Privacy is top-of-mind in higher education. EDUCAUSE released a new research report that provides an in-depth review of data privacy issues and opportunities in higher education. The takeaway? Data privacy is evolving and institutions need to conduct ongoing conversations with their communities and their IT vendors to design strategies that comply with external policies and institutional principles. Indeed, as institutions collect and store personal data from students, faculty, and employees to track COVID, they are turning to privacy professionals about how to be transparent about those processes while still protecting every individual’s privacy.
At Harmonize, we take data privacy very seriously. We design software to help faculty engage students using online discussion forums, chat, and other technology-enabled tools. As such, our software does touch student data protected under FERPA. When it comes to that data, we have always maintained good privacy “hygiene,” but we wanted to go a step further. Still, we wanted to use this space to reiterate our commitment to data privacy and to be as transparent as possible about how we protect student data.
First, we acknowledge that when an institution uses Harmonize, personally identifiable information about students becomes available in Harmonize through LTI integration with your LMS platform. Under FERPA exceptions, we are deemed a “School Official.” As such we are granted access to student information deemed necessary to use Harmonize. That includes personally identifiable information including student first name, student last name, email address and LMS login ID. But we also retain information on behalf of our system users, including files, messages, discussion posts and comments that may be personal in nature and we treat those with the same level of security as traditional PII.
Any officers, employee, and agent of Harmonize, who has access to personal identifiable information may only use such data for legitimate educational interests. Any data received from faculty and/or students is only used in a professional capacity to perform necessary actions within Harmonize.
This year, we engaged LeRoy Rooker of AACRAO to complete a compliance audit and review. He recently concluded his audit and we passed with flying colors.
You can find our FERPA statement here. Or you can contact our FERPA privacy officer Tricia Baker at firstname.lastname@example.org.
Finally, how data is handled by our company and by our systems is spelled out in our Harmonize Security and Data Protection statement, which you can read here: https://harmonize.42lines.net/en-us/security-and-data-protection. We think it’s a pretty rigorous policy, but if you have questions or concerns, please don’t hesitate to reach out to Tricia.
We’d like to end with this thought from EDUCAUSE: “The best approach to compliance is continuous improvement. New privacy laws and regulations continue to arise, and conversations need to take place to discuss proper data collection and use.” EDUCAUSE goes on to encourage privacy offices to engage in conversations across their institutions. We believe those conversations should also extend to technology vendors. Reaching out to AACRAO for a formal audit was one way we engaged in this conversation. And we continue to speak with our customers about their concerns. If you have thoughts on this, we would love to hear them.