Student affairs and student success (SASS) professionals in postsecondary education use online platforms and administrative data to support student engagement, learning, persistence, and achievement. They typically learn about student data privacy in the context of the Family Educational Rights and Privacy Act (FERPA) and sometimes the
Health Insurance Portability and Accountability Act (HIPAA) policies on campus, but rarely beyond these foundations. This level of education, along with some campus cultures that misinterpret FERPA, may result in knowledge, beliefs, and practices that could lead to overly cautious or overly liberal use of student data.
To help privacy and education stakeholders understand and address these risks, a survey of 342 SASS professionals at nine large public research universities revealed the following results:
- Nearly all consider academic records, demographics, and health-related information to be student data, but fewer respondents understand that data from learning contexts (e.g., course management systems) and student life (e.g., ID card swipes for housing) is also student data.
- SASS professionals widely believe that FERPA, HIPAA, or both protect most student data, but less consensus exists regarding student life data.
- Little consensus exists about whether institutions collect and store data in homegrown platforms, vendor platforms, or both.
- SASS professionals trust the quality of academic and demographic data and algorithms used for student success interventions.
- Participants indicate that student behavioral health data (getting a COVID-19 test) and health records (the test results) can be treated differently from FERPA and HIPAA prescribe.
- SASS professionals should learn which kinds of student data exist on campus, where data are collected and stored, and how campus professionals and vendors can use the data to improve student success. Professionals should understand privacy policies and guidelines governing data use in units and on campus. They can assess their data use skills and talk with supervisors about where they can develop these skills.
- Supervisors should assess supervisees’ knowledge of the forms and locations of student data on campus, including on homegrown and vendor platforms. Supervisors should also know where supervisees learn about FERPA, HIPAA, and data usage skills. Supervisors should offer education and training, in addition to institution-wide offerings, on FERPA and HIPAA, and should consider training within units as needed to supplement institutional training and self-education.
- Senior institutional leaders should establish campus-wide conversations about student data and data privacy that go beyond FERPA and HIPAA training requirements, and communicate with SASS units about the different types of student data on campus. They should also ensure that training for employees who work with student data addresses the complexity of the current data environment and provides the skills to work with it. Finally, leaders should develop and share campus-wide guidelines for accessing and working with student data within and across units, regardless of the data’s location.