Visit Modern Campus

Cyber-Risk: Privacy, Access and Student-Customer Expectations (Part 1)


The EvoLLLution | Cyber-Risk: Privacy, Access, and Student-Customer Expectations (Part 1)
As students demand more self-service options from the university, institutions have to do more to ensure they are protecting the information that’s being stored.

Acknowledgment of the Student-Customer

Within university culture there has traditionally been a bias held against characterizing students as customers. This of course has changed gradually over the past two decades, and with the change in attitude comes changes in language, acceptance within the university and the expectations of student-customers as they embrace their new relationship with the university. Still, we tend to rationalize the nature of our relationship with students differently when we are engaging in learning and teaching and when we are providing learners with support services. This dichotomy breaks down when considering “cyber risk” and the university’s relationship to both student and customer.

Why Have Students Become Customers?

The demography of our learners has shifted over recent years with growing numbers of part-time and adult learners who increasingly expect convenience and value in their academic experience and the services universities provide. Many of our learners now refer to themselves as customers when expressing expectations for service levels, and they demand value for money or return on investment. This has more broadly been discussed in terms of the corporatization of the university and commodification of education, and is a natural response to the shifting assumption that education is principally a private good and therefore learners should bear appropriate levels of financial costs.

Many universities have responded in predictable ways. Assuming a market logic, for example, some have built departments marketing the university that have grown substantively larger than departments teaching marketing (or many other disciplines). These postsecondary marketing professionals refer to potential students as leads, prequalify them, and actively pursue them through outsourced telemarketing services. Commercial practices combined with increasing costs that are being transferred to learners and increasing focus on education for employability have created conditions that promote transactional relationships between the university and student-customer.

As the relationship between the student-customer and the university becomes increasingly transactional, the university has found itself competing with alternative providers of information services such as MOOC consortia and a variety of content providers, while other types of consumer environments, such as Amazon, have set the standard for transactional ease and effective self-service. That is, our student-customers are judging their university’s services based on standards set outside of the education sector, expecting more personalised, dependable and convenient services, while also assuming that their private academic, health, personal and financial information is secure.

The types of information needed to provide such personalized services, coupled with the traditional assumptions in academia about flexible computing environments, has marked universities as relatively soft and valuable targets for cyber-attacks. In the early days of the Internet, universities were targeted by hackers for access to high bandwidth and large-scale computing resources.

Now universities are large-scale information aggregators of similar value to other corporate entities, and a single successful hack could potentially yield a large return.

Managing Expectations About Digital Life and the University

Students and all those engaged with a university have a digital life, and their academic engagement represents only part of that life. Students can manage their digital life relative to their university as a blended experience or they may have a preference to maintain some separation, keeping their experiences somewhat discrete and compartmentalized. In any event, the expectations that many students have are more implicit than explicit and are frequently formed moment-by-moment. They want as user-friendly and personalized an experience as is possible to meet their current preferences and evolving work patterns, while also wanting predictability. Providing more or less personalization through a significant transformation, particularly when it is unexpected, can be jarring to the learner and needs to be informed by practice and success and needs to be well justified, internally rationalized and explained to the learner.

Examples of some expectations for flexible and personalized services have included:

  • Just-in-time academic advising.
  • Highly configurable learning spaces.
  • Sophisticated notifications for approaching deadlines, academic support and university business.
  • Robust and persistent access to educational resources and content from which their educational experience has grown.
  • On-demand information about grades, transcripts and financial transactions.

This list includes common examples, which are generally but not universally desired by many learners. There is a complementary list of examples for the desires of teachers and administrators. Some are consistent with the desires of learners, while others are unrelated, or perhaps even in conflict. In each case though the implementation will be subject to various levels or approval and overall satisfaction and of course dissatisfaction.

Striking a Balance

The situation described above points to challenges for universities as they balance the shifting service expectations of students with traditional relationships that universities share with students. In the following post we will start addressing some of the ways that our students think about privacy and services and the obligations that universities and students have for cyber-security.

This is the first of a two-part series by Ken Udas and Scott Sorley on postsecondary cybersecurity and cyber-risk in the modern era. In the conclusion, they will discuss balancing access with security and privacy concerns.

Next installment coming soon

Author Perspective: