The Rise of Proactive Data Management in Higher Education

By: Higher Education Review Team

a student in front of a laptopData privacy is a growing worry as our lives become more and more intertwined with technology. 2023 research from the Pew Research Center puts a figure to the anxiety, highlighting the fact that in the United States, 81% of adults note a level of concern in regard to how companies “use the data they collect about them.” Many young adults, however, may not be aware that this same concern should be directed towards their place of study, especially in light of data breaches experienced by colleges and universities. Awareness of the risks associated with student data is crucial for both students and universities, and can ultimately culminate in proactive measures that aim to protect student data — and permanently erase it when necessary. 

 A peek at the student’s perspective

 Higher education institutions collect a serious amount of data on their students. This data encompasses a variety of categories, including (but not limited to) academic records, financial information, and other sensitive (and personally identifying) information. An EdTech article by Amy McIntosh dissects the matter by highlighting research from a report titled College Students’ Attitudes Toward Data Privacy, which pulls the curtain back on the student perspective. According to the research highlighted in McIntosh’s article, students seem to have high expectations for their colleges in regard to their personal data, as the survey revealed that a significant amount of respondents (70%) do in fact have trust in their place of study “to protect their personal information.” After all, it’s in the institution’s best interest to do so — yet this doesn’t mean that breaches don’t happen.

 The survey highlighted by McIntosh also revealed that many (71%) are of the opinion that they should have a say in, or the ability to “control” how their institution uses their data. It’s important to note that students aren’t necessarily against their personal data being out there, especially when it’s being put to good uses that benefit the student experience. In fact, a Higher Ed Dive article by Jarrett Carter shines a light on Campus Technology, which notes that a great number of students (70%) prefer that their personal data be used in order to “improve experiences in academic progress, student services and extracurricular activities.” 

 Understanding the weight of the matter

 Students throughout the country may believe that once they graduate, their data is properly thrown out the window once and for all. In reality, institutions in higher education are bursting at the seams with data. Some of it (such as transcripts and enrollment history) are retained indefinitely, while other types of data may be permanently deleted after a set retention period. As such, institutions typically have data that encompasses both current and past students, and very likely have data on others who may be associated with the university (employees, donors, etc.). It’s common for educational institutions to have data retention timelines and policies, as well as cybersecurity measures in place. However, this doesn’t always prevent breaches.

 Data breaches in the higher education industry can have a significant impact, and the more data that is present, the more potential for damage. ‘Dark data’ is another concern, which is generally described as data that is unused or uncategorized (think old student data, etc.). On the topic of breaches in higher education, a 2025 Forbes article by contributor Steve Weisman explores a recent incident in which Columbia University had announced it had been hit with a data breach that same year. 

 In the education industry, data breaches can have a damaging impact on both students and the institution as a whole. The Columbia University data breach had an impact on a sheer 868,969 individuals, with Weisman’s article going on to list the data that was compromised, noting that it involved “much more” than Social Security Numbers and dates of birth. One of the most intriguing (and revealing) elements of this example is the fact that the number of those affected includes both past and current students, an element that perfectly captures the vulnerabilities at play when institutions are collecting — and keeping — so much data.

 Permanent, certifiable data erasure is always ideal, even in regard to individual devices that will be reused. Many colleges and universities across the United States offer institution-issued technology like laptops. When these laptops are returned to the institution, it’s crucial that the data on them is properly and permanently erased, as the typical factory reset is known to be insufficient. An official erasure process, however, will effectively overwrite the data, which in turn will result in permanent deletion and make any data unavailable to the new user. When abiding by official guidelines from sources like the National Institute of Standards and Technology (NIST), data erasure in education can be effective and thorough, benefitting both the student body as well as the institution where data protection policies are concerned.

 Institutions must be action oriented

 Students can only do so much in the protection of their personal data. Beyond basic cybersecurity practices such as using strong passwords, institutions themselves must take charge of student data in the proper manner. The Family Educational Rights and Privacy Act of 1974 FERPA helps protect student data from nonconsensual and unauthorized access, though there’s much more to data privacy and security than that — especially in the prevention of data breaches and sufficient management of dark data.

 Having a data retention and deletion policy that includes permanent erasure is critical for institutions across the higher education industry, especially when the goal is to minimize the amount of unnecessary data that the institution holds onto. This not only enacts a timeline that provides peace of mind for former students, but demonstrates the responsible handling of data as a whole through a detailed plan. There are other ways that institutions in higher education can be proactive in regard to protecting their student’s data. A separate EdTech article by Mary Shacklett outlines basic yet powerful methods that institutions in higher education can implement, namely in order to take charge of dark data. This includes basic measures, like performing a data audit, organizing the data, and putting automation to good use in regard to deletion, to highlight just a few key steps.

The vast amounts of data that colleges have on hand can be a terrifying reality, and one that the average student may not recognize as a vulnerability. By taking a proactive approach, institutions can set a higher standard in regard to data privacy, protection, and erasure through thoughtful retention policies that place security at the forefront of the mission.

Read More

Why Hiring a Personal Injury Lawyer Matters After Any Collision

10 Benefits of Hiring a Personal Injury Lawyer

Current Issue

https://www.thehighereducationreview.com/

TheHigherEducationReview Tv


Copyright © 2026 All rights reserved. | About Us Privacy Policy Terms of Use Higher Ed Recap '25