Welcome to part 3 of our blog series in which we discuss Educause’s Top 10 IT issues. In this blog we are focusing on Privacy, the challenges it creates for IT professionals in Higher Ed, and how some of these challenges can be addressed.
Data privacy is about how sensitive data is collected and handled by institutions, who it is shared with, and for what purposes. For a discussion on the related topic of data security, please see here.
Why is safeguarding privacy such a serious concern for higher education?
Higher education institutions amass enormous amounts of data from students. The data comes from financial aid applications, online classes or student success initiatives, and provides detailed insights into student behavior. Institutions typically use this data to plan curricula and services to meet the needs of their students; it’s this data that fuels higher ed and is at the heart of its workings in the digital age.
“There’s no doubt the collection of data as a valuable asset has become commonplace in higher education: According to one study, 42 percent of institutions collect and integrate data from student information systems, for example, and another 31 percent actively use that data to inform student success initiatives.”1
So, while there are benefits to both institutions and students of using this data, institutions must take action to ensure privacy rights are not violated. “There’s an ‘expectation of privacy’ at most universities. Gaps exist in definitions of what should be considered sensitive or personal.”2
Failure to properly address privacy can lead to non-compliance, fines, breaches, and reputation damage. In fact, when student enrolment is the ultimate key to an institution’s success, damage to its reputation may be the costliest consequence of all.
What are some of the problems faced by higher education with regards to data privacy?
Educational institutions house large amounts of personal information but may not be equipped with enough network security to prevent breaches. Further, the demand for 24/7 access to admin services and digital resources increase the vulnerability of data and intensify the need for stricter adherence to compliance standards to ensure that both data and privacy are protected.
- Hackers and cyber attacks targeting PII are increasing in frequency and sophistication.
- IT system compliance and certification requirements are increasingly demanding, with corresponding costly audits and maintenance obligations.
- Home-grown and manual systems are still required to comply with data security and protection regulations. However, these tools are generally built for purpose without security as a major part of their design, which may result in non-compliance, system failure, or data breach.
- Disparate systems within the institution can have differing levels of compliance with each system requiring separate analysis, management, security measures, and certification. These siloed systems can also lead to challenging or even failed audits.
- As vendors move to cloud-based licensing, there may be expectations on their part to obtain more PII. With schools too moving to cloud-based enrolment, the onus is on them to protect the PII they collect from students. This could potentially create a clash of interests.
- New and ever-changing regulations necessitate higher levels of scrutiny and management of individual agreements by institutions to ensure PII requirements are being met under GDPR, FERPA, Gramm-Leach-Bliley etc.
In addition, the shift to cloud amplifies all the challenges listed above as individual users are placed into cloud systems under named user licensing models. As vendors are equipped with varying degrees of data protection abilities, there are different stipulations put forth by each vendor that the subscribing schools must adhere to.
How Kivuto can help your institution safeguard data privacy
Kivuto has partnered with the world’s leading vendors of software, courseware, and textbooks to streamline licensing and deployment through a single cloud-based platform. The Kivuto Cloud platform has been custom designed to relieve the pain points caused by distributing technology to higher education institutions. With Kivuto Cloud, you get to offer your students any digital resource from almost any vendor in a secure, compliant way.
Tackling the internal challenge
- Compliance to highest security standards: Kivuto solutions are designed around compliance, are certified to the highest standards of ISO 27001, PCI compliance, Microsoft Gold Partner Standards, and adhere to GDPR regulations and other privacy and PII regulations.
- Single platform for multiple systems: Multiple SSO and other authentication capabilities allow almost any university system to integrate allowing for a seamless user experience while maintaining the highest levels of security and privacy. Kivuto offers a secure verification system, along with strict compliance enforcement procedures to ensure that data is kept safe.
- Membership in trusted federation: Federation with the 20 identity providers offers the highest level of identity compliance in the education space.
Overcoming the external challenge
- ID obfuscation: With Kivuto cloud, institutions can pass obfuscated identities as opposed to PII to the system for enhanced privacy protection, limiting data being shared to the cloud.
- Adherence to PII legislation: End users can manage their own data in accordance to regulations such as GDPR.
Kivuto has been providing digital distribution within higher education for more than two decades and has a long and successful history of managing PII without incident.
To learn more about how your institution can benefit from Kivuto Cloud, please reach us at firstname.lastname@example.org