What is Algonquin College doing with student data?
The college is projected to spend between $69.7 to $75.5 million by 2025 on modernizing its student information system, and more broadly, its entire internal software, according to a report presented to the Algonquin College board of governors on October 25, 2021.
This overhaul is called the R3 project.
“R3 is a more than just a student information project, it’s many projects rolled into one,” said Claude Brulé, president of the college.
The R3 system aims to improve the way students interact with the college, improve security and allow the college to stay up-to-date on the current technologies, among other things, according to the R3 information site.
The R3 system also aims to “improve college data as it relates to the Student Information System and position the college to support data initiatives over the long term,” according to the site.
This leads to questions about how the college uses the student data it processes both currently and in the future.
The college uses student and alumni data for several purposes, according to Stefano Bianco, senior privacy specialist at the college. Student data is retained and used for student requirement, student retention and determining financial assistance. It is also used to rate, review and improve academic programs, and for institutional planning, research and statistics.
“Algonquin is a public sector institution, which is subject to the Freedom of Information and Protection of Privacy Act, which strictly controls the release of private information,” according to Bianco.
“The college’s general policy is that it won’t disclose data to third parties without student consent unless required or authorized by law,” said Bianco. “For example, applicable privacy legislation allows the college to share student data with venders who support the operations of the college.”
An example of this would be Brightspace, which has been procured by the college but is managed by a third party.
“That doesn’t mean that the third-party monitors learner data — they are confined to only use it under the data conditions of the agreement we have with them and they cannot use it or disclose for their own purposes,” said Bianco.
Bianco assured that the college does not sell or share student data with private companies for their own marketing or for any other commercial purposes.
Furthermore, he does not anticipate that student data will be used in any new ways with the R3 system.
“If we see the stakeholders want to use learner data in different ways will first access if this is allowed under our current privacy policies and relevant legislation, and if so, we will endeavour to modify our publicly available privacy statement so we can create awareness of these changes,” said Bianco.
The R3 project is currently in development; therefore, the college and company responsible for the project, Thesis, are currently consulting with different stakeholders.
“We have a SA rep that sits on that committee to give student input,” said Emily Ferguson, president of the students’ association. “There is a diverse group that sits on the R3 implementation committee.”
This SA rep will provide a student perspective, according to Ferguson.
Cyber security is also a stated priority of the college’s data management system.
“We are designing privacy and cyber security considerations which are integrated into the system from the get-go as a part of the design,” said Brulé.
“Every other day in the news there is a story about a ransomware attack,” said Bianco. A ransomware attack is a cyber-attack in which hackers steal data from a public institution or corporation, and then encrypt it to make it unreadable. The attacked party then essentially has the ability to read their own data ransomed back to them.
“The damage from an attack like this to public infrastructure is very heavy,” said Bianco. “Without going into too much detail, we are taking precautions such as state-of-the-art encryption and compartmentalizing the data, meaning that users can only see a subset of data that they need to be able to see to do their jobs.”
The new R3 is expected to be implemented at the end of 2022.
