Privacy Issues
What do you think should be done to keep the collection of student data private?
The institution needs to have a policy in place before adopting adaptive learning. Any technology component that is used should require students and instructors to have unique usernames and passwords.
Annette,
We have always been told that we can't speak about students with our fellow instructors. However, this was one of the problems that was evidenced in the Virginia Tech masacre. The professors couldn't warn one another because of confidentiality issues.
Renee Shaffer
FERPA is probably the easiest approach to keep the privacy of student data from being exposed. As others have stated this isn't on the forefront of most minds when discussing certain aspects of the student's educational experience. I was recently in a class discussion regarding whether or not an instructor is expected to share with another instructor who will be inheriting a problem student. Does that information create a stereotype which would eliminate the student from the ability to start fresh in a different environment with a different instructor personality? Or Does the sharing of that information provide insight to the new instructor to be able to create specific paths to promote success?
I think with FERPA requirements, systems are in place to keep it secure. However I think there needs to be on going education for Faculty, Administrators, or any other staff that has access to student records. Laws are only as good as those who follow them.
Rick,
I definitely agree with your statement that security is often an afterthought. Sad but true.
Renee Shaffer
Keeping data private is a non-negotiable task because of FERPA requirements, not to mention just good horse sense and general consideration for student integrity.
As an IT professional, security is a key part of my job description. So, before AL system or LMS is put in place, a security risk assessment needs to be put into play with a full understanding of all the data that is going to be exposed.
This risk assessment needs to look at every potential attack vector with a potential probability and impact, as well as a mitigation strategy. Different types of data need to be identified with the user and privilege level. Access and access controls have to be examined from every angle.
Privacy and security are no joke limitations to the implementation of any learning system and before any implementation occurs, all these questions need to be answered. Sadly, security becomes an afterthought and is often seen as getting in the way, rather than protecting from those threats that would compromise the data.
/rab
