is Complicated
ISTE Standard for Coaches
This post is related to the following ISTE Standard for Coaches:
7d: Empower educators, leaders, and students to make informed decisions to protect their personal data and curate the digital profile they intend to reflect.
Sometimes I find it overwhelming when it comes to making decisions about technology tools and the protection of data. As someone who works to support and train instructors on educational technology tools, I find myself in a unique position to not only talk about how to use the technology well in the classroom, but also the privacy and accessibility of a tool.
I think as a systems administrator, all employees of an institution have a responsibility to protect the institution’s data and impart knowledge where needed, to balance the needs of data security with effective teaching and learning. In my experience, most conversations about privacy tend to focus on the individual’s use and how to protect one’s own data. The conversations don’t always involve being a steward of institution data and the ramifications that may have on an individual at an institution.
The question I decided to explore this time is:
As a systems administrator in an EdTech Office, I have a unique perspective on security and technology in the classroom. What are ways that I can improve and empower instructors (and others I interact with) to help them understand and examine the security and privacy of the technology tools they use?
The Complications of Privacy in Learning Environments
Academic freedom is important in the classroom and I want to support the freedom of choice that this gives instructors to choose appropriate learning materials. That said, the blending and rapid expansion of academic learning in online spaces has become incredibly blurred.
Because learning data increasingly reside outside campus networks and systems, internal privacy controls typically provided by institutional processes and policies are sometimes circumvented.
Where then does academic freedom and the right to choose learning materials, and the evaluation of the security of a tool fit? When an instructor chooses a book publisher tool and there are grades or roster information stored in the system, is that not also FERPA protected data? The content may be fantastic, but once you set up the platform and start using the tool, what do we know what the company does with the tool? What should the IT and EdTech offices do when you want to connect those tools to institution systems?
At a conference I attended, one university noted the various security concerns and issues they had because they allowed instructors to connect any tool, they wanted into their learning management system. For them, it felt like it was out of control and their IT office felt like they were sending school data out without a second glance; so, they decided to lock everything down. Now instructors, could only use vetted tools.
“…when we, as IT leaders, lock things down so much that teaching and learning can’t happen or is impeded by the security measures, then I think we have failed. Our mission isn’t ‘safe and secure.’ It’s good teaching and learning in a safe and secure environment.”Tom Ryan, Santa Fe Public Schools
I don’t think locking the classroom down is the best solution because from my perspective, it takes a long time to review tools and in most cases, the instructor will choose some other method to continue using the tool – such as instead of it being integrated and a “known” tool, it becomes unknown and still used in the classroom. This doesn’t help build partnerships with instructors and instead puts us at odds. A balance is needed so the mission of teaching and learning can continue.
I want to offer some strategies for other EdTech folk, that can address the protection of learning data:
1. Raise Awareness and be Transparent
October is National Cyber Security Awareness Month, but this does not mean this is the only time to talk about cyber security. Our IT office sends a weekly newsletter to campus that discusses the theme that the NCSA chooses each year. However, raising awareness doesn’t always lead to changed behavior, so why do it? Svetla Sytch, the Assistant Director of Privacy and IT Policy at the University of Michigan notes: “What has changed is that I understand the consequences of my actions, I better know my rights (or lack thereof, as the case may be), and I am beginning to voice my opinion about what needs to change. I have found a mission: to educate the diverse community at the University of Michigan about privacy and to empower students, faculty, and staff to take action when something is not right. (2020)”
2. Review Existing Tools and Procedures
I often find it easier to start something going forward, but it’s difficult to go back and assess or review something that’s already in place. The trouble with going back and reviewing, is that sometimes you may find a tool that isn’t secure that is being heavily used. Even so, as stewards of student data there is a responsibility to make time for this work.
3. Be Proactive and Responsive
When you are able, plan in advance. Make trainings, documentation, if your ticket system saves “canned responses” make sure you write things up and put information in your training manuals that your team can use for reference.
Sometimes, being responsive is difficult, but by understanding faculty teaching patterns, hopefully, we can still be quick and prioritize issues where needed, to minimize classroom impact. That said, when you do find an issue, it’s important to have processes already in place so you can quickly address problems that appear.
4. Develop Relationships
Developing relationships with instructors and the various offices your team works with will help you see how different departments fit together to support the mission of teaching and learning. This also helps ensure that instructors hear a consistent message from areas they interact with on campus. Relationships with instructors also bring up issues in the classroom – such as finding out what tools are being used and why they’ve been selected. It doesn’t even have to be a formal working group; it could also be a personal relationship that you’ve cultivated and maintained.
5. Ask Questions
When choosing a potential tool, here are some basic questions to get you started; These are in no way a comprehensive list of what you should consider when evaluating a technology. When in doubt, check in with colleagues or staff at your institution.
1. Who owns the data and what does the vendor do with it?
2. What counts as FERPA, SPI, or other protected forms of data?
4. Where is the data stored and who can access it?
4. Under what circumstances can they access the data?
5. If I stop using the tool, what happens to the data?
Hopefully, by providing these five starting points, you can start developing your own practices for evaluating tools and having conversations that help ensure ample opportunities for quality pedagogy in a secure environment.
Higher education community vendor assessment toolkit. (2020). https://library.educause.edu/resources/2020/4/higher-education-community-vendor-assessment-toolkit
How learning data impacts privacy. (2017). https://library.educause.edu/-/media/files/library/2017/5/eli7144.pdf
National cybersecurity awareness month. (2020). https://www.cisa.gov/national-cyber-security-awareness-month
Castelo, M. 2020. 3 tips for improving your cybersecurity program this school year. https://edtechmagazine.com/k12/article/2020/08/3-tips-improving-your-cybersecurity-program-school-year
Sytch, S. 2020. When privacy becomes a thing. https://er.educause.edu/blogs/2020/1/when-privacy-becomes-a-thing