Last updated: 
1 month 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Doing the Right Thing with Digital Students

Friday, November 20, 2015 - 08:38

[roughly what I said in a presentation yesterday to the Northern Universities’ Consortium]

I’ve been a full or part-time student for more than thirty years. It's interesting to reflect on how my student record has changed over that time.

In 1981 university administrators no doubt put my typed application in a paper file. Each year they'll have added some exam results and, in due course, a copy of a graduation certificate. Since then the file has been consulted occasionally when I've applied for a job, or when the university sent an appeal to alumni. Much the same will have happened to any student record created in the previous fifty years.

The record that was created for me in 2011 is very different. Obviously it's now digital, rather than paper, but the changes in its uses are even more striking. Nowadays the student record drives what I see every day on the virtual learning environment. And that changes at least every term, if not more often. We students now want new information, new applications, new support. And universities can provide them, indeed must, to match expectations set by the data-driven services we meet in our daily lives. If my music system can recommend things I'd enjoy, why can't the college library? If my fitness targets can be monitored daily and compared with my friends' then why can't my progress through education use similar incentives?

Universities and colleges already have all the raw data needed to provide these services and many more. We all leave trails of "digital exhaust": the many physical and on-line interactions between students and their institutions create a particularly rich source. Virtual Learning Environments and eBooks can record not just what I read, but how long I spend on each page. While students are on campus, systems already record which doors they unlock, which wifi access points they use, what traffic they send over networks. With 93% of students wanting immediate feedback to confirm that they are still on the path to success, shouldn't we use all these data?

Well, maybe…

How would you react if told "people who got good marks spent more time reading this article"? It may be technically possible, but is it helpful? Creepy? Nannying? Or outrageous? The answer probably doesn't depend on what data are used: network usage information can identify both which wireless hotspots need more capacity in the evenings and who watched the football rather than studying. Sometimes indirect measurements can protect privacy – number of wifi connections is a much less intrusive measure of teaching space occupancy than CCTV – but reusing data can sometimes trip over a social taboo. When that happens, users may complain, provide false information, or withdraw from the system entirely. As too many organisations have discovered, perceived misuse of data is bad for your reputation and operations. Trust is really hard to rebuild.

So how can universities and colleges avoid falling into the same trap? Data Protection law provides basic guidance. We should inform people what their data are used for; stick to our own business (if data were collected for education, don't reuse them for commerce); protect individuals' rights (not just privacy, but non-discrimination, freedom of action, etc.; and not just students' rights, either); and offer choices of whether or not to accept personalised interventions. But being lawful isn't enough: lawful things can still be nannyish or creepy. Or irrelevant!

Using digital student records requires new processes, not least because by the time a student graduates their data will be used for things unimaginable when they started. Organisations need to collaborate with their students and staff to discover which applications of student data will be acceptable, and which will be useful. That may involve informal brainstorming sessions, as Jisc has used in deveolping a student app or stakeholder working groups like Jisc's Learning Analytics Code of Practice. More formal Privacy Impact Assessments may indicate that an idea is suitable for general use, or that individuals should be offered a choice between personalised or standard treatment, or that the benefits simply do not justify the risks.

Keeping people informed how their data are being used and involving them in new developments, should demonstrate the benefits (and let us learn early if there aren't any) and give confidence that risks are being minimised. It allows inaccuracies to be identified and corrected: particularly important when so much of the educational experience now depends on data. Digital student data can provide a better and more responsive educational experience, for today's students and those who follow them. Working together should ensure those benefits are achieved.


You must have gone to a great university, I have found it difficult to prove that I went to various institutions as they have been knocked down and not bothered to keep records after about 7 years.

Oops! There's a Jisc resource on how long HE and FE records should be kept (, but I guess that wouldn't help in the case of demolition. Next time I'm talking to people about graduate-held credentials, I'll add your use case...

I was looking to emergrate, one of the admin staff remembered me and wrote a transcript. I often wondered if she had retired what would I have done. Most payrolls didn't have records passed 7 years. So keep your payslips if you want to prove you were ever on the planet.

I was looking to emergrate, one of the admin staff remembered me and wrote a transcript. I often wondered if she had retired what would I have done. Most payrolls didn't have records passed 7 years. So keep your payslips if you want to prove you were ever on the planet.