Skip to content

Welcome!

sarahlmingle edited this page Feb 18, 2020 · 1 revision

Mapping the student data body

What is this?

Mapping the student data body is a research project investigating the governance of students’ data – how it is collected, used, and managed – within the University of Toronto’s IT systems and administrative processes.

This project focuses on the main platforms students engage with – Quercus, ACORN, Microsoft Office365, and UTORid, the encrypted login service which serves as our universal access point to the University’s digital services. It will examine the design and or procurement processes, particularly any privacy and security assessments, involved in implementing these educational technologies or platforms across the University in order to map their underlying data flows.

Why is this important?

As home to over 90,000 students across its three campuses, the University of Toronto collects and manages vast amounts of students’ data. With the introduction of services such as digital learning environments and student login portals, students are now automatically opted into generating a digital footprint from the time of their application to the end of their studies (if not beyond). Students are becoming increasingly aware, however, that their data is being used by the University for unexpected and perhaps uncommunicated purposes. For example, the University has used students’ information, including behavioural data (e.g. when they last logged onto email or whether they opened an email or not, etc.) as evidence within the legal proceedings for academic dishonesty cases. In my experience speaking with peers, this usually comes as a shock to students who hear of these cases as much as to the students who are the subject of proceedings. It is clear that a gap exists in students’ knowledge of what data the University collects about them and the potential uses of this information. In combination with the lack of clear and accessible privacy policies on University services such as Quercus (there are currently no resources related to the privacy or security of students’ data listed within the Quercus Support Resources), this raises questions as to whether the University has properly obtained students’ consent for data collection and use as required by the Freedom of Information and Protection of Privacy Act.

Key issues and research questions

Rights and informed consent

  • Has the University obtained informed consent from students for the full range of purposes involved in the collection, management, and use of their data?
  • How could the University’s IT systems and administrative processes be improved to better protect and fulfill students’ rights, particularly, their privacy and data rights?

Equity and inclusion

  • Are informed consent and data access processes designed in an inclusive and accessible way, incorporating the diverse needs and experiences of our University community and its members?
  • Do the procurement, design/development, and implementation processes at the University take these considerations into account when introducing a new IT system or update? How so or how not? How are students engaged in these processes?

Trust and safety

  • How secure are students’ data within the University’s IT systems? Have students’ data, particularly personal information, ever been implicated in a breach?
  • What forms of recourse or remediation are available to students in cases where their data and or rights may not have been adequately protected?

Goals

  1. To understand the various data flows which involve students’ information;
  2. To develop resources to educate students on their privacy and data rights by situating them within a context we all share (being students!);
  3. To recommend policy or technological design changes that better protect students’ rights and empower us to make informed decisions about managing our data bodies on campus.