New Approaches to Protecting the Privacy of Student Learning Data in the Cloud (Abstract)

Moving core IT Services to the cloud has been a trend for the past decade. Moving a Learning Management Systems from self-hosting to the cloud has many benefits. Hardware acquisition and replacement lifecycle is simpler. Local technical staff can be replaced by vended solutions, moving responsibility for software reliability and upgrades away from campus IT, greatly reducing the burden on the CIO and IT organization. Most schools see this move as a pure positive, but we do need to look closely at the long term privacy, curation, ownership, and retention of student data. Universities are around for hundreds of years, in the educational technology field, many vendors come and go in less than a decade. Sometimes a vendor that originally was retained to provide a service announces that their business will begin to mine student data for their benefit. Regulations like FERPA and GDPR provide a legal framework to govern how data must not be released to third parties but does not cover what those vendors do with the data within their organizations. This presentation will explore a few current issues and concerns about a “pure outsource” approach to hosting and software that holds student data and propose an alternative approach where cloud compute resources are uses, and vended software solutions are possible but the University retains all present and future ownership of the data. In this new model we can separate the source of the software support and upgrades from the ownership of the data and keep all short-term and long-term data decisions under control of the University and not the vendor.

How will the presentation engender interactivity: The presentation will be done in as few slides as possible. We will present the issues, encourage discussion about the issues and then present possible solutions for discussion. By keeping the slide ware to the absolute minimum, discussion will be maximized.

Why should an attendee come to the the session:  I would say that protecting student privacy is a benefit to all students, but in particular, universities should be particularly interested in protecting the student data of at-risk populations such as refugees or other populations that governments might want to track. As an example, it feels quite wrong that a Syrian refugee going to school in Europe is forced to hand all of their private learning data (not just PII) to a US-owned corporation as a condition of attending school.

Any further comments to reviewers: I am guessing that very few in higher education have really thought through the consequences 10 or 20 years from now of letting vendors retain all of our student’s learning data. I think it is a conversation that should start to happen.

Abstract – Submitted to Educause ELI 2020