New Report: Privacy and Security in State Postsecondary Data Systems

Publish Date
July 13, 2021

State postsecondary data systems contain a wealth of information—including detailed records about individuals—that allow states to analyze and improve their postsecondary education systems. The entities that maintain these systems operate in a context of concern about the privacy and security of educational records. They have both an interest in making valuable information available to researchers and policy analysts and a duty to protect sensitive data.

Washington, D.C. – The State Higher Education Executive Officers Association (SHEEO) has released the first in a series of papers based on results of the 2020 administration of SHEEO’s Strong Foundations survey. This first paper outlines the use of benchmark privacy and security processes, standards, and practices in state postsecondary data systems.

Respondents’ answers to the Strong Foundations 2020 survey reflect a desire to stay ahead of the curve regarding privacy and security. Survey responses indicate more state agencies are incorporating more external guidelines, more personnel, and stricter protocols for handling data into their data governance strategies. Three overarching themes stood out in the responses to questions about privacy and security in state postsecondary data systems: States rely on controlling who has access to the data, use legally binding agreements for data sharing, and employ robust cybersecurity infrastructures to ensure their data is private and secure.

Based on the responses to this survey and on evolving standards and legislation, we recommend that state higher education agencies employ the following practices to advance a robust state postsecondary data system – create dynamic and inclusive data governance, establish or update agency data security and privacy policies and practices, and require data security and privacy training.

State postsecondary data systems are vital information resources for policymakers and researchers and contain large amounts of potentially sensitive information about students, faculty, and staff. The agencies that operate these systems take privacy and security considerations seriously, and our research indicates that the prevalence of benchmark privacy and security practices is increasing. By continuing to adapt to emerging privacy and security standards, states can use state postsecondary data systems to develop policy solutions and promote student success, while protecting personal information housed within them.

Learn more and explore the report at


About the State Higher Education Executive Officers Association (SHEEO)

The State Higher Education Executive Officers Association serves the chief executives of statewide governing, policy, and coordinating boards of postsecondary education and their staffs. Founded in 1954, SHEEO promotes an environment that values higher education and its role in ensuring the equitable education of all Americans, regardless of race/ethnicity, gender, or socioeconomic factors. Together with its members, SHEEO aims to achieve this vision by equipping state higher education executive officers and their staffs with the tools to effectively advance the value of higher education, promoting public policies and academic practices that enable all Americans to achieve success in the 21st century, and serving as an advocate for state higher education leadership.