Resolution Supporting Learning Data Privacy Principles and Practices

Updates

Presented to the Mānoa Faculty Senate by the Committee on Academic Policy and Planning (CAPP) for a vote of the full Senate on November 14, 2018, a resolution supporting learning data privacy principles and practices.  Approved by the Mānoa Faculty Senate on November 14, 2018 with 42 votes in support of approval, 2 votes against; and 2 abstentions.

RESOLUTION SUPPORTING LEARNING DATA PRIVACY PRINCIPLES AND PRACTICES

WHEREAS, Learning Data are Institutional Data governed by EP 2.214 [footnote 1]; and

WHEREAS, all non-public Institutional Data are either “sensitive,” “restricted,” or “regulated” data; and

WHEREAS, many University of Hawaii at Mānoa (UHM) courses now require or encourage student and faculty use of third-party products or services whose terms of service, privacy policies and/or end-user license agreements specifically enable harvesting, sharing, or selling sensitive, personally identifiable information, including FERPA-protected data from students; and

WHEREAS, a September 2018 FBI Alert warns that data collection by EdTech services could pose risks to students, specifically that malicious use of sensitive data (personally identifiable information; biometric data; academic progress; behavioral, disciplinary, and medical information; web browsing history; students’ geolocation; IP addresses used by students; and classroom activities) may result in social engineering, bullying, tracking, identity theft or other means for targeting students; and

WHEREAS, a precedent for data governance policy has been set by the University of California (UC) by adopting Learning Data Privacy Principles and Practices developed by UC’s Educational Technology Leadership Committee, supported by UC’s IT Leadership Committee and UC’s University Committee on Academic Computing and Communications [footnote 2]; and

WHEREAS, the UHM Faculty Senate wishes to protect student and faculty privacy and ensure appropriate use of UHM Learning Data; therefore,

BE IT RESOLVED, that the University of Hawaii at Mānoa adopt the Learning Data Privacy Principles and recommend the Learning Privacy Practices as listed in Footnote 2; and

BE IT FURTHERMORE RESOLVED, that the University of Hawaii at Mānoa Faculty Senate requests appropriate action from University of Hawaii System (UH) and Office of General Counsel to assure that UH practices, especially the Terms of Service for third-party products and services required in UH courses, conform to these principles and practices.

Footnote 1:

Learning Data: 

Data elements/data records which are created, received, maintained and/or transmitted by University of Hawai‘i students and faculty in the course of meeting academic requirements. Learning data is institutional data under UH EP 2.214, and should be protected through the following principles and practices.

Footnote 2:

University of Hawaii: Learning Data Privacy Principles

  1. Ownership: The University of Hawaii (UH), its faculty, and students retain ownership of the data and subsequent computational transformations of the data they produce. Individual data owners have the right to determine how their data will be used. The UH acts as stewards​ of data on behalf of its faculty and students.
  2. Ethical Use: Learning data collection, use, and computational transformation are governed by pedagogical and instructional concerns, with an aim toward student success through prescriptive, descriptive, or predictive methodologies. As with grades and other sensitive data, uses of learning analytics should be pursued on a “need to know” basis.
  3. Transparency: Data owners have a right to understand the specific methods and purposes for which their data are collected, used and transformed, including what data are being transmitted to third-party service providers (and their affiliated partners) and the details of how algorithms are applied that shape summaries, particularly outputs and visualizations.
  4. Freedom of Expression: Faculty and students retain the right to communicate and engage with each other in the learning process without the concern that their data will be mined for unintended or unknown purposes.
  5. Protection: Stewards, on behalf of data owners, will ensure learning data are secure and protected in alignment with all federal, state, and university regulations regarding secure disposition.
  6. Access and Control: Data owners have the right to access their data. Given that faculty and students own their learning data and share in its disposition, access to and ultimate authority and control of the data rests with the faculty and student owners, and the data stewards acting on their behalf. Data retention access and control practices will be governed under UH policies and supplier contractual agreements.

University of Hawaii: Learning Data Privacy Practices

  1. Ownership: Service providers will recognize learning data ownership and access, as a right of the faculty and students.
  2. Usage Right: Through a user’s profile setting, service providers will enable users to control the use of their intellectual property. Thus, it will be the user’s choice to grant terms such as, “a royalty-free, transferable, perpetual, irrevocable, non-exclusive, worldwide license to reproduce, modify, publish, publicly display, make derivative works.”
  3. Opt-in: Other than those data elements distinctly required for instruction, where appropriate, students will have a choice about the use of learning data collected by faculty and service providers in an “opt in” rather than “opt out” approach.
  4. Interoperable Data: Service providers will provide learning data to the institution in recognized standard interoperability format(s) to minimize integration costs, support cross-platform and cross-application uses, and promote institutional and academic analysis and research.
  5. Data without Fees: Service providers will not charge the faculty, students, or other university learning data stewards for the right of access, including the delivery of these data to the University.
  6. Transparency: Service providers will inform the UH about the learning data they collect and how these data will be used, which in the course of an academic term shall be based on pedagogical concerns and curricular improvement.
  7. Service Provider Security: All service provider platforms on which student learning data are stored will conform with UH and state mandated security procedures governing the reporting of unexpected incidents and corrections that may occur.
  8. Campus Security: UH learning data stewards will ensure that all faculty and student data are stored securely in conformance with University data security policy. Learning data stewards will report any learning data security incidents as appropriate to faculty and students, and will provide information about their remedy.

Adapted from University of California: Learning Data Privacy Principles and Practices: developed by the Educational Technology Leadership Committee (ETLC) supported by the IT Leadership Committee (ITLC) [10.23.17] and the University Committee on Academic Computing and Communications (UCACC) [11.06.17].