Third Party Services: Legal, Privacy, and Instructional Concerns

Third-Party Services: Legal, Privacy, and Instructional Concerns

A third-party service or tool to support teaching and learning means one that is developed by a company other than Instructure/Canvas. Many of these tools, also referred to as an external tools or LTI tools, have been vetted by the IU Security Office, and are approved for use at IU. LTI tools integrate seamlessly with Canvas, including securely passing grades back to the Canvas gradebook.

For a complete list of approved third-party tools, see External tools available in Canvas.

Instructors should minimize use of non-approved third-party tools, as those tools may violate student privacy in a number of ways.

Two Major Risks to Consider

Risks exist when university information is stored in tools or cloud services not provided or contracted by IU. Most instructional situations face two major risks:

  1. Restricted Information: Information classified as "restricted" may not be stored in any third-party tool without the university entering into a contract with the vendor. Common examples of restricted student data include: grades or graded work, student course enrollment information, and class rosters. These types of information are protected by federal law under the Family Educational Rights and Privacy Act (FERPA).
  2. Intellectual Property: Be aware that some third-party tools attempt to claim ownership of any content on their sites, which can put both your work and that of your students at risk.

University Policy

As an instructor, if you use an application managed by a vendor with whom IU does not have a contract, and it collects protected student data, you may be subject to sanctions, according to university policy Disclosing Institutional Information to Third Parties (DM-02). If your intended use will collect any FERPA-protected data in a third-party tool, do not use it before working through appropriate institutional offices to get a contract with the service.

Review of Third Parties Prior to Sharing Data

When institutional data (such as grades or class rosters) is shared with a third party, the university Committee of Data Stewards requires specific information to be submitted for review, and in the case of critical data, evaluated by the University Information via the Security Office. There is a process for approving third-party tools for use, whether they are purchased by the university, charge students directly, or are free to use; see Protect data shared with cloud services and other third parties for more information on this process.

Other Privacy and Instructional Concerns

Even if you are not sharing restricted student information via a third-party tool, be aware of other challenges involved in requiring students to use such tools or websites.

  • Unknown use of student data. When we sign up for free tools, we often bypass the user agreements and just check "yes" to proceed. Be aware that those agreements may give away rights to students' intellectual property uploaded to the site, or they may allow the company to collect and sell student information. By requiring students to sign up for third-party tools, you may be opening them up to invasion of their privacy.
    • Some instructors will suggest students create aliases for use with such sites, rather than using their real names and email addresses. There are even sites that let users set up temporary, disposable email addresses for such purposes. While this practice does not solve all privacy problems, it can help restrict the collection of student information.
  • Lack of accessibility standards. IU works hard to make sure all the tools we adopt are fully accessible by students needing screen reading software or other accommodations. The university cannot ensure the accessibility of unapproved third-party tools, yet the instructor and university are still liable for any violations of the Americans with Disabilities Act.
  • Proliferation of tools. Aside from privacy and accessibility issues, having students utilize third-party tools makes them learn one more tool and manage one more account. By utilizing IU-supported tools, instructors can help lessen the cognitive overload of learning more new software. 

Cross-Institutional Collaborations

In some cases, instructors want to use third-party tools to connect their classes with those at other institutions, like a Global Classroom collaboration. Instead of using third-party tools, consider having those non-IU students get IU guest accounts and access our suite of tools. It is best if each institution still uses its own respective learning management system (e.g., Canvas) for tracking of student grades and graded assignments. Contact the CITL for more ideas of how to best manage shared class tools. 

What can you do?

Before using a third-party tool in your teaching, consider taking these steps:

  1. See if there are already IU-supported tools that will let you accomplish the same (or similar) tasks. Instructional Technology Consultants in the CITL can help you explore these tools.
  2. Go through the process of getting a third-party tool approved. Note that this process focuses on software purchases and more significant adoptions, not necessarily approvals of the newest social media tool.
  3. If you have questions about legal implications of using a third-party tool, consider speaking with someone in the Office of the Vice President and General Counsel.