Using Third-Party Technology
An ever-changing array of platforms and services offer inexpensive or free applications that have proven useful for sharing in educational contexts — applications for mindmaps, timelines, visual presentations, photo galleries, blogs and microblogs, bibliography management, shared webpage annotations, and more. The University itself has been working on ways to make use of such offerings without compromising the campus community’s need to protect student data and intellectual property. The situation with respect to the use of cloud services is fluid, entailing changes to policy and resource models as well as to the technologies themselves.
If you are thinking of using a non-campus service requiring users to create an account for instructional purposes, you should be aware of several important questions to consider, including the following.
FERPA (the Family Education Rights and Privacy Act) mandates that students’ academic information be protected. What kinds of information or content would you be asking students to submit to the non-campus service? Might any of that be protected under FERPA? How secure would that information be on a non-campus server? For more information about FERPA, please see the University Registrar’s Disclosure of Information from Student Records: A Quick Reference for Faculty and GSIs. bCourses, Google Docs via bDrive, and other secure University systems do meet FERPA guidelines.
A related question is whether any of your students would feel their privacy rights would be affected by creating or using an account at the service for course work. If the answer is yes, then these students will need a way to access course material and participate in learning activities without creating or using an account.
Who technically owns the content you and your students upload to the site? Would students’ intellectual property rights, or yours, be protected?
Members of the UC Berkeley community agree to campus codes of conduct that apply to their use of University electronic resources, and the University is able to investigate any alleged violations of this code. What kinds of investigation or redress would be available with the non-campus service if a student reported that someone had violated the code in a way that negatively affects that student?
Should the business fail, or be transferred to another owner, or substantially change its way of operating, what would happen to the data and to your students’ control or your control of the content?
There is deep concern that federal legislation over the last several years makes it easier for federal investigators to request data from outside providers without the University being informed. Could students’ privacy or academic freedom be impinged upon if content that they put on the non-campus server were requested in this way? Could yours?