Implications of Student Unit Record Data Collection

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

(Please excuse the cross-post for anyone on the ICPL list where this
topic surfaced a few days ago, but the considerations for data security
and privacy are relevant to the security community so I wanted to make
sure everyone was aware of a proposal under consideration.)

The National Center for Education Statistics (NCES) at the U.S.
Department of Education is exploring a move to student unit record data
collection for the Integrated Postsecondary Education System (IPEDS).
Since the Higher Education Act is up for reauthorization, this is a
timely proposal.  Congressional members and others are concerned about
accountability as it relates to enrollments, graduation rates, net
prices, and financial aid among other higher education issues.  Many
believe that the current data collection system may not be very useful
in addressing these issues.  Collecting and reporting more data can
better define the problem and create better solutions according to some.
Others have voiced concern about the proposal's privacy and security
implications.  As of 2003, thirty-nine states have implemented a student
unit record collection reporting requirement so many institutions may
already be collecting and reporting at the state level.  

In the spirit of informing the EDUCAUSE membership and generating more
awareness, we suggest that you consult with relevant campus personnel
(including CIO, security officers, IT policy administrators, registrar,
institutional research staff, and datawarehouse managers)
to explore the implications of the student unit record data collection
proposal on technology systems, information security, and data privacy
at your institution.

Below you will find a few questions that may serve as a starting point
in campus discussions with various stakeholders.

1) What are the benefits to be gained from participation in the new
student unit record collection system?

2) What impact, if any, will the proposal have for the security and
privacy of student data?  

3) Does the proposal introduce any new risks to data security and
privacy?  

4) What are the practical changes that will be required of processes,
information systems, policies, and training or awareness in order to
comply with any new requirements?

We are interested in learning about your discussions and experiences, so
please drop us a reply with your views.  Your input informs our internal
discussions as well as information sharing with other policy
organizations.  Although we are initially considering comments due to
the NCES contractor by December 15th for a report to Congress, we
welcome your feedback at any time.

For more information, see:

EDUCAUSE Blog on "New Proposal for the Collection of Student Data"
http://www.educause.edu/Blog/1511&blog_id=287&select_case=permalink

IPEDS Student Unit Record Feasibility Study Documentation
http://www.highered.org/ipeds/ 

November 2004 Alert from the Association for Institutional Research
http://www.airweb.org/page.asp?page=711

National Association of Independent Colleges and Universities Issue
Summary and Background Material  
http://www.naicu.edu/HEA/UnitRecord.shtml

Article in Council on Law in Higher Education Privacy Newsletter
http://www.clhe.org/campusprivacy/cplv1n1.pdf

Sincerely,

-Rodney

-------------------------------------------------- 
Rodney J. Petersen
Policy Analyst & Security Task Force Coordinator

EDUCAUSE 
1150 18th Street, N.W., Suite 1010
Washington, D.C.  20036
(202) 331-5368 / (202) 872-4200 
(202) 872-4318 (FAX) 
EDUCAUSE/Internet2 Security Task Force
www.educause.edu/security 
------------------------------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.