Today we are publishing new research looking at students’ views on their data security. This is a topic we have not previously written about at HEPI, but this feels like a critical time to be exploring this issue.
Universities and other related organisations now collect huge amounts of data on students: everything from detailed information about their finances to their gender identity. However, this is not a trend limited to universities. We are all sharing personal data each day with a wide range of sources and receiving targeting advertising based on our browsing history. Discussions of big data, open data and whether data are or are not the new oil have become commonplace. The power of data has never been more in focus.
In higher education, largely these data that we collect are put to good use, to learn about and to support students, as well as government use of metrics. Our policymaking is mostly evidence based, even if there are concerns about the uses the evidence is put to, such as graduate earnings data. However, even within higher education, this increased use of data leaves us with ethical questions to answer.
I spent many hours during my time at the Higher Education Statistics Agency discussing the exact formulation of data collection notices, which set out students’ rights related to the information they provide. I believe that universities are, in the most part, covering themselves legally by providing this type of documentation to students when they supply new data. However, there still remains the ethical questions of whether this is enough. Our research today shows only 32% of students feel aware of how universities handle their personal data. Are the current methods of informing students about where their data go sufficient?
An article published by Buzzfeed earlier this year suggests not. The author used freedom of information requests to investigate the data collected and held by universities, finding:
Data obtained through a freedom of information request by BuzzFeed News reveals that the DfE holds sexual orientation data on almost 3.2 million people, and religious belief data on 3.7 million people. The records go back to 2012/13 and include both current students and those who have finished university.
For those of us who work in the sector this should be less of a surprise. HESA and UCAS have been collecting this type of information and much more for many years. But clearly the author of the article and the students they spoke to, were shocked by the collection and sharing of this data. The article also raised questions about where universities had been clear enough in the privacy notices that they provide to students in terms of which data were provided on an anonymous basis and how their identifiable data was used. Today’s publication shows this is a critical area for students: they are happy for their data to be used anonymously for learning analytics and similar but are much more nervous about their data being used when they are identifiable.
In an era of Cambridge Analytica and in a sector committed to using data to provide insights on students’ experience of higher education, it is critical that we are not only legally compliant but meeting high ethical standards in our use of students’ data. Today’s research shows, from the point of view of students, we are not yet there.