Have you checked to see if your Facebook information was accessed by British political consulting firm Cambridge Analytica? The developments may have led you, like me, to make changes to your privacy settings and reevaluate the information you provide to third parties on the internet.
Though Facebook is not the only culprit of this practice, many of us are coming to realize the social networking giant collects more data than previously thought. The breach in privacy and trust acts as a wake-up call for everyday users.
Here’s the kicker: the news should also act as a wake-up call to educators. More than 6 million students took at least one online course in the U.S. in 2015, according to last year’s Digital Learning Compass report. Each student enrolled in an online course provides a range of personal information, which could include home address, date of birth, Social Security number, credit card information and more, to facilitate the process of educating them online. It’s our collective responsibility to keep their data safe and maintain the integrity and credibility of online learning.
With data security topping the list of EDUCAUSE’s Top 10 IT Issues for a third consecutive year, the battle to defend against data breaches rages on. Below are four ways online programs can promote data privacy and avoid the pitfalls Facebook has been forced to navigate.
1. Educate staff and student users
Understanding the threats to data and device security is crucial in promoting data privacy. Human error is a leading cause of data becoming compromised, and online programs must educate their staff and students about how to avoid data traps during online learning and internet navigation.
Hackers prey on user behavior of accessing the internet on unsecured networks to steal data. Choosing the faster login option of saving passwords, often done using a virtual keychain, on multiple devices increases the likelihood of impermissible data access by third parties. Anyone accessing bank statements, medical records or other personal information on a shared or unsecure network is playing with fire in having their data privacy stolen.
The single greatest threat to data security is unsuspecting, careless or uneducated users in your network. Educating people is the only answer to filling that knowledge gap.
2. Encryption is key
When talking about encryption, the goal is to keep digital data confidential while stored on computer systems and transmitted via the internet or other networks. Ensuring online programs are encrypting all data processed through their systems can prevent information from being obtained illegally or in an unwanted nature by a third party. Firewalls and other external protections are a foundation of data security, but online programs must go the extra measure to protect data at rest, meaning all data on a computer desktop, hard drive or disk. Encrypted data can only be read by people with access to a password or decryption key to turn the data back into plaintext.
3. Use trusted online proctoring and identity verification services
Online education without security and academic integrity creates credentials with questionable value. Students want to advance their careers through credible degree programs that hold weight in the job market. Therefore, online programs must ensure the integrity of their assets and services is maintained 24/7. The boom in online learning means that traditional institutions and online programs have to know how to choose the right online proctoring solution. How are they storing data? Are they well versed on data policy such as FERPA and GDPR (General Data Protection Regulation)? What does their management structure look like? Can you tour one of their facilities?
Many people will have to interact with a student’s data to facilitate an online learning program, especially online proctors thanks to the evolution of cheating. Institutions should partner with trusted vendors for all outsourced services to ensure that each organization involved in the academic process takes data security seriously.
4. Stay ahead of outdated laws and regulations
The Family Educational Rights and Privacy Act (FERPA) was created in 1974, and it’s safe to say that our industry has changed since President Gerald Ford signed it into law. While this law has not changed, the applications are far different now that education records are digital. While most of the original intent of the law was to govern who could request access to a student’s records, it is now becoming the basis for proper data privacy in education technology. Congress has begun working on updating this law for the digital world, but until then, we will need to lean on best practices, common sense and forward-thinking risk assessment. To put it simply, we should be able to articulate to any student “who” has access to their data and “why.”
Promoting intentional data security practices requires never-ending learning and adaptation in our field. The Facebook data-sharing controversy will surely not be the last moment when a citizen of the world begins to question who has their information and wonder how it’s being used. The education technology industry should mold itself into a model of best practices for other industries to follow.
Jarrod Morgan is founder and chief strategy officer of ProctorU, the world’s largest online proctoring organization.
Photo Credit: Shop Catalog