I sat in on today’s meeting of IMAC (the Information Management Advisory Committee) on behalf of TAG. There were two major items discussed – a revision to the Records Management & Retention Policy (which I don’t think will have much direct impact on faculty) and a set of Guidelines for the Use of Cloud Computing Services.
The Guidelines are not policy – the document just list some of the concerns and considerations faculty and staff should be aware of when signing up for cloud services like Gmail, Google Docs, Dropbox, Facebook, Twitter, Pinterest, PayPal, etc.
The Guidelines are currently in draft format, so I’ve been asked not to distribute them outside of TAG. Non-TAG members, the new Guidelines will be sent out in 3-4 weeks, but in the meantime take a look at former Information Security Officer Tony Maszeroski’s Guidance on the Use of Cloud Applications by Individuals – the new Guidelines are similar in content.
One of the major concerns with using cloud services for University-related work (like teaching) is that it introduces all sorts of privacy and security issues. Almost all student information, like grades, transcripts, class lists, etc, is classified as restricted or confidential (see the Information Classification Policy) due to FERPA.
Classified or restricted information should not be stored or transferred on non-University systems, so faculty need to be very aware of what information we’re sharing with what third parties. If you’re using cloud tools or social media as part of your class or lab, you need to be very conscious of any potential privacy violations, and be upfront with students about the terms of service.
(See EDUCAUSE’s 2010 report on Privacy Considerations in Cloud-Based Teaching and Learning Environments. Colorado Community Colleges Online has posted some scenarios relating to respecting FERPA in an online classroom.)
I don’t think this is an issue that most faculty are very aware of, and I’d like to get a sense of how TAG can help faculty sort out these considerations in their classes. So let me know what you think – What questions do you have? What resources or references would be useful?
Kristen, thanks for the notes from the meeting. I will agree with your hunch that most faculty are not aware of the technical and privacy concerns as related to FERPA. At most colleges I’ve been acquainted with, they are not. As much as we complain about the inherent limitations of course management systems, including ANGEL (not a plug) they do help tremendously in this area. At LCCC we ran few pilot courses in Voicethread and some in GoogleSites/Docs and the management of student accounts,record keeping and access alone was enough to give pause. This is a great topic for conversation though! Keep up the good work.
Brian Snapp Associate Director of CTLE
from my Toshiba Android tablet
Thanks, Brian – I think that’s a good point about Angel. One of the IMAC committee members suggested that we introduce this issue in new faculty orientation. There’s so much information in new faculty orientation already, though, that I feel like not everything sinks in — and we’d still need to find a way to communicate with the rest of the faculty.
I’m thinking of drafting a version of the Guidelines specifically for faculty – focusing on classroom use of cloud services and what student data is confidential/restricted. Maybe it could be posted on both the CTLE and Library websites, so that at least the information is readily available? Let me know what you think.
Perhaps an easy reference list of Dos and Don’ts would be helpful.
[…] outlining some guidelines as to the appropriate use of Cloud Computing. Cloud computing can prove a significant risk to student privacy which needs to be taken into consideration when faculty consider their […]
[…] and can’t do with these cloud tools in order to comply with FERPA regulations (see previous FERPA post for […]