Serving the UMN community since 1900

The Minnesota Daily


Serving the UMN community since 1900

The Minnesota Daily

Serving the UMN community since 1900

The Minnesota Daily

What online instruction means for student data privacy

As teaching increasingly relies on Canvas and Zoom, the University of Minnesota is looking to secure student data.
What online instruction means for student data privacy
Image by Hailee Schievelbein
by Helen Sabrowsky
Published April 23, 2020

As educational institutions across the country shift to online instruction in light of the coronavirus pandemic, increased attention has focused on student data privacy and what it looks like in digital learning. 

Across the University of Minnesota, digital platforms like Zoom and Canvas have seen an uptick in use since the transition to online learning. But both platforms have faced criticism in recent months for their handling of student data privacy. 

Student data means identifiable information — like names, student IDs and login information — and is regulated by the Family Educational Rights and Privacy Act as well as University policy. 

Throughout the shift to online learning, the University has worked to support students, staff and faculty with any issues that may arise, Chief Information Security Officer Brian Dahlin said, noting that the Office of Information Technology has been fielding more questions.

“As the University has been transitioning, we’ve been working to provide people with good advice,” he said. 

Why data privacy matters

As educational institutions across the country move to online teaching, student data privacy experts stress the importance of transparency and risk management. 

Sheryl Abshire, an educational technology specialist and consultant, said the conversation around student data privacy first emerged as schools began to collect and store more information about students using cloud-based systems. While initially there was little transparency over what was done with student data, now there is more conversation about its use. 

“We have come light-years since we first started thinking about this because we understand that so much personal data is important to every person, whether you’re a student or a business person,” Abshire said.

Though Abshire said there have been improvements in how educational institutions handle the issue of student data privacy, she said it is crucial schools understand what data is being collected and how it is used — internally and by third-party companies like Canvas and Zoom.

“[Schools] have a deep responsibility when collecting this data to know exactly how it’s being used and to have control over it,” Abshire said.

Larry Magid, CEO and founder of ConnectSafely, a nonprofit that teaches about online safety, privacy and security, said when it comes to how companies and educational institutions handle student data privacy, risk management is key. 

“Privacy is less about locking up every piece of information about you and more over having control over what you share,” he said. 

Concerns about privacy nationwide

Zoom went from hosting about 4,000 University meetings in a month prior to COVID-19 to now hosting nearly 8,000 meetings a day. The platform has seen some issues with security which have made the service vulnerable to video hijacking, or Zoombombing. This prompted a warning from the Federal Bureau of Investigation’s Boston office and attention from lawmakers.  

Earlier this month, the New York City school system stopped using Zoom in light of concerns over privacy. Companies and government agencies, like Google and NASA, have banned the use of Zoom. 

Canvas, which has been used by the University since 2014, has also seen an increase in use since the switch to online instruction. Like Zoom, Canvas has faced criticism for its policies on student data collection and retention. 

Earlier this year, Canvas was sold by its parent company Instructure to Thoma Bravo, an equity firm that specializes in software and technology-enabled service sectors, which prompted concerns regarding the transfer of student data in the sale.

Prior to the sale, educators nationwide organized a public letter to Instructure leadership calling for increased transparency over the handling of student data and the option for students to opt out of data collection and retention.

While the University has received some reports of Zoombombing, said Dahlin, neither Canvas nor Zoom have notified the school of any security breaches but have policies in place to do so. 

Magid said that some of the security problems Zoom faced were due to its original focus on business applications with organizations large enough to have their own IT departments. There have always been a lot of privacy controls on Zoom, but its policies are not easy to understand, and it did not have default settings, Magid said. 

This meant that during the period of rapid growth Zoom saw in light of the COVID-19 pandemic, users who did not understand how to configure their privacy settings were vulnerable to video hijacking, he said. In response, Zoom adjusted its privacy settings.

For companies like Zoom, handling student data is all about risk management or implementing the best policies possible without compromising usability or function, Magid said. Right now, Zoom is as secure as it can be while still being on the internet, he said. 

What students and faculty can do

The University’s large dataset of student information has a series of security classifications, with most student data considered private restricted, said Stacey Tidball, director of the University’s Continuity and Compliance office, which regulates student data. 

Student data is stored in different systems across the University, and some, such as grades and degrees earned, is retained forever, she said. When it comes to accessing that data, an individual or entity must meet two requirements: They must be a school official and have a legitimate educational interest, Tidball said. 

While Canvas is designated as a school official in its contract with the University, it still must show it has a legitimate business purpose before being able to access student data, Tidball said. Designating educational vendors as school officials is a standard practice at the University and is not unique to the school, she said.  

The University has online resources for students and faculty interested in additional guidance on how to better secure their data. 

Magid said that individuals can take steps like avoiding public WiFi and using strong passwords to mitigate privacy risks, while institutions can work to educate users and only contract with reputable vendors to protect data on their end. 

“At the end of the day, you can’t just shut it down. It’s sort of like how many locks you put on your front door,” said Magid. 

“You want to put a lock out that makes it really hard for bad guys to get in, but if you’re going to lock your door so that it makes it impossible for anyone to get in … you’re not going to be able to get in your own front door. You have to make it accessible but also secure.” 

View Story Comments
Print this Story
More to Discover
More in City
The library is located at 1222 4th St. SE, down the street from The Book House and Tony’s Diner.
Arvonne Fraser Library selecting art mural commissions
Empty homeless encampment in the East Phillips neighborhood on Wednesday, Sept. 27, 2023.
City council wants to allocate parking lots for homeless people
Community garden in Marcy Holmes on November 18, 2024
Minneapolis parks now have 11 community gardens
Michael Harrison (left) and David Douglass speaking to community members. ELEFA was chosen as MPD’s evaluator in Feb. 2024.
Minneapolis independent evaluator has spoken — next steps for MPD
The closures are part of an effort to address a $1.5 million funding gap.
Ice rinks at Powderhorn Park, Webber Park may stay closed this winter
The United States Capitol on Oct. 27, 2022.
Minnesota House tied, DFL trifecta broken, recount Thursday
More in Coronavirus-DNU
The interior of Claire Steyaert Antiques on Saturday, March 12. Claire Steyaert Antiques had its Grand Reopening on Saturday after being appointment only since the start of COVID-19.
Prospect Park antique store re-opens after closing due to pandemic
Vaccine availability at clinics will be announced soon.
BREAKING: University announces change to mask requirements
Vaccine availability at clinics will be announced soon.
What to know about KN95 masks
COVID-19 timeline: key decisions and updates from past two years
COVID-19 timeline: key decisions and updates from past two years
Minneapolis City Council members watch Mayor Jacob Frey give his inaugural address on Jan. 10. Photo courtesy of City of Minneapolis.
Minneapolis inauguration ceremony held under COVID-19 protocols
Faculty and administrators navigate changing COVID-19 safety policies amid statewide spike in transmission
Faculty and administrators navigate changing COVID-19 safety policies amid statewide spike in transmission
More in In-Depth-DNU
The University of Minnesota’s Disability Resource Center Office in the McNamara Alumni Center on Thursday, Jan. 20, 2022.
Captionists speak out as DRC terminates 7 full-time captionists
McNamara Alumni Center captured on Sunday, Dec. 5, 2021.
University student files complaint with Department of Human Rights over getting accommodations fulfilled
A photo of the Morrill Hall takeover in 1969, which resulted in the creation of the Department of African American and African Studies. Photo courtesy of the University of Minnesota Archives.
The history of Black affinity groups on the UMN campus
The Humphrey School of Public Affairs as seen on Thursday, Sept. 19.
Student leaders want plan to address sexual misconduct at Humphrey
3:53 p.m. Senior Christine Luo, junior Emma Heverly and alum Anika Tella relax near McNamara Alumni Center. The women went to go get boba and enjoy the nice weather.
Day in the Life: April 28, 2021
Gallery: Emotions erupt in Minneapolis following guilty verdicts in Chauvin trial
Gallery: Emotions erupt in Minneapolis following guilty verdicts in Chauvin trial

Accessibility Toolbar