Data SecurityAI SecurityPublic SectorHigher EducationSecurity
News2 minute read

Opinion: How to Balance Learning Analytics With Data Privacy

The capacity of learning analytics platforms to collect troves of student data makes them both institutional necessities and liabilities. A handful of best practices can help colleges and universities keep them secure.

by Michael Sink, for Government Technology

As education technology and models have evolved over recent years, data-driven learning has become a necessity. To identify effective ways of creating more customized classroom experiences, many educators have turned to learning analytics, the process of collecting and analyzing student data.

Learning analytics packages data, such as a student's utilized resources and performance, to produce a digestible report on the variety of factors that affect that student's ability to learn. This can include giving educators preventative alerts about what factors may be impeding a student's learning, especially when there is a high student-to-teacher ratio.

With this data, institutions have insight into student outcomes and the capability to craft or enhance individual education experiences. However, these insights come with new data privacy risks, especially without proper guardrails like data anonymization.

Not only do data breaches put students at risk, they can be costly for educational institutions, both financially and reputationally. To mitigate threats to data privacy, school cybersecurity leaders need to evaluate the ways they protect and use confidential information.

THREATS TO LEARNING ANALYTICS DATA

Information collected for learning analytics is often personal, including names, grades and other information protected by the Family Educational Rights and Privacy Act (FERPA). This data may seem to only be valuable to those within the school community, but that's what makes it an attractive ransomware target, as school administrators will pay hackers to avoid public exposure of this sensitive data.

Hackers may also use social engineering tactics to access personally identifiable information (PII) such as Social Security or student ID numbers. These attacks exploit human error through manipulation, such as impersonation or introducing a sense of urgency, to gain access to private data. Artificial intelligence is further allowing for the creation of more sophisticated and believable attack campaigns aimed at employees and administrators, persuading them that someone in a position of authority is asking them to provide access credentials.

Once a threat actor is inside a network, they can deploy malware like ransomware to encrypt the system's data, preventing users and IT professionals from accessing the network. The data is then held for ransom, only to be given back if the educational institution pays for it.

CHALLENGES IN SAFEGUARDING DATA COLLECTED VIA LEARNING ANALYTICS

While learning analytics has solved challenges in the classroom, it has complicated educational institutions' attack surfaces, creating new obstacles for IT teams to navigate.

 

Read full article