Trusting Institutions
We can't trust what we don't know. Students' lack of trust and confidence in their institutions' data practices (see figure 3) is becoming a persistent finding in EDUCAUSE research. Only about half of respondents agreed or strongly agreed that they have confidence in their institution's ability to safeguard their personal data or that they trust their institution to use their personal data ethically and responsibly (54% and 46%, respectively).
Respondents who disagreed or strongly disagreed that they have confidence in their institution's ability to safeguard their personal data were asked to "share more about why you do not have confidence in your institution's ability to safeguard your personal data." Similarly, respondents who disagreed or strongly disagreed that they trust their institution to use their personal data ethically and responsibly were asked to "share more about why you do not trust your institution to use your personal data ethically and responsibly." Several themes emerged from these responses.
General Lack of Trust
"Anyone can access online data."
"Hackers have become more crafty over the years."
"It is the modern era. No one uses [data] ethically."
Belief That Higher Education Institutions Are Capitalistic
"They're a capitalistic institution more focused on making money than improving the education of American people."
"Colleges are for-profit, why would they care about being ethical?"
"Greed is their motive."
Opacity of Institutional Policies and Practices
"They have no transparency into what they're storing."
"I am not aware of their policies."
"They don't really say anything about [safeguarding data], and I haven't done any research on it."
Previous Data Breaches
"My school was hacked in the past, so it kind of causes a bit of distrust."
"[My institution] has a history of data breaches."
"We have had too many events where our information has been leaked via phishing emails."
Third-party software is also on the hook. Students also lack trust in the ways educational software companies use students' personal data (see figure 4). Over a third (39%) of respondents indicated that they are very or extremely concerned about software companies' interest in using personal data purely for their own profit. Further, 36% of respondents indicated that they are very or extremely concerned about companies' ability to securely store and protect their data. As institutions' privacy and information security leaders look for better ways to communicate with students about their policies, third-party technologies must be part of the conversation.
Evaluating Vendors
For more resources related to assessing and managing vendor risk, see the EDUCAUSE Higher Education Community Vendor Assessment Toolkit.