Colleges called the new data warehouses

Chief Privacy Officer Kathleen Styles said in a presentation Wednesday that colleges are wrestling with how to avoid data breaches and use student information to track progress.

Kathleen Styles said colleges need to have a better grasp of the wealth of data they have on students.

Colleges and universities have to become more adept and resourceful about using the vast quantities of student data that they are collecting every day, the Education Department’s chief privacy officer said.

“Colleges are data factories,” Kathleen Styles told the P20W Education Standards Council’s 2nd annual Data Symposium and Summit on Capitol Hill Wednesday. “Different parts of campus need to be talking to each other about the data they’re collecting.”

Styles said the agency receives thousands of calls a year about topics ranging from data breaches to educational technology vendor concerns, and about 500 to 600 complaints through the Family Policy Compliant Office, “and that number has been rising steadily,” she said.


Simple complaints, for example, come from parents who are upset because an ex-spouse was able to obtain their child’s academic records or because their child was identified in class as having special needs.

“But increasingly, we’re seeing complaints that deal with service providers in educational technology,” she said. “Those are more challenging for us. They require a more thorough investigation.”

The Federal Trade Commission is responsible for holding educational technology vendors accountable if they are found to have inappropriately advertised to students through their products. Most state bills — 46 states introduced nearly 200 bills this year on student privacy — focus on K-12 students, not university students.

According to the Data Quality Campaign, the most substantive higher education bill this year was introduced in Illinois. Called the Higher Education Student Online Personal Information Protection Act, the bill, unveiled in February, would prohibit an edtech vendor or app operator from selling or disclosing student data and from using certain information to develop student profiles.

Styles, who was hired as the department’s first chief privacy officer in 2011, has issued guidance for parents, students and schools, as well as vendors, on how to deal with privacy concerns. She also released guidance on protecting student medical records.


But she said more has to be done.

“One of my goals is to provide more pre-set answers on our website,” she said, so she can try to deflect the roughly 15,000 calls the office receives each year with privacy questions.

One area data is increasingly being used for is to track student achievement and performance, Styles and other higher education experts said.

Data collected on students can show whether they are ready to graduate — or if they’re missing the mark. Knowing something as simple as whether students are logging onto their schools’ content management systems to check their grades can be an indicator of success.

“If a student doesn’t sign into the school’s information system for several days, it’s cause for concern,” Styles said. “That means they’re not paying attention, they’re not looking for their assignments. Some schools have started to use that information to reach out.”


Jennifer Roth, director of higher education for Splunk, a company that produces software to analyze big data, said useful information is also collected on students who use badges to get access into various facilities.

“There’s a wealth of data telling [college officials] what campus services are or are not being used, ranging from labs to classrooms to football stadiums,” she said.

Added Kevin Davis, a vice president at the data analysis software company, “If all of a sudden somebody’s not badging into the gym, but going to Dunkin’ Donuts,” is that a cause for concern?

Colleges have troves of data, which means their systems could also be juicy targets for hackers. The number of data breaches at universities has exploded over the years, paralleling the security problems government agencies and other sectors have experienced.

According to the Privacy Rights Clearinghouse, there have been more than 300 reported data breaches across K-12 school districts and universities since 2010. In August, the University of Virginia had its IT systems compromised from a cyberattack that originated in China, according to the clearinghouse website. A month before that, eight of Harvard University’s colleges were hacked, and Penn State College of Engineering reported in May that at least 18,000 students’ data had been exposed in a cybersecurity breach.


Styles encouraged colleges and universities to contact state officials in the case of a data breach, since attackers are subject to state laws.

But, she added, colleges also “need to have a better understanding of the data they hold.”

Reach the reporter at or follow her on Twitter @clestch.

Latest Podcasts