Future Trends in Data Security for Online Distance EducationRick Shearer | Director of World Campus Learning Design, The Pennsylvania State University
Today, with the rapid evolution of technology, it is probably a fool’s game to try to predict what things may look like in the next 10 years. As witnessed over the past year, we are now dealing with trends and technologies that weren’t even part of the vernacular two years ago. Massive Open Online Courses (MOOCs), for example, are one of those interesting online delivery trends that has emerged upon us like a tsunami, but is it a flash in the pan or a long-term trend? It’s hard to tell. Along with that, who would have guessed two years ago that we’d be seeing a decline in Facebook usage in North America, and young adults announcing they are going to be using Facebook less? , 
Thus, to predict something like data security in the future is difficult, but we can examine what is happening globally as a view into the possible, along with examining the emerging trends around online secure testing and the world of apps.
While it seems that personal data security is just starting to get the attention of our government, data usage and data privacy has been heavily regulated and tested in the courts in Europe and other countries. Within the Bloomberg BNA newsfeeds, there is hardly a week that one does not see an article related to the protection of personal data and the clamping down on companies like Google or lawsuits against Facebook, Microsoft or others for not adequately protecting the data of citizens. The United States, however, has been slower to move in this direction in order not to stifle innovation, but the recent executive order by President Barack Obama may accelerate America’s move towards greater data protection. 
What will this increased scrutiny of data protection mean for higher education and, particularly, online education? Will we see a revision to the laws around FERPA? Will we need to hold the vendors we deal with to a higher standard in how they handle student data, and will this limit our ability as educators to have open conversations across courses? It is difficult to say and gives one pause to reflect on this when we see companies such as Apple being hacked by what is believed to be an arm of the Chinese government.
Another question we need to wrestle with is just what student data needs to be protected, and whether we are just worried about the data or the safety and anonymity of our students. What are their rights, and should they have the responsibility of setting the levels of protections, especially in online education where we are dealing with adult learners with more on the line?
For example if I’m 19 and my home bank account is hacked, the level of damage is relatively minimal. I’m young, just starting out and fairly open to risk. However, if I’m in my late 30’s or early 40’s I have a lot of individual investments and “life stuff” that I need to worry about. I should have the right to choose the level of data protection and privacy I want in my education experience. The recent announcement by Slideshare highlights the need to control what others can have access to. In a recent email to users, they announced they have a new tool that will let you track how your presentation is being viewed. What if I don’t want anyone to know how I’m reviewing their Slideshare presentation; shouldn’t I have the right to determine that? The question is: will we see a more aggressive move by vendors, governments and institutions to provide the end user with the right to determine what can be farmed in terms of data usage?
The fairly recent world of online secure testing is also an interesting microcosm to examine. There are several systems on the market at the moment, from Kryterion to Software Secure to ProctorU. All handle data and identification of students differently. Some use Axiom to mine into a student’s data to determine a match based on questions answered. Kryterion uses both facial recognition and keyboard forensics to identify a student, and ProctorU captures a photo ID. While this is not a commentary on which method is better, it does point to an incredible amount of data on our students that lives somewhere. How well is it protected, and should students have the right to determine how long and where the data is stored? While the idea of facial recognition and keyboard forensics may seem benign, how could it be used in the future if in the wrong hands? Again, this question is not asked to create paranoia, but to highlight how these technologies evolve and may be used in unanticipated ways.
The world of apps on our mobile devices is yet another interesting area. With every app wanting to track our locations, usage, buying patterns, etc., should education apps take the same approach or should they limit the amount of personal data collected? Imagine what would start to happen if apps became aware of each other and easily passed data. On one hand, we would want this educationally, but on a security side, this might not be desirable.
While being able to predict the future more than a few years out is increasingly difficult, we need to start thinking more deeply about how data is being collected, used and shared across education platforms. I can only imagine that the types of scenarios I’ve mentioned above keep our institutions’ data security officers up at night. Also, we must ask ourselves, although we can do something with technology, should we do it?
– – – –
 Henry Blodget, “ANALYST: Facebook Has A Big New Problem You Need To Worry About,” The Business Insider, September 12, 2012, available from http://www.businessinsider.com/facebook-usage-declining-2012-9#ixzz2MxSh7eAr
 Victor Luckerson, “Is Facebook Losing Its Cool? Some Teens Think So,” Time Business and Money, March 8, 2013, available from http://business.time.com/2013/03/08/is-facebook-losing-its-cool-some-teens-think-so/#ixzz2MzPFsN5T
 “Executive Order — Improving Critical Infrastructure Cybersecurity,” The White House Office of the Press Secretary press release, February 12, 2013, on the White House website, http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
Author Perspective: Administrator
Unlike Shearer, I have a more positive view of what higher education institutions are collecting and using student data for.
Let’s be clear: we’re not like those shady companies looking to make a quick buck by selling off our students’ data. Our mission is to educate and prepare students to be active in the marketplace and civic life; put another way, our work is for public good. Our ability to effectively do that work is enhanced by the data we are able to collect on our students. I agree that we should have more open conversations about data usage and management.
Let’s not make it seem like we’re Big Brother here.
Data security is not only the job of higher education institutions, but of the individual students as well. Where institutions can help is by introducing workshops for all students that teach information security and acceptable internet use. This could be particularly helpful for students who are perhaps not as familiar with new technologies and their capabilities. In particular, adult students might benefit from this type of training.
Great article! I think the takeaway is that we need to have these types of conversations with students when they register for our schools and programs. They should be made aware of what information we’re collecting, why and how it may be used in the future. Then they can decide if they’re still willing to establish that relationship with us. The key is not to leave them in the dark about what we’re doing.