Re: Tableau for Student's data Analytics

["Hart, Michael" <mhart20 () MSUDENVER EDU>]

The timing of this email is interesting.  I received it while I was in a meeting with our business intelligence and 
institutional research folks talking about how to securely utilize Tableau in their departments.

I’m also interested in hearing from any institutions with Tableau experience.  I’m hoping to involve our Data Warehouse 
team and DBAs to help us create appropriate processes and policies around Tableau.  Any input would be greatly 
appreciated.



Mike Hart  | CISO, Director of ITS Security, Infrastructure, and Networking
Metropolitan State University of Denver
Information Technology Services
Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
Admin Building - 1201 5th Street 480E  Denver, CO 80204
303-615-0541 (Office)
303-352-7548 (Help Desk)
mhart20 () msudenver edu<mailto:mhart20 () msudenver edu> | 
www.msudenver.edu/technology<http://www.msudenver.edu/technology>
[University_Formal_2CPos[1]]



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ronald 
King
Sent: Tuesday, August 22, 2017 8:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Tableau for Student's data Analytics

Good morning all,

We have been approached by Academic Affairs to participate in a project to possibly use Tableau for data analytics of 
our student (FERPA) data. We are looking at whether to have it hosted or on premises and potentially have a direct feed 
from our Student Information System (SIS).

While we have the expected concerns related to any cloud service accessing the SIS, what is really concerning is the 
access to student data. Red flags started to fly almost immediately. So, my questions to the group:

  *   Is anyone using Tableau for data analytics for enrollment data and student records?
  *   What privacy concerns do you have even if the student records are "de-identified?" (Even if we remove names, 
socials and student numbers, there are still ways to identify individuals based on other data sets.)
  *   Do we need student permission to provide their "de-identified" data to a cloud service?
  *   Is there any advise you can offer?
Please feel free to contact me directly via email or phone.

Thank you very much for your time.
Ronald A. King, CISSP
Chief Information Security Officer
Morgan State University                                                                                           
Office: (443) 885-3372
1700 E. Cold Spring Ln.                                                                                           
Email:  ronald.king () morgan edu<mailto:ronald.king () morgan edu>
Baltimore, MD 21251                                                                                 URL:    
http://www.morgan.edu

                                                Growing the future ... Leading the 
world<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>