Why U.S.-Based Colleges Need to Get Serious About Data Protection

Last updated on: June 24, 2021

clock icon 3 minute read
clock icon 3 minute read

Colleges and universities collect and analyze student data to better serve them. However institutions need to be aware of regulations that affect the ways this personal data is handled. Regulations in the European Union impact how higher education institutions recruit and enroll EU citizens, and more domestic legislation regarding data protection is likely in the future. These regulations, as well as a shifting mindset about data privacy, are bringing on an urgent need for U.S.-based colleges to redesign their data collection and sharing processes to ensure they safeguard student information.

Data Privacy Laws

You might have read about GDPR, which stands for General Data Protection Regulation. Although this European Union data privacy regulation went into effect in May 2018, many U.S. institutions are still working out how to comply with the law, which strictly protects the personal data of EU data subjects.

Compared to Europe, the U.S. attitude toward data privacy and management has been rather relaxed. Things like cookies in web browsers and marketing emails are fairly common. But the introduction of GDPR was a much-needed wake-up call for institutions to identify what kind of student data is being captured, how it’s being captured, who has access to it, and where it’s stored. In a time in which consumers are demanding more transparency, students will soon expect higher education institutions to be able to provide this information.

GDPR is not the only data privacy law that universities have had to give consideration to. For example, the California Consumer Privacy Act, originated in the U.S. and took effect in January 2020. In addition, countries such as Japan, China, and Australia have amended data privacy laws as a method of strengthening them or have begun enforcing them more consistently.

Changing Public Opinion on Sharing Data

In the U.S. and around the world, serious cases of hacking by SQL injection and data-sharing scandals have unfortunately become more frequent, and consumers are frustrated to find out that companies they’ve long trusted share or even sell personal data.

A Pew Research Center survey from 2014 found that 91 percent of Americans felt they had “lost control over how personal information is collected and used by all kinds of entities,” while 61 percent of Americans wanted to do something more to protect their privacy.

Millennials and Gen-Z Are Savvy Consumers When It Comes to Cyber Risks

No wonder there’s been increasing pressure on U.S.-based institutions to be more accountable and transparent with the data they are collecting from students. It’s not just the computer science students—all students are incredibly tech-savvy now and realize that any personal information they offer to a university could be mishandled.

To gain the trust of current and potential students, your institution needs to invest the time and resources to put in the required safeguards to conform to these data privacy laws. Announcing this important update, on social media for example, shows students and their parents that your college is respecting the need for greater student data privacy and has taken a proactive approach to embrace fairness and integrity as an educational institution.

How Do Colleges and Universities Protect Student Data?

Data collection and data sharing processes are complex, so it’s no surprise that over-sharing student data or unintentional sharing with outside parties is a common challenge for colleges. To achieve GDPR compliance, your college will have to prove that it’s taken every step possible to secure student data privacy, from information in databases and paper files to hosted email exchange systems. That includes knowing exactly who has access to student data, whether it’s a vendor supporting the university LMS or a subcontracted content provider—and showing that these outside parties, if they do indeed require access, also have the same strict technical safeguards in place.


It can be intimidating to make sense of GDPR, but if your college is already attuned to the requirements of FERPA (Family Educational Rights and Privacy Act), you will have a head start. There is a wealth of information about data privacy laws online at sites such as the Information Commissioner’s Office (ICO) and Commission Nationale de l’Informatique et des Libertés (CNIL).

Want to know more about trends and research in higher education? Read more on our Resources page.

  • Let's Talk.

    Complete the form below, and we’ll be in contact soon to discuss how we can help.

    If you have a question about textbooks, please email sscteam@wiley.com.

  • By submitting your information, you agree to the processing of your personal data as per Wiley's privacy policy and consent to be contacted by email.

  • This field is for validation purposes and should be left unchanged.