Privacy and Security: An Overview

The proliferation of digital technology in our everyday lives means data is becoming more ubiquitous than ever.  Many of us, intentionally or unintentionally, leave a digital footprint that captions significant portions of our everyday lives.

While the usage of data presents an enormous opportunity for individuals and organizations to improve our lives in countless capacities, it also presents a risk.  Mismanaged data can be stolen or used to negatively impact individuals, groups and communities.

>Properly managing both data privacy and security is a critical function of any university, and this function is a necessity for maintaining trust in the relationship between the school and its students.

At Degree Analytics, our mission is to improve student success and educational outcomes.  We believe that data is an indispensable asset that can be used to enhance a student’s academic journey and their likelihood of success, and that it can be leveraged without compromising a student’s privacy or security.

At every level of our organization, we are committed to data protection, privacy, security, and compliance.  Our platform and services have been designed from the ground up with data privacy and security in mind, and maintaining a standard of excellence, well beyond industry regulations, is our focus.

STUDENT-LIFE-campuses-promo

Data Privacy

Protecting student privacy is one of our company’s founding principles. We prioritize data privacy in every aspect of our business from contracts to products, and they are compliant with every level of privacy regulation.

Transparency

For any data collection or analysis, provide transparency and consent tools for students.

Core Principles

Privacy by Design

Applications, tools and workflows should all consider privacy risks and prevent them by design.  Data minimization should be practiced at all times.

Scope Management

Determine appropriate and inappropriate uses of data. Terms and conditions, contracts, and agreements should be consistent with uses.

De-Identification

All PII can be removed from data sources to prevent student identification and ensure student privacy.

Consent

For applications that involve individual data, we recommend providing tools for students to opt-in or opt-out of data analysis.

Features and Tools

Delayed data transmission

To manage the risk of real-time location information, delay both data imports and exports.

Access restriction

Individual data access should be restricted to users who support those students (i.e. student advisors).

Removing location

Location can be initially used to derive engagement metrics, then completely removed from analysis.

Data deletion

For unique privacy risks (like preventing criminal investigations), delete metadata (with location) and just store data derivatives.

Data Security

At Degree Analytics, earning trust from our university clients and their constituents is a top priority.  We know that institutions care deeply about data security, so we’ve committed to building our security practices to the highest industry standards.  Our security measures are captured in great detail online in the HECVAT Cloud Broker Index.

Educause

The Higher Education Cloud Vendor Assessment Tool (HECVAT)

We are a vendor on the The Cloud Broker Index which is a list of vendors who have completed their HECVAT assessment.  HECVAT attempts to generalize higher education information security and data protection questions and issues regarding cloud services for consistency and ease of use.  You can freely use either version of the tool — the original robust version or the lightweight version.  Use of HECVAT:

1) Helps higher education institutions ensure that cloud services are appropriately assessed for security and privacy needs, including some that are unique to higher education

2) Allows a consistent, easily-adopted methodology for campuses wishing to reduce costs through cloud services without increasing risks

3) Reduces the burden that cloud service providers face in responding to requests for security assessments from higher education institutions

Compliance

Complying with state, federal, and international data security and privacy laws can be complicated.  Multiple levels of jurisdiction provide more risk to university compliance teams.  To make compliance easier for our clients, our software and services are compliant with every level of privacy and security regulations, from GDPR to FERPA.

FERPA

FERPA

US Education Privacy Law

We may process student data for analytics purposes with permission from the University.  We may not sell or compromise the security of that data.

GDPR

GDPR

EU Data Privacy Law

Degree Analytics complies with strict EU privacy and security standards and procedures in addition to a providing guidance to “controllers” on how to lawfully process EU citizen data.

FTC

FTC / States

Additional US data standards

Typically less restrictive than FERPA and GDPR, FTC and state laws generally affect standards for privacy policies and fair marketing.  California leads the way in terms of guidance and restrictions.

Resources

General-Privacy

Overview

Security and Privacy Handout

GDPR-Image

GDPR

Deep Dive

Educause-Logo

HECVAT

Cloud Broker Index Download