If there is one thing we have come to realize in this millennia, it is that data is critically important. Data, both in raw form and the analysis derived from it, drives everything that we do. Data helps us to aggregate information in a meaningful way to serve those we seek to serve more effectively. As Carly Fiorina, former executive, president, and chair of Hewlett-Packard Co. stated, “The goal is to turn data into information, and information into insight.”
The “insight” provided by data that we collect in career services has proven to be able to help students make a more meaningful transition to the next chapter of their lives, help employers better connect with students and drives our ability to help our institutions be more focused on enrollment and graduation persistence on our campuses.
The data generated on our campuses is so valuable that on August 21, 1974 President Gerald R. Ford signed into law the Family Educational Rights and Privacy Act (FERPA) in order to protect the information (data) of students. This landmark legislation focused on the “educational records” of students and was defined as “those records, files, documents, and other materials which contain information directly related to a student; and are maintained by an educational agency or institution or by a person acting for such agency or institution.” 1
The security of the data we generate and use on campus should be constantly on our minds – and for good reason! It has been reported that 59% of organizations experienced a significant or material breach in 2019, a 9% increase over the previous year. In 2019, 14.4 million consumers became victims of identity fraud — that is about 1 in 15 people! Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average2.
However, the ability to secure this information decreases as the volume and complexity of data increases. The reason for this is quite simple, we are struggling under an unprecedented load of data that is difficult to manage — and to understand. Many organizations are simply not aware of what data they have and where it is stored. This presents a basic tenet of data security: You can’t protect what you don’t know.
One of the most critical decisions that a career center can make is that of the technology partner they choose. An effective technology interface should enhance the ability of your office to make meaningful and impactful connections with students and employers AND provide the data security needed to protect those we seek to serve. Did you know that some career service software providers never delete and continue to use and sell student and alumni data to 3rd parties even after you stop using their platform? What could these vendors do with the data they are collecting? We simply do not know and THAT is a problem. Additionally, many of these providers do not give students or alumni full control when determining how their information will be used which can have a detrimental impact for those that use the platform. FERPA was signed into law due to this very issue – evidence that student records were being misused across the country.
What can we do to protect those we seek to serve? As Dr. Chris Pierson, CEO, Binary Sun Cyber Risk Advisors states: “What we should actually be doing is thinking about what are our key controls that will mitigate the risks. How do we have those funneled and controlled through the team that we have, how do we work through that in a well formatted, formulated process and pay attention to those controls we have chosen?”
Over the last few years, technology in the career center space has changed dramatically. Some providers are solely focused on monetizing your students and their information by selling access to those employers who can pay a premium under the guise of “democratizing opportunities”. This presents a significant data security threat, both for our students and our campuses. Over time, we have seen some vendors begin relationships with career centers to build their product offerings (candidate pipeline) but have pivoted away from this model to have more control over the data they have collected. By controlling the data in their systems, and with little oversight from the schools, the ability to monetize the data by selling student information has become the norm. This is exactly why President Ford signed FERPA into law – to stop student data from being sold or accessed by those outside of the university environment.
How is your campus being a good steward of your student data? Are you allowing third party vendors to own, and therefore control, information about your students? As Dr. Pierson stated, mitigating risks, for ourselves and our students should be at the top of our list of goals for 2021. Remember – we can’t protect what we don’t know…
1 Legislative History of Major FERPA Provisions – https://www2.ed.gov/policy/gen/guid/fpco/ferpa/leg-history.html
2 EY, Global Information Security Survey 2020, February 2020.