October 9, 2015

Balancing the use of social media and privacy protection in online learning

Listen with webReader


Figure 9.9 Privacy ranking by Privacy International, 2007 Red: Endemic surveillance societies Strong yellow: Systemic failure to uphold safeguards Pale yellow: Some safeguards but weakened protections http://en.wikipedia.org/wiki/Privacy#mediaviewer/File:Privacy_International_2007_privacy_ranking_map.png

Figure 9.9 Privacy ranking by Privacy International, 2007
Red: Endemic surveillance societies
Strong yellow: Systemic failure to uphold safeguards
Pale yellow: Some safeguards but weakened protections


This is the last of the SECTIONS criteria for selecting media for my online open textbook, Teaching in a Digital World. The last ‘S’ stands for Security and Privacy.

This is a change from earlier versions of the SECTIONS model, where ‘S’ stood for speed, in terms of how quickly a technology enabled a course to be developed.. However, the issues that I previously raised under speed have been included in Section 9.3, ‘Ease of Use’. This has allowed me to replace ‘Speed’ with ‘Security and privacy’, which have become increasingly important issues for education in a digital age.

9.9.1 The need for privacy and security when teaching

Instructors and students need a private place to work online. Instructors want to be able to criticize politicians or corporations without fear of reprisal; students may want to keep rash or radical comments from going public or will want to try out perhaps controversial ideas without having them spread all over Facebook. Institutions want to protect students from personal data collection for commercial purposes by private companies, tracking of their online learning activities by government agencies, or marketing and other unrequested commercial or political interruption to their studies. In particular, institutions want to protect students, as far as possible, from online harassment or bullying. Creating a strictly controlled environment enables institutions to manage privacy and security more effectively.

Learning management systems provide password protected access to registered students and authorised instructors. Learning management systems were originally housed on servers managed by the institution itself. Password protected LMSs on secure servers have provided that protection. Institutional policies regarding appropriate online behaviour can be managed more easily if the communications are managed ‘in-house.’

9.9.2 Cloud based services and privacy

However, in recent years, more and more online services have moved ‘to the cloud’, hosted on massive servers whose physical location is often unknown even to the institution’s IT services department. Contract agreements between an educational institution and the cloud service provider are meant to ensure security and back-ups.

Nevertheless, Canadian institutions and privacy commissioners have been particularly wary of data being hosted out of country, where it may be accessed through the laws of another country. There has been concern that Canadian student information and communications held on cloud servers in the USA may be accessible via the U.S. Patriot Act. For instance, Klassen (2011) writes:

Social media companies are almost exclusively based in the United States, where the provisions of the Patriot Act apply no matter where the information originates. The Patriot Act allows the U.S. government to access the social media content and the personally identifying information without the end users’ knowledge or consent.
The government of British Columbia, concerned with both the privacy and security of personal information, enacted a stringent piece of legislation to protect the personal information of British Columbians. The Freedom of Information and Protection of Privacy Act (FIPPA) mandates that no personally identifying information of British Columbians can be collected without their knowledge and consent, and that such information not be used for anything other than the purpose for which it was originally collected.

Concerns about student privacy have increased even more when it became known that countries were sharing intelligence information, so there remains a risk that even student data on Canadian-based servers may well be shared with foreign countries.

Perhaps of more concern though is that as instructors and students increasingly use social media, academic communication becomes public and ‘exposed’. Bishop (2011) discusses the risks to institutions in using Facebook:

  • privacy is different from security, in that security is primarily a technical, hence mainly an IT, issue. Privacy needs a different set of policies that involves a much wider range of stakeholders within an institution, and hence a different (and more complex) governance approach from security;
  • many institutions do not have a simple, transparent set of policies for privacy, but different policies set by different parts of the institution. This will inevitably lead to confusion and difficulties in compliance;
  • there is a whole range of laws and regulations that aim to protect privacy; these cover not only students but also staff; privacy policy needs to be consistent across the institution and be compliant with such laws and regulation.
  • Facebook’s current privacy policy (2011) leaves many institutions using Facebook at a high level of risk of infringing or violating privacy laws – merely writing some kind of disclaimer will in many cases not be sufficient to avoid  breaking the law.

The controversy at Dalhousie University where dental students used Facebook for violent sexist remarks about their fellow women students is an example of the risks endemic in the use of social media.

9.9.3 The need for balance

Although there may well be some areas of teaching and learning where it is essential to operate behind closed doors, such as in some areas of medicine or areas related to public security, or in discussion of sensitive political or moral issues, in general though there have been relatively few privacy or security problems when teachers and instructors have opened up their courses, have followed institutional privacy policies, and above all where students and instructors have used common sense and behaved ethically. Nevertheless, as teaching and learning becomes more open and public, the level of risk does increase.

9.9.4 Questions for consideration

1. What student information am I obliged to keep private and secure? What are my institution’s policies on this?

2. What is the risk that by using a particular technology my institution’s policies concerning privacy could easily be breached? Who in my institution could advise me on this?

3. What areas of teaching and learning, if any, need I keep behind closed doors, available only to students registered in my course? Which technologies will best allow me to do this?

Over to you

1. I couldn’t find more recent references on this issue than 2011, when it seemed to be a hot topic. Has anything significantly changed with regard to privacy and social media in education since 2011 that I should be aware of? Or have our institutions nailed it regarding sensible policies and practices? (Did I hear guffaws?) References would be particularly welcome.

2. If anyone would like to share their experiences regarding privacy issues as a result of using social media for teaching, please either send me an e-mail (for privacy reasons) or share a comment on this post.

Up next

The final section on Chapter 9: Making decisions about what media to use. This will suggest a relatively simple approach for what is in effect a highly complex topic.

Yes, I know, you just can’t wait for this final episode. Keep tuned to this station.


Bishop, J. (2011)  Facebook Privacy Policy: Will Changes End Facebook for Colleges? The Higher Ed CIO, October 4

Klassen, V. (2011) Privacy and Cloud-­Based  Educational Technology in British Columbia Vancouver BC: BCCampus

See also:

Bates, T. (2011) Cloud-based educational technology and privacy: a Canadian perspective, Online Learning and Distance Education Resources,, March 25



Why learning management systems are not going away

Listen with webReader

Will new LMSs change the teaching and learning environment?

Contact North has just published online a series of six short papers (10-12 pages) under the title of Learning Management Systems: Disruptive Developments, Alternative Options and the Implications for Teaching and Learning. The papers are:

Module 1 – Learning Management Systems in Ontario: Who’s Using What? (also covers all Canadian post-secondary institutions)

Module 2 – Thinking About Choosing a Learning Management System?

Module 3 – From Wikis to WordPress: How New Technologies Are Impacting the Learning Management System

Module 4 – Making Decisions About Learning Management Systems: Building a Framework for the Future

Module 5 – Different Approaches to Online Learning and the Role of the Learning Management System

Module 6 – 8 Basic Questions About Learning Management Systems: The Answer Sheet

These papers need to be read together – for instance modules 2 and 4 are separate bits of the same topic. Module 6 gives the short answers but just reading that will not provide the evidence on which the answers are based – and like all evidence, it is open to different conclusions.

How the study was done

My colleague Keith Hampson and I were responsible for developing these papers, which aim to go beyond comparing different LMSs by looking at their future, especially in the light of other developments in learning technologies, such as web 2.0 tools.

Keith did most of the original research, interviewing senior managers from the LMS companies and collecting data about the use and choice of LMSs in Canada. I focused on new technologies, and how they are being used, with examples drawn from mainly from Ontario (see Contact North’s Pockets of Innovation) but also from British Columbia.

What the results mean to me

This was an interesting experience. As with all good research, the outcome was not quite what I had anticipated (I had thought before the study that LMSs would go the way of the dinosaur) and here are my personal views on the future of learning management systems.

1. LMSs are here to stay. There are several reasons for this:

  • Most instructors and students need a structure for teaching: what learning outcomes to aim for, what topics to cover and their sequence, what activities are needed for students to achieve the learning outcomes, the timing of work for students, and a place for assignments and assessment. By definition, LMSs provide such a structure (note this applies equally to classroom teaching; I see the use of some kind of digital LMS becoming standard for organizing most post-secondary teaching)
  • Instructors and students need a private place to work online. This came out frequently in the interviews. Instructors wanted to be able to criticize politicians or corporations without fear of reprisal; students wanted to keep stupid comments from going public or wanted to try out ideas without having them spread all over Facebook: password protected LMSs on secure servers provide that protection.
  • The choice is not either an LMS or web 2.0 tools. Web 2.0 tools can be used not only outside an LMS, but also with an LMS (through links) and can even be embedded within some LMSs. We are really talking about structure rather than tools – the tools sit within the structure. This is particularly true for the new generation of LMSs that are emerging which are in reality a flexible combination of tools.
  • However, the main reason is that institutions are becoming increasingly reliant on LMSs. They are increasing looking to LMSs to integrate data from teaching with administration, to provide data on student performance, for appeals against grades, and for reporting and accountability purposes. Learning analytics (or rather data analytics) in particular will drive increasingly the dependency of administrations on LMSs. I’m not saying this is a good thing, but it’s the reality. I will be discussing in a later blog some of the downside of learning analytics, but the drive for accountability is not going to diminish, and LMSs are a valuable tool for administrators.

2. Although LMSs are valuable for providing a structure or framework for learning, the significance of web 2.0 tools such as open source content management systems (WordPress), blogs, wikis, etc., is that we should be thinking more broadly than just the LMS. Instead we should be thinking about virtual learning environments and how these can be used to increase student engagement, develop learning skills as well as manage content, and bring in the outside world into our teaching, while at the same time providing the privacy and security that most instructors and students feel is an essential condition for learning. LMS will be just one part of that equation – but they will still be an important part.


We deliberately tried not to be directive, but to provide frameworks for discussion. So enjoy reading these papers and let me know your reaction to them.

Further reading

Demski, J. (2012) Rebuilding the LMS for the 21st Century Campus Technology, March 29

This excellent article asks (and answers) the question: Can the goals of 21st century learning be met by retooled legacy LMSs, or does the future belong to open learning platforms that utilize the latest technology?

Jones, D. (2012) Why learning management systems will probably go away The Weblog of (a) David Jones, April 6. A good counter-argument to my post.

For a good introduction to and comparison of LMSs, see: Chase, C. (2012) Blended Learning – Learning Management Systems, Make EdTech Happen, May 14

Key mobile strategy issues

Listen with webReader

Mobile learning centre Algonquin College, Ontario

Fuhrman, T. (2011) Mobile strategy or moving target?, Campus Technology, November 1

This paper looks at five issues that need to be considered when developing a mobile strategy for university and college campuses, based on experience from Columbus State University and University of Wisconsin-Madison:

1. Develop own mobile website, apps, or both?

2. Inhouse, outsource or customize?

3. Cross-platform development

4. Costs

5. Security.

Since the answers all end up being: ‘It all depends’, you need to read the article for the answers.


From this and a number of other articles, campus mobile strategy (like many other technology innovations) seems to be driven primarily by student administrative and student service agendas, rather than by teaching and learning applications. Nothing wrong with using mobile for student services, of course, but again there is a danger that if there is not enough experimentation on the teaching side, key decisions that do not always support teaching applications will be made that will be difficult to reverse later on.

I just wish there was as much news and literature on strategies for the mobile learning side. However, I will shortly be reviewing a new book on mLearning that should answer some of these questions:

Quinn, Clark, N. (2012) The Mobile Academy: mLearning for Higher Education San Francisco: Jossey-Bass/John Wiley


Five security threats for e-learning in 2011

Listen with webReader

For those who always look under the bed for a bogeyman, this should help keep you awake at night:

Schuman, G. (2011) Higher Education’s Top Five Network Security Threats for 2011 Campus Technology, January 12

Written by someone who sells IT security systems, the article lists the five areas of threat:

  • mobile devices
  • viruses spread through social media (ah, I knew that there would be punishment for such promiscuity)
  • virtualization
  • embedded devices (i.e. automatic equipment that opens garage doors, etc.)
  • consumerization (i.e. people buying IT gadgets that also connect to institutional networks).

The good news: there’s always a solution (at a price).

Why governance of IT is so important for academics

Listen with webReader

Kolowich, S. (2011) Security hacks Inside Higher Education, January 27

This should be required reading for every research academic who collects data, for every CIO, and for every university board, which ultimately has responsibility for governance.

This article, about a medical researcher who was fired for a breach of data security at the University of North Carolina at Chapel Hill, is a classic case of why every institution needs to have an IT security protocol in place that is communicated and understood by all academics.

In this particular case, there are no winners, not the patients whose personal information was compromised, the professor who did not pay sufficient attention to the technical aspects of data security, the CIO, who should have ensured that there was a system in place for effectively tracking and monitoring the security of data, and for the board, who are ultimately responsible for ensuring that there is a coherent and effective governance structure. This is, as one of many interesting comments on the article put it, a complete system failure. But there for the grace of God go most universities.