Abstract
Data collection is a vital component in any organization in regards to keeping track of user activity, gaining statistics and improving the user experience, and user identification. While the underlying basis of data collection is understandable, the use of this data has to be closely regulated and documented. In many cases, the VCDPA (Virginia Consumer Data Protection Act) outlines the guidelines for data use, data controller responsibilities, and limitations however nonprofit organizations are exempt from compliance. Colleges and universities, although still held to some degree of limitation, range in permissiveness with what data they choose to collect and retain but more importantly how and who they share their data with. This study implemented the use of open-coding techniques to look into seventeen different public and private universities in the state of Virginia. Their privacy policies were looked over and compared to the guidelines of the VCDPA to see if Universities were to follow the Data Protection Act, would they uphold the assessments and guidelines. Each of the seventeen universities collected different information and had different policies about who they shared their data too, if at all. A rudimentary scale was created to put each University in a placement. A One on the scale showed that the University was very conservative with their data collection and did not allow any distribution of the University's data to be shared or sold to third party companies. They followed the necessary laws from the government (i.e., turning over student documentation in the case of an investigation, etc) and reserved all other data for the University. A Five on the scale represented an extremely permissive policy that shared data with third-parties and that would violate the VCDPA guidelines if they were held against them. Finally, after all the information was gathered and organized, the question arose of Should nonprofit organizations be held to the same guidelines as for-profits and why? The findings draw attention to the gap in accountability between for-profit and nonprofit organizations, and highlight how some nonprofits have taken advantage of the deliberate inattention and freedoms given to them.
Faculty Advisor/Mentor
Adwait Nadkarni
Document Type
Paper
Disciplines
Computer Sciences | Databases and Information Systems
DOI
10.25776/9crv-j853
Publication Date
4-21-2023
Upload File
wf_yes
Included in
A Study of the Collection and Sharing of Student Data with Virginia Universities
Data collection is a vital component in any organization in regards to keeping track of user activity, gaining statistics and improving the user experience, and user identification. While the underlying basis of data collection is understandable, the use of this data has to be closely regulated and documented. In many cases, the VCDPA (Virginia Consumer Data Protection Act) outlines the guidelines for data use, data controller responsibilities, and limitations however nonprofit organizations are exempt from compliance. Colleges and universities, although still held to some degree of limitation, range in permissiveness with what data they choose to collect and retain but more importantly how and who they share their data with. This study implemented the use of open-coding techniques to look into seventeen different public and private universities in the state of Virginia. Their privacy policies were looked over and compared to the guidelines of the VCDPA to see if Universities were to follow the Data Protection Act, would they uphold the assessments and guidelines. Each of the seventeen universities collected different information and had different policies about who they shared their data too, if at all. A rudimentary scale was created to put each University in a placement. A One on the scale showed that the University was very conservative with their data collection and did not allow any distribution of the University's data to be shared or sold to third party companies. They followed the necessary laws from the government (i.e., turning over student documentation in the case of an investigation, etc) and reserved all other data for the University. A Five on the scale represented an extremely permissive policy that shared data with third-parties and that would violate the VCDPA guidelines if they were held against them. Finally, after all the information was gathered and organized, the question arose of Should nonprofit organizations be held to the same guidelines as for-profits and why? The findings draw attention to the gap in accountability between for-profit and nonprofit organizations, and highlight how some nonprofits have taken advantage of the deliberate inattention and freedoms given to them.