Our responsibility in protecting institutional, student and personal data in online learning

March 26, 2018 Tony Bates

Image: © Tony Bates, 2018

WCET (2018) Data Protection and Privacy Boulder CO: WCET

United States Attorney’s Office (2018) Nine Iranians Charged With Conducting Massive Cyber Theft Campaign On Behalf Of The Islamic Revolutionary Guard Corps New York: U.S. Department of Justice

With the recent publicity about unauthorised use of personal data on Facebook to manipulate elections in the USA and the U.K., and the above report about Iranians hacking universities for research results and intellectual property, everyone now has to take as much responsibility as possible for making sure personal data is secure and used only for authorised purposes.

This is particularly true for those of us working in online learning, where most of our interaction with students is online. Most institutions using learning management systems provide a secure area for student-instructor interactions – security is one reason why universities and colleges pay big bucks for IT systems, and making sure our student data and interactions are kept secure is a major reason for using a learning management system.

However, there are increasing reasons for working outside secure LMSs. Faculty and students now have blogs and wikis that are more open, although most require a password to allow for content to be added or comments to be made. ‘Good’ institutions ensure that student and faculty blogs and wikis are also protected from hacking. For instance, the University of British Columbia offers web and wiki facilities free of charge for all students and faculty and provides the security to support this. This blog is hosted by Contact North, which provides stronger security than I could as an individual or through an affordable commercial agency.

The problem comes when instructors and students start using unrestricted social media tools for instructional purposes. This all becomes ‘product’ for the social media companies and their advertisers (and very valuable product, given that university and college students are more likely to be high income earners after graduation.)

I was an early adopter of Facebook, back in 2005, but within 12 months I became inactive. It was not a company I felt I could trust, even back in 2005. I have good news for Facebook addicts who are wanting to get off of Facebook – life even within the online world is perfectly manageable, enjoyable and effective without Facebook. I do still keep in touch with my family and friends perfectly well and my professional life has if anything improved without Facebook.

Here I admit to being conflicted as I am still a heavy user of Google Search (although I prefer to use Firefox rather than Chrome). I was influenced by the Google corporate policy of ‘Do No Evil’ in its early days. Now Google Search is just one part of the umbrella company Alphabet, whose corporate motto is currently ‘Do the right thing’ – but for whom? It comes down more to pragmatics than ethics in the end. I can manage quite happily and easily without Facebook – I can’t without Google Search. 

This points to the problem we have as individuals in a digital society. Our power to control the use of our personal data is quite limited. We are now at the point where government regulation becomes unfortunately a necessity. (I say unfortunately because this is likely to limit to some extent innovation and change, but then so do the semi-monopolies of Amazon, Alphabet, Apple and Facebook, at least limiting change outside their systems). 

In the meantime, WCET has come to our rescue with a very useful site which really contains all you need to know about privacy and security. As their site says:

This is not just an IT problem! A breach could occur from an unintentional action by non-technical staff or student that could expose personal or institutional data to criminals and place the institution at risk by merely using weak passwords, connecting to dangerous networks, or opening suspicious emails. All members of an academic community must be trained with data protection best practices to preserve the security of the institution.

The WCET site contains links to the following:

  • their Frontiers blog posts on privacy and security issues
  • links to relevant recorded webcasts
  • links to a number of tools and reports on improving/protecting cybersecurity.

Essential reading for us all.

Now forgive me while I go and change all my passwords. 

Previous Article
How to deal with online learning ‘deniers’ in your institution
How to deal with online learning ‘deniers’ in your institution

Lieberman, M. (2018) Overcoming faculty resistance – or not? Inside Higher Education, March 14 I’ve been a ...

Next Article
Meeting the challenge of online degrees for the professions
Meeting the challenge of online degrees for the professions

  Chatlani, S. (2018) Navigating online professional degrees – potential and caution, Education Dive, March...