Unsupported Apps and Student Privacy

When using applications that are not supported or assessed by the university, consider the data that is being shared on those platforms and how to best avoid sharing student identifying data.

Students have a right to privacy protected by BC's Freedom of Information and Protection of Privacy Act (FIPPA). In a nutshell, we cannot store student identifying information on servers abroad or with services that share or sell user-data outside of our control.

You can still be in compliance with FIPPA when using unsupported applications as long as you are in control over how you and your students are using the service and what data you are sharing. See our page on FIPPA and student privacy for more information and an example of a Course Outline Privacy Message template.

Contact TLC staff if you have questions or need help assessing an external service and FIPPA compliant workflows.

Protecting Student Privacy

The Freedom of Information and Protection of Privacy Act (FIPPA) sets out the access and privacy rights of individuals as they relate to the public sector. FIPPA establishes an individual's right to access records, and sets out the terms under which a public body can collect, use and disclose personal information of individuals.

When using applications that are not supported or assessed by the university, ensure you have your student's informed consent and find workflows that allow students to use the service without compromising their privacy:

  • Can students use the application anonymously without creating an account?
  • Are students forced to sign up to the service? If so, can they use a dummy email or an alias?
  • What type of data will you be sharing with the service or application? Avoid sharing any student-identifying information like last names, private emails, home addresses, location and grades.
Opened.ca: Mattermost and WordPress

Opened.ca is a site maintained by a community of local educators and learning technologists who focus on post-secondary open-ed resources, online learning and student privacy.

  • Request a FIPPA compliant WordPress blog hosted on EDU Cloud servers here in BC.
  • Request and run your own Mattermost chat channel (FIPPA compliant Slack clone) for your class.
  • Join their OpenED Tech Mattermost channels to keep up to date on H5P, WordPress, Moodle and open ed resources.

Contact ngauer@ecuad.ca if you have questions or need help getting started.

Figma

Figma is a collaboration and whiteboarding platform which allows educators and students to sign up for a free educational account. Figma is not FIPPA compliant as its servers are located outside of Canada. According to their Privacy Policy Figma automatically collects user data and online behaviour via cookies, and may receive and share such data with third parties.

To use Figma in a FIPPA compliant way:

  • Instructors with an account can create a document and invite students to collaborate anonymously without signing up. The downside is that anonymous editing sessions are only open for 24 hours at a time.
  • Avoid storing student identifying information on the platform like grades, names and addresses.
  • Inform the students that this is not a FIPPA compliant platform and encourage them to sign up using an alias and 'dummy' email account to minimize online tracking.

You can request an educational account here.

Miro

Miro is an excellent whiteboard and collaboration tool. However, it logs and stores data on servers abroad and is not FIPPA compliant. However, you can still use it in compliance with FIPPA by using it in a way that protects student privacy:

  • Students can participate on boards the instructor creates without having to sign up for a Miro account
  • Be careful to not share student identifying information on the platform (last names, emails, grades, addresses)

Instructors can request an Education License from Miro free of charge here. Browse Miro's Documentation to get started.

Watch this workshop recording for how to get started using Miro in compliance with FIPPA.

Discord

Discord is a commonly used messaging and voice chat application that works cross-platform on desktop and mobile. Their services are not FIPPA compliant, but you can still use it in compliance with FIPPA:

  • Students can participate on boards or groups without signing up for an account
  • Be careful to not share student identifying information on the platform (last names, emails, grades, addresses)

Discord download and documentation.

Slack

Slack is a commonly used messaging application that works cross-platform on desktop and mobile. Their services are not FIPPA compliant, but you can still use it in compliance with FIPPA as long as you take some precautions.

  • Students can sign up for an account using an alias and a dummy email
  • Be careful to not share student identifying information on the platform (last names, emails, grades, addresses)

Slack download (under Product menu) and documentation.

Google Docs and Jamboard

Google tracks and collects user data across all their apps and services and is therefor not FIPPA compliant. It is often hard to use any of Google's services without being automatically logged in with one's private Google account, and students should not have to use their private google account for course participation.

You can, however, use Google Docs and Jamboard in compliance with FIPPA if the instructor creates the Google document or Jamboard using their ECU account and set the document up for anonymous collaboration. This way the student can join as an editor without logging in with their private Google account.

To ensure students aren't automatically logged in to their private Google account when participating on a document or Jamboard:

  • Instruct students to either log out of Google - or to open the Google Doc or Jamboard URL in a new Private (Incognito) browser window
  • The students can join and participate using their first name or an alias without having to log in