Student Data Privacy

Student Data Privacy

This post is about student data privacy which is a big issue at higher education institutions.  We’ll discuss how student data privacy fits ethically, legally and financially.  Third party access to data will be covered.  We also suggest what you can do about student data privacy (the actions you can take).


Schools have an incredible amount of data on their students (as well as applicants, employees, alumni) and must have data management with an emphasis on data privacy.  All data must be managed and governed, especially personal data.  There are many legal concerns when it comes to privacy such as FERPA, GDPR and CCPA.  And there is much press regarding data privacy.  There is a management duty to monitor and to make sure that data is used appropriately.    If students see that their data is abused or not protected then they will lose trust.

We break this up into two types of data: curated and analytics.  Curated data is data that's collected during the normal process such as grades, class schedules, room assignments, payments, etc. while analytics data is collected by experiments that can be set up by the school, by researchers, and by third parties.  Schools use and operationalize that data in order to make decisions.

There are different student data privacy views: ethics, financial and legal.  They are very different from each other.  When we’re talking about ethics for example, this is more of a discussion of what should or shouldn't be done with data. There's a duty to use the data responsibly for student benefit.  If schools recognize a data problem, administrators are obligated, ethically to act.  There's a moral argument to do what benefits the greatest number of students. What is ethical isn't always legal and what is legal isn't always ethical. These are very distinct components and when we talk about student data, it gets very confused between what is legal (what is legally permissible) and what is ethical and what makes financial sense (what can be gained from using the data).

There is a balancing act between students being an active agent in their own data and schools following governance policies and expectations.  Openly disclosing the data policies can help.  There's a duty of schools to use the student data to help them succeed. Now, this is different than the financial duty to retain students.

Colleges do data sharing with third parties. This is defined as school data going to another party outside of the institution who is using that data for some purpose.  Have clear policies about how the data is used and shared with third parties.  Make sure that there are appropriate measures in place to mask the identities.  Third parties may not have policy regulations in place to control what happens with the data that they collect.  Once data begins to get out of the possession of the originator, it can become a problem to determining how that data is used.

What Can be Done

  1. Create a definition for student data privacy. Isolate specific principles that can bring everyone to the table and get them talking.
  2. Know your data. It is hard to protect if you don’t know what it is.  Identify data systems which gather, track, and send student data.
  3. Create a foundation for handling student data such as using the Data Cookbook.
  4. Know who uses the data, especially third parties. Implement data sharing agreements.
  5. Decide what data the students can access and retract. Define processes for access and retract.
  6. Find people on campus that are doing this type of work and this type of data governance. If you can locate and isolate two or three different principles that drive the momentum behind these issues, conversations between departments can be guided.
  7. Have transparent policies so students have trust in the institution.

Student data privacy policies vary from school to school.  Often the procedures for limiting access to data can also be quite unclear.  Privacy is more than protecting schools and third parties from liability. Privacy is a matter of respect.  Every school is unique in its culture and priorities and unique in the way that it educates its students.  The information presented in this post was covered in a Student Data Privacy webinar we did.  Click here to access the recording.  We hope that this post was beneficial to you.

IData has a solution, the Data Cookbook, that can aid the employees and the institution in its data governance and data quality initiatives. IData also has experts that can assist with data governance, reporting, integration and other technology services on an as needed basis. Feel free to contact us and let us know how we can assist.

 Contact Us

(image credit StockSnap_IPXQTD44G8_student_privacy_face_BP #1100)

Jim Walery
About the Author

Jim Walery is a marketing professional who has been providing marketing services to technology companies for over 20 years and specifically those in higher education since 2010. Jim assists in getting the word out about the community via a variety of channels. Jim is knowledgeable in social media, blogging, collateral creation and website content. He is Inbound Marketing certified by HubSpot. Jim holds a B.A. from University of California, Irvine and a M.A. from Webster University. Jim can be reached at jwalery[at]

Subscribe to Email Updates

Recent Posts