Data Protection, Privacy and mobile learning

There is a good bit to think about with this so, this will be split over two posts.

As the participants on this project have been sorting out ethical considerations, one of the things that came up was handling of data.

Data refers to automated and manual data.  Automated data means any information on computer, or information recorded with the intention that it be processed by computer.  Manual data means information that is recorded as part of a relevant filing system or with the intention that the data form part of a system.

(http://www.dit.ie/media/documents/services/recordsmanagement/DIT%20DP%20Policy%20-%20Feb%202012.doc)

 

The institute has guidelines on how to handle data. These guidelines are similar to those used in the public sector and are based on the following principles:

  1. Data should be obtained and processed fairly.( for example students can opt out of sharing their info
  2. Data collected should only be kept for specified and lawful purposes
  3. The data should be processed only in ways compatible with the purposes for which it was solicited and given.
  4. The data should be kept safe and secure
  5. The data should be kept accurate and up to date
  6. Collect data that is adequate, relevant and not excessive
  7. Data should not be held longer than is necessary for the purpose it was collected for, and it suitably should be disposed of.
  8. An individual should be given a copy of his/her personal data when he requests it. (as per Data Protection Acts, 1988 and 2003)

See some more info here: http://www.dit.ie/recordsmanagement/dataprotection/

An individual’s right to privacy also implicated when any of the above is breached, so given the personal  nature of mobile devices  and how much data is passing through them at any time…what are the implications for use in education?

Where do things stand with regards to creating a “Bring your own device” (BYOD) environment for learning?

What is the relationship between institutional handling of data, privacy and the use of cloud-services such as googledrive, dropbox, etc?

In using “recommended apps for learning and teaching, how are such apps assessed for security and possible privacy breaches?

How do existing privacy and data policies address the use of mobile in learning and teaching?

Amongst other things, I am thinking that it is important to carry out a risk assessment plan in considering BYOD for a learning environment…What would be the elements of such a plan?

 

TBC…

Advertisements

2 comments

  1. Definitely these issues must be considered. As with the encryption of laptops, is a similar level of protection available for mobile devices, both those of students (whose responsibility is this, student or DIT?) and of staff (is this readily-available via DIT’s IS division? )? The thought of also having to do a risk assessment along with all the other additional requirements of a mobile learning project is starting to make it look prohibitive. DIT’s student contract needs to be amended/expanded to make the handling of student data on mobile devices and via cloud services and apps subject to no more constraints than on pcs or via the internal networks. Re the use of external apps, I think that so long as no harm is intended by a lecturer in the suggestion that a particular app should be used; and no obvious security issues can be seen during a limited evaluation then this should be sufficient and cover the lecturer/institute if something does go wrong. However, legal opinion might be different so this could be a useful question to pose too some of our colleagues in the law department. I’ll expand this comment in my on blog anon.

    1. It’s as a result of projects such as these we begin to unravel these issues so it’s a learning process. With many of these technologies, we are right at the beginning so it is going to take some time to catch up…and I understand the the law is also playing catchup. There is no encryption for mobile devices and the encryption that exists is only for institute owned machines…not student owned laptops. The student contract was amended not too long ago to allow the use of texting, so the institute is responding to change as it happens in this arena. Loads to think about though!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: