2022 Student Financial Experience Report is now available!Download here

3 minute read

4 Higher Ed Strategies to Address Data Privacy and Ethical Concerns

3/23/2021 2:00:00 AM

In our third and final post of the series, guest blogger Sue Spies offers strategies and best practices for managing the personal data produced by contact tracing, health assessments, and new contactless technologies that turn student interactions into campuswide digital footprints.


More colleges and universities are continuing to adopt an increasing number of digital solutions to promote student success and to increase student engagement in the age of online learning. To ensure that technology provides a seamless experience, many schools utilize tools that offer real-time access to data.

COVID has also expanded the need to gather data through contact tracing and perform daily health assessments by identifying where people are on campus and whom they have come in contact with. Meanwhile, higher ed has been using technologies to predict risk and success by scanning interactions with students and flagging certain words for counselors or advisors to possibly act on.

While these tools are helpful, there are various privacy and ethical concerns that can come with generating and using so much data. Here are some best practices and strategies for higher ed leaders to consider:

1. Provide optimal security

Administrators must know exactly where data lives in their systems, how to protect and purge this data when necessary, and how to use it responsibly. This involves ensuring that data is not overused and is accessed appropriately and only by those who need it.

For example, many higher ed institutions provide telehealth services. These schools need to make sure these meetings are generated from the clinic and not from a remote location, provide multi-factor authentication, and audit all of the information shared. Institutions should limit who can access the data and provide guidance on and monitor how it is used.

2. Avoid exporting data

Schools should either create processes and procedures that consciously avoid exporting data or adopt platforms that severely limit or control exporting data on their own to prevent data from getting lost or saved to the wrong place. Unless there is a proven business need for identifiable data, schools should consider limiting the export of data to anonymized and aggregated data.

3. Be transparent

All individuals, including students, parents, faculty, staff, and alumni, should understand what data about them is collected, stored, and shared. Schools should provide transparency about what data is being collected, how and where the data are being monitored, and how the data will be used. This process includes communicating to these individuals what their rights are, and also providing information about relevant institutional, government and private policies such as the General Data Protection Regulation (GDPR), which regulates data use in and when transferred outside the European Union and the European Economic Area. Schools should also identify staffers or faculty members who can address any student concerns or questions and let students know these employees are available.

4. Constantly question the need for data

Administrators need to realize that the more data their school captures and stores, the more likely there will be risks and unwanted exposures. So decision makers should always question whether data should be kept. Some questions to ask include, “Do we really need this data?” “How long are we going to keep this data?” and “Are we aggregating data for analysis as opposed to not identifying individuals unless it’s necessary?”