By Jim Phillips and Jim Williamson.
Our campuses are awash in data, and there are many initiatives underway to capture, store, and use that data for analysis, predictions, and, in some cases, prescriptive action(s) based on those predictions.
When an issue like this arises and IT staff meet to discuss possible solutions, collaborative efforts can gain momentum and have significant impact. In 2015, the UC Educational Technology Leadership Committee (ETLC – a subcommittee of the UC Information Technology Leadership Committee), embarked on developing a set of principles and recommended practices to help inform the use and handling of learning data. Since then, these “UC Learning Data Principles and Recommended Practices” have generated systemwide discussion, webinars, conference presentations, and growing national recognition.
But, what are “learning data?” Are “learning data” the same as “student data?”
Some distinguish learning data as evidence that helps describe how learning occurred (such as learning outcomes, evaluations, and assessments, etc.), while student data comprise the broadest possible set of data students produce or interact with across the campus (such as demographics, door swipes, wifi use, data related to advising, etc.).
Whether hosted on-prem or via a cloud-based solution, the assumption is that student and faculty rights are protected contractually, that learning data are secured technically, and that access and use are controlled through existing university processes. But these assumptions may be flawed in that the protections available are imperfect and sometimes non-existent.
Consider that without proper contractual agreements in place, suppliers may be collecting data from University learning environments for proprietary, commercial, or unwanted purposes at unprecedented scale and without restriction. Similarly, without close technical scrutiny, there may be unanticipated capabilities, sometimes lurking surreptitiously, within the technologies used.
Because the use of data, dashboards, and summary reports that track usage patterns within our systems are now becoming easier and more commonplace, it is understandable that there would be some gaps in our processes to proactively protect data emanating from students and faculty engaged in learning activities.
Origins of the “Learning Data Privacy Principles”
A key motivation in developing the “UC Learning Data Privacy Principles and Recommended Practices” was to help students, faculty, and the university itself make thoughtful, informed decisions about the appropriate use of data.
The “Learning Data Principles” are grounded in the Privacy and Information Security Initiative Steering Committee Report to the President endorsed by UC President Yudof in July 2013 and by the systemwide Academic Council in November 2013. That report – focused on general data safeguards – yielded the summary document “UC Statement of Privacy Values and Privacy Principles,” which inspire the ETLC’s positions related to issues of the ownership, access, and ethical use of learning data.
Growth and socialization of the “Learning Data Privacy Principles”
Although these aspirational principles and practices were never intended to serve as strict guidelines or policy requirements, the draft “Learning Data Privacy Principles” document was reviewed by the UC Electronic Accessibility Committee (EAC), various campus IT governance groups, and the University Committee on Academic Computing and Communications (UCACC). The UCACC encouraged the ETLC to continue to work with the systemwide Academic Senate committees, with an eye toward potential joint policy-making.
In addition to socializing the “Learning Data Privacy Principles” across the UC system, the ETLC began a campaign to promote them through other channels, such as webinars for EDUCAUSE and the Future of Privacy Forum. The discussion of learning data privacy was furthered in our article, “Consenting Adults? Privacy in an Age of Liberated Learning Data,” and a conference presentation we participated in, “The Wicked Problem of Learning Data Privacy.”
Meanwhile, the topic of learning data privacy gained traction with organizations, privacy officers, and the media. For example, IMS Global released a similar set of principles, while other colleges and universities, such as the University of Michigan, emerged with their own. Phil Hill published a series of articles in eLiterate, referencing UC concerns about the continuing commercialization of student data in the online discussion board, Piazza.
Beyond higher education, privacy concerns with consumer data became a newsworthy topic in 2018. Revelations about Cambridge Analytica and (still ongoing) missteps at Facebook spurred mainstream conversations about issues of privacy. A new California consumer privacy law wound its way through the state Assembly, and the European General Data Protection Regulation represented a strong governmental initiative on furthering awareness about the need for data privacy and safeguards.
Moving forward, thought leaders like Professor Christine Borgman (Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier) continue to shed light on the ramifications of unfettered uses of data and the need for increased vigilance.
The UC has been in the vanguard of a movement to raise awareness of learning data privacy in higher education, and the ETLC’s “Learning Data Privacy Principles” continue to resonate with our colleagues at other universities. Recently, Paul McKimmy, vice-chair of the University of Hawaii-Manoa’s Faculty Senate Committee on Academic Policy and Planning, shared with us that he is planning to propose a resolution to adopt principles and practices in line with UC’s, noting that such a resolution would have significant impact on university relationships with publishers and technology service providers.
Jim Phillips is director of Learning Technologies, Information Technology Services, University of California, Santa Cruz.
Jim Williamson is director of Educational Technology Systems and Administration, Office of Information Technology, University of California, Los Angeles.