Audit student data repositories and policies associated with third-party providers. Document every “place” that student data goes and what the policies are for handling student data. What third parties have access to student data, why do they have access, and what can they do with the data? Who decides — and how are decisions made — about third-party access to student data? Do students get a say?Have a standard and well-known policy about how to handle external inquiries for student data and information. This is less about staff mishandling student data and more about the coercion and intimidation that could yield problematic results if there are no clear guidelines for staff to follow. Even if designated a digital sanctuary, a campus may be legally bound to release some student data, but it should have clear processes and requirements associated with those situations. Staff should understand how and when they can say no to inquiries about students, and campuses should investigate the legal limits of noncompliance with such inquiries.Provide an audit of data to students who want to know what data is kept on them, how the data is kept, where it is kept, and who else has access. That is, if students want to know about their data, the institution should be able to give them that information. Better yet, students should be allowed to download every bit of their data so that they can parse it themselves. Consider giving students a chance to rap the sanctuary knocker to signal their desire for more data protections.Have clear guidelines and regulations for how data is communicated and transmitted between offices. Campuses can better protect student data transmitted between the people and offices that should have access (e.g., by not transmitting data via e-mail). Campuses should have clear policies and guidelines about the protection of student data on mobile devices.Take seriously the data policies of third-party vendors. Don’t work with vendors whose contracts stipulate that they can use and share student data without the consent of students or the institution.9Closely examine and rethink student-tracking protocols. How necessary are learning dashboards? What are the risks of early-warning systems? How problematic are the acceptable use policies? How long does the institution need to keep data? Does it really need all of the data being collected?Give students technological agency in interacting with the institution. Implementing a Domain of One’s Own initiative, which puts students in the system administrator role for their domain, can be a way to give students more control and protection over their data. This may not be enough, however, since students could easily expose themselves to malicious and dangerous forces (e.g., hackers) through their own domains. A robust educational and mentoring program is also required. As a result, students can learn how to connect their data, via their domains, in ways that are safer and more manageable. source
Strategies for Gathering Student Data with more Care
Amy Collier provides seven strategies for taking more care when working with data: