It’s been a long time since “privacy” just meant putting up a fence to keep nosy neighbors at bay. Today, when people speak of privacy, they’re often talking about data privacy. The reason is simple: more and more of what we do—both online and in the “real world”—can be transformed into data that is collected, analyzed, and sold. And in many cases, all of this happens without our permission.
The Role of Data in Higher Education
Educause listed “privacy” as its number two IT issue for higher ed in 2020 because of the vast amounts of data that higher ed institutions are able to collect from their students. If there’s to be any trust between students and their institution, school’s need to be able to answer basic questions like,
“What data is being collected?”
“Who has access to the data?”
“What measures are in place to keep it secure?”
The answers, unfortunately, aren’t always as clear cut as they should be.
Take the example of “gray data.” Many types of data are already regulated in some form. Laws like the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Protection Act will almost certainly be followed by more rules and regulations surrounding the collection, storage, and sale of data. But in some cases, data still falls into gray areas. For instance, when a student uses their key card to swipe in and out of their dorm, that generates data. If the same key card is used for buying meals, to access the rec and other facilities, or to take attendance in class, then it could be used to track a student’s whereabouts with a frightening degree of accuracy.
It may not be illegal to collect such data, but that doesn’t mean institutions should be cavalier about doing so. As we’ve seen time and time again over the past decade, no organization—including the government and Fortune 500 companies—is immune to breaches of their security systems.
And once data has been compromised, there is no turning back the clock. Students can’t simply be reimbursed for their data once it’s been stolen.