Advice using third party tools
By Andy Beggan
There is an increasingly wide array of external third-party tools available online and through application downloads which staff may find useful to support their personal productivity or to engage their students. Whilst utilisation of these tools can often prove more convenient, with advanced features that provide a richer experience than centrally available, staff must ensure that any data or information stored on non-University provided services–in relation to their roles–complies with University regulations on data protection, ICT Acceptable Use Policy and compliance with the software vendor’s license terms and conditions. For most cases, the use of University supported services is recommended, but the University recognises that on occasion the use of externally available third-party tools can deliver an enhanced student experience. Under these circumstances, their use should be limited exclusively to time-bound and cohort-specific activities (e.g. group task within a seminar).
UK data protection legislation requires that all personal data must be held securely; this includes any personally identifiable data such as names, email or IP addresses. Student use of third-party tools should be anonymous wherever feasible (using guest logins on University devices), however, students must be reminded of appropriate conduct online and staff should avoid free text entry/free image upload without appropriate safeguards (see below). An alternative approach is the use of temporary student allocated generic accounts (for example, a list of students and their allocated account, such as student01, student02, etc.) where no personal data is uploaded to the third-party system but accounts are clearly identifiable within the cohort. In these circumstances, advice should be given to students to avoid entering details which may identify them personally, or remedial action should be taken by the staff member to delete as soon as possible.
If any external services require students to create an account or use personal devices, the data generated (student responses etc.) as part of the activity should only be retained for as long as is necessary to reasonably complete the required activity; this should not exceed one academic year. Students should be advised on how to delete their accounts on completion of the activity.
Where required to complete an activity organised by a member of staff, students should be given the choice of whether to create an account individually or–if appropriate–work with a partner or group account. Again, within group activities, members should be reminded of appropriate behaviour online. Deletion of student entered data in-between sessions is the responsibility of the individual staff member. Staff members may also consider the promotion of University supported alternatives for students to select from, where selecting from a variety of options is possible.
If students do decide to create a personal account within a third-party service, staff members should brief their students that they are: signing up for an external service; that they are entering an agreement with an external provider (not the University); it is their personal account for which they are solely responsible; that any information uploaded may be accessible on the public web; and remind students of the risks associated with entering personal data or infringing copyright law.
Anonymity can be a positive motivator for encouraging student contributions within a classroom setting; as well as ensuring data protection for the students. However, caution should be applied where anonymity and free text entry (or image upload) is used in combination due to the regrettable potential for abuse. In these circumstances, consideration should be given to:
- Use of allocated student accounts, following guidelines outlined in this paper
- Use of filtering, perhaps through moderation via a separate device or monitor, before publication on any public displays
- Use of closed questions or discrete options (recommended), where student interaction is confined to defined parameters
- In all circumstances, students should be advised of expectations of professional conduct and mutual respect towards all participating in any activity. Please seek advice from email@example.com if you have any questions.
When creating an account on a third-party system, staff and students must not use their University email address and University password in combination. Use of the University email address may be convenient for collating email notifications (where this is possible), but a different and strong password should be selected for each third-party service used. Use of your University email address will help to separate staff and student’s personal social online identity from the one used with the University account. This may be preferable and encouraged where appropriate. However, the account created remains the personal responsibility of the individual and access may become restricted once the University email becomes unavailable (once the staff member or student leaves the University), as such any staff member or students should be made aware and encouraged to delete or transfer credentials as required before leaving.
Students should also be advised that use of a University email address does not mean this is a University supported system. Staff members must also advise their students accordingly. Avoid wherever possible the use of third-party services that publically display personally identifiable data such as email addresses.
Students creating personal accounts must do so voluntarily and be informed of any risks associated with entering personally identifiable data. The selection of third-party services which provide good user control over personal information, including easy deletion and export features, is always strongly recommended.
Deletion and Retention:
Once the activity is complete, it is the staff member’s responsibility to delete (and export) all data related to the activity.As such, check that the data can be easily deleted and/or exported prior to the activity. Students are of course welcome to retain their personal accounts should they wish to; however, staff must advise students on how to delete their personal accounts as part of the exit process. Any staff members wishing to keep a record of the activity should export to a portable format (such as a PDF version) and upload onto the VLE for retention.
Use of third-party tools is not recommended for delivering summative assessments. However, use for formative assessment can offer a richer assessment menu. Under these circumstances, any utilised third-party tools should apply with the above advice on retention. In addition, students may wish to personally use third-party tools to support summative project activities or to create an online portfolio. Under these circumstances, students should be reminded that this is not a University managed environment and any final outputs must be uploaded to an appropriate University supported system for formal assessment and retention.
Use of third-party tools can often be licence free, however, any use must conform to the license terms and conditions including payment of any fees as appropriate. This is the responsibility of the staff member using third-party tools to check, but advice and support is available through either the Digital Education Team, ICT or Procurement as appropriate. In addition, the data provided by individuals within third-party systems can be valuable to some external organisations. Staff members should check that any third-party tool complies with current UK legal requirements for data protection by checking its Privacy Notice, and if the tool is hosted outside of the EU then the software company needs to have committed to protecting personal data in a similar way, such as by signing up to the US-EU Privacy Shield scheme. If in doubt, please seek advice from firstname.lastname@example.org.
Please note, that whilst some third-party services may begin as free, there is no guarantee that this or even the service will continue indefinitely. Neither is there any guarantee that there aren’t hidden costs (for additional tools or features) which can be promoted to students to encourage further payment. Staff members should ensure that students are not subjected to any hidden costs and only freely available features are utilised. The University has an obligation to disclose any additional costs incurred by students, therefore, students must be warned how to avoid (where appropriate) any hidden or unnecessary additional charges. If there is any uncertainty, staff members should not use any third-party tool where free access to students cannot be guaranteed. As per University guidance, use of third-party tools should be reviewed yearly to avoid any changes in fee structures being applied to students or unforeseen closure to the service.
Staff members should always familiarise themselves with the terms and conditions of any third-party service used. Some services may request that you grant a licence to reuse any content posted onto the service. This is often designed to protect the service provider, but careful consideration should be given to how comfortable you are with having the content of the activity shared outside of the cohort group? Wherever possible, password controls or unlisted web links should be selected within the system’s settings before sharing with students.
Ensuring the reliability of and the support for a third-party service is not the responsibility of the University. Neither is the University able to restore or access any data submitted to third-party systems. However, support materials may be accessible within the third-party tool or freely available on the web. Any re-use of support materials with students must comply with copyright restrictions.
Full support is provided for Lincoln provided digital tools, with access to face-to-face CPD workshops, online PDFs and support videos.
Whichever tool or service is used, it is important to ensure that no student is disadvantaged by its selection and consideration is given to alternative access or formats for students with disabilities or special needs. This may include ensuring the tools selected support international accessibility standards (WCAG or Section 508) or by providing alternative opportunities.
Use of third-party tools to support teaching can often provide a richer learning experience for students, but staff should be aware that: there is no support provided centrally by the University; both staff and students should understand the risks associated with use (as detailed within this article), and everyone must adhere to the expectations outlined within the University’s Acceptable Use Policy.
Digital Education welcomes hearing about the successful utilisation of third-party tools. These can often provide interesting case studies for colleagues or inform the selection and integration of a wider suite of University supported tools. Please email email@example.com.