![\"\"](\"https:\/\/openstudio.pub\/wp-content\/uploads\/sites\/22\/2015\/01\/Data-protection-by-country-2022-scaled.png\")
<\/a>\n\nFigure 10.9.1 Strength of data protection laws. Click on image for more information.\nImage: \u00a9 2022 DLA Piper\n\n'S' too is a change from the earlier ACTIONS model, where 'S' stood for speed, in terms of how quickly a technology enabled a course to be developed. However, the issues previously raised under speed have also been included in SECTIONS 'Ease of Use' (Chapter 10, Section 3<\/a>). This allows 'Speed' to be replaced with 'Security and privacy', issues which have become increasingly important for education in a digital age.\nTeachers, instructors and students need a private place to work online. Instructors want to be able to criticize politicians or corporations without fear of reprisal; students may want to keep rash or radical comments from going public or will want to try out perhaps controversial ideas without having them spread all over Facebook. Institutions want to protect students from personal data collection for commercial purposes by private companies, tracking of their online learning activities by government agencies, or marketing and other unrequested commercial or political interruption to their studies. In particular, institutions want to protect students, as far as possible, from online harassment or bullying. Creating a strictly controlled environment enables institutions to manage privacy and security more effectively. For a good example of a simple, transparent set of policies for privacy, see University of British Columbia's Privacy Fact Sheet.<\/a><\/p>\nLearning management systems provide password protected access to registered students and authorised instructors. Learning management systems were originally\u00a0housed on servers managed by the institution itself.\u00a0Password protected LMSs on secure servers have provided that protection. Institutional policies regarding appropriate online behaviour can be managed more easily if the communications are managed 'in-house.'\n ]<\/span><\/span><\/em>Social media companies are almost exclusively based in the United States, where the provisions of the Patriot Act apply no matter where the information originates. The Patriot Act allows the U.S. government to access the social media content and the personally identifying information without the end users\u2019 knowledge or consent. The government of British Columbia, concerned with both the privacy and security of personal information, enacted a stringent piece of legislation to protect the personal information of British Columbians. The Freedom of Information and Protection of Privacy Act (FIPPA) mandates that no personally identifying information of British Columbians can be collected without their knowledge and consent, and that such information not be used for anything other than the purpose for which it was originally collected. [but see note at end of this section]<\/span><\/span><\/em><\/p>\nConcerns about student privacy have increased even more when it became known that countries were sharing intelligence information, so there remains a risk that even student data\u00a0on Canadian-based servers may well be shared with foreign countries.\n\nBishop (2011 - no longer available) discussed the risks to institutions in using Facebook:\n Note:<\/b> In November 2021, the Government of British Columbia enacted Bill 22 to make significant changes to the\u00a0Freedom of Information and Protection of Privacy Act. <\/i>As a result of Bill 22, public bodies may now disclose personal information outside Canada 'provided they comply with applicable regulations.' This is an attempt to take account of the increasing use of cloud services. The BC Privacy Commissioner was very unhappy about these changes<\/span><\/a>. Privacy is clearly an area where governments are struggling to keep up with technological developments. All the more reason to be cautious.<\/span><\/p>\n\n Figure 10.9.1 Strength of data protection laws. Click on image for more information. ‘S’ too is a change from the earlier ACTIONS model, where ‘S’ stood for speed, in terms of how quickly a technology enabled a course to be developed. However, the issues previously raised under speed have also been included in SECTIONS ‘Ease of Use’ (Chapter 10, Section 3<\/a>). This allows ‘Speed’ to be replaced with ‘Security and privacy’, issues which have become increasingly important for education in a digital age.<\/p>\n Teachers, instructors and students need a private place to work online. Instructors want to be able to criticize politicians or corporations without fear of reprisal; students may want to keep rash or radical comments from going public or will want to try out perhaps controversial ideas without having them spread all over Facebook. Institutions want to protect students from personal data collection for commercial purposes by private companies, tracking of their online learning activities by government agencies, or marketing and other unrequested commercial or political interruption to their studies. In particular, institutions want to protect students, as far as possible, from online harassment or bullying. Creating a strictly controlled environment enables institutions to manage privacy and security more effectively. For a good example of a simple, transparent set of policies for privacy, see University of British Columbia’s Privacy Fact Sheet.<\/a><\/p>\n Learning management systems provide password protected access to registered students and authorised instructors. Learning management systems were originally\u00a0housed on servers managed by the institution itself.\u00a0Password protected LMSs on secure servers have provided that protection. Institutional policies regarding appropriate online behaviour can be managed more easily if the communications are managed ‘in-house.’<\/p>\n However, in recent years, more and more online services have moved ‘to the cloud’, hosted on massive servers whose physical location is often unknown even to the institution’s IT services department. Contract agreements between an educational institution and the cloud service provider are meant to ensure security and back-ups.<\/p>\n Nevertheless, Canadian institutions and privacy commissioners have been particularly wary of data being hosted out of country, where it may be accessed through the laws of another country. There has been concern that Canadian student information and communications held on cloud servers in the USA may be accessible via the U.S. Patriot Act. For instance, Klassen (2015<\/a>) wrote:<\/p>\n ]<\/span><\/span><\/em>Social media companies are almost exclusively based in the United States, where the provisions of the Patriot Act apply no matter where the information originates. The Patriot Act allows the U.S. government to access the social media content and the personally identifying information without the end users\u2019 knowledge or consent. The government of British Columbia, concerned with both the privacy and security of personal information, enacted a stringent piece of legislation to protect the personal information of British Columbians. The Freedom of Information and Protection of Privacy Act (FIPPA) mandates that no personally identifying information of British Columbians can be collected without their knowledge and consent, and that such information not be used for anything other than the purpose for which it was originally collected. [but see note at end of this section]<\/span><\/span><\/em><\/p>\n Concerns about student privacy have increased even more when it became known that countries were sharing intelligence information, so there remains a risk that even student data\u00a0on Canadian-based servers may well be shared with foreign countries.<\/p>\n Bishop (2011 – no longer available) discussed the risks to institutions in using Facebook:<\/p>\n The controversy at Dalhousie University<\/a> where dental students used Facebook for violent sexist remarks about their fellow women students is an example of the risks endemic in the use of social media.<\/p>\n In 2019, the U.S. Federal Trade Commission imposed a US$5 billion <\/a>penalty and sweeping new privacy restrictions on Facebook. ‘Despite repeated promises to its billions of users worldwide that they could control how their personal information is shared, Facebook undermined consumers\u2019 choices<\/em>, said FTC Chairman Joe Simons’. I leave it to you to judge whether this will be sufficient to protect students’ private data from being exploited by social media companies.<\/p>\n Although there may well be some areas of teaching and learning where it is essential to operate behind closed doors, such as in some areas of medicine or areas related to public security, or in discussion of sensitive political or moral issues, in general though there have been relatively few privacy or security problems when teachers and instructors have opened up their courses, have followed institutional privacy policies, and above all where students and instructors have used common sense and behaved ethically. Nevertheless, as teaching and learning becomes more open and public, the level of risk does increase.<\/p>\n 1. What student information am I obliged to keep private and secure? What are my institution’s policies on this?<\/p>\n 2. What is the risk that by using a particular technology my institution’s policies concerning\u00a0privacy could easily be breached? Who in my institution could advise me on this?<\/p>\n 3. What areas of teaching and learning, if any, must I keep behind closed doors, available only to students registered in my course? Which technologies will best allow me to do this?<\/p>\n Note:<\/b> In November 2021, the Government of British Columbia enacted Bill 22 to make significant changes to the\u00a0Freedom of Information and Protection of Privacy Act. <\/i>As a result of Bill 22, public bodies may now disclose personal information outside Canada ‘provided they comply with applicable regulations.’ This is an attempt to take account of the increasing use of cloud services. The BC Privacy Commissioner was very unhappy about these changes<\/span><\/a>. Privacy is clearly an area where governments are struggling to keep up with technological developments. All the more reason to be cautious.<\/span><\/p>\n Bishop, J. (2011) \u00a0Facebook Privacy Policy: Will Changes End Facebook for Colleges? The Higher Ed CIO<\/em>, October 4 – no longer available; see note above]<\/p>\n Federal Trade Commission (2019) FTC Imposes $5 billion Penalty and Sweeping New Privacy Restrictions on Facebook <\/a>Washington DC: Federal Trade Commission<\/p>\n Klassen, V. (2015) Privacy and Cloud-\u00adBased \u00a0Educational\u00a0Technology in\u00a0British\u00a0Columbia<\/em><\/a> Victoria BC: BCCampus<\/p>\n See also:<\/p>\n10.9.2 Cloud based services and privacy<\/h2>\nHowever, in recent years, more and more online services have moved 'to the cloud', hosted on massive servers whose physical location is often unknown even to the institution's IT services department. Contract agreements between an educational institution and the cloud service provider are meant to ensure security and back-ups.\n\nNevertheless, Canadian institutions and privacy commissioners have been particularly wary of data being hosted out of country, where it may be accessed through the laws of another country. There has been concern that Canadian student information and communications held on cloud servers in the USA may be accessible via the U.S. Patriot Act. For instance, Klassen (2015<\/a>) wrote:\n
\n \t
10.9.3 The need for balance<\/h2>\nAlthough there may well be some areas of teaching and learning where it is essential to operate behind closed doors, such as in some areas of medicine or areas related to public security, or in discussion of sensitive political or moral issues, in general though there have been relatively few privacy or security problems when teachers and instructors have opened up their courses, have followed institutional privacy policies, and above all where students and instructors have used common sense and behaved ethically. Nevertheless, as teaching and learning becomes more open and public, the level of risk does increase.\n
10.9.4 Questions for consideration<\/h2>\n1. What student information am I obliged to keep private and secure? What are my institution's policies on this?\n\n2. What is the risk that by using a particular technology my institution's policies concerning\u00a0privacy could easily be breached? Who in my institution could advise me on this?\n\n3. What areas of teaching and learning, if any, must I keep behind closed doors, available only to students registered in my course? Which technologies will best allow me to do this?\n\n
\nReferences<\/h2>\nBishop, J. (2011) \u00a0Facebook Privacy Policy: Will Changes End Facebook for Colleges? The Higher Ed CIO<\/em>, October 4 - no longer available; see note above]\n\nFederal Trade Commission (2019) FTC Imposes $5 billion Penalty and Sweeping New Privacy Restrictions on Facebook <\/a>Washington DC: Federal Trade Commission\n\nKlassen, V. (2015) Privacy and Cloud-\u00adBased \u00a0Educational\u00a0Technology in\u00a0British\u00a0Columbia<\/em><\/a> Victoria BC: BCCampus\n\nSee also:\n\nBates, T. (2011) Cloud-based educational technology and privacy: a Canadian perspective<\/a>, Online Learning and Distance Education Resources<\/em>, March 25\n
\nActivity 10.9: Security and Privacy<\/h3>\n
\n\n\n \t
<\/a><\/p>\n
\nImage: \u00a9 2022 DLA Piper<\/p>\n10.9.1 The need for privacy and security when teaching<\/h2>\n
10.9.2 Cloud based services and privacy<\/h2>\n
\n
10.9.3 The need for balance<\/h2>\n
10.9.4 Questions for consideration<\/h2>\n
\nReferences<\/h2>\n