To help institutions support students through the COVID-19 crisis and beyond, Jisc has worked with members and collaborated with the independent Information Commissioner’s Office (ICO) to create an innovative new code of practice for wellbeing and mental health analytics.
Commenting on the new guidelines, Jisc’s chief regulatory adviser, Andrew Cormack, says:
“With universities and colleges concerned about wellbeing and mental health, and suggestions that increased use of data might help them provide better support, we were delighted to have the opportunity to work with the ICO to test ideas.
"This has enabled us to work together to help institution deliver support without increasing the risks to students and staff. By showing how data can be used safely to enable a more supportive student experience, Jisc hopes this code will reassure both educators and students about such innovative uses.”
Reducing risk, maximising benefit
The aim of this work is to explore ways to use data to inform decisions on how to support learners’ wellbeing and mental health.
This is one part of Jisc’s education 4.0 vision for educational transformation, using advanced technologies and data to deliver a more personalised student experience. There is a wide range of possible applications - from something as simple as a screen-break reminder to far more complex ideas, such as creating alerts when a student appears to need urgent help.
Such uses of data can deliver both significant benefits and high risks. Therefore, the code of practice for wellbeing and mental health analytics suggests how universities, colleges and other tertiary education providers can ensure that their use of data to support wellbeing is as safe and effective as possible for students and staff. Success here will require institutions to take responsibility and demonstrate accountability for their actions in selecting, developing, implementing, operating and reviewing data-informed wellbeing processes.
The code recommends that groups and individuals across an institution work together and seek to develop their practice with students, staff, data owners, IT services and university governance, as well as with student support services and data protection officers.
The code highlights this need for collaboration, with sections on stewardship, transparency, responsibility, validity, positive interventions, privacy, and access. Universities UKrefers to this as a ‘whole-university approach’ while Student Minds’ University Mental Health Charter calls it a ‘cohesive ethos’.
Claire Chadwick, sandbox manager at the ICO comments:
“The ICO has been working to help ensure that the code of practice for wellbeing and mental health analytics complies with data protection law. We are pleased to support this innovative project and excited by its potential to benefit learners.”
Safe and legally compliant
Jisc’s code also includes practical tools for data protection impact assessments, and for purpose compatibility assessment for data sources. These tools should help ensure each institution’s activities are, and can be shown to be, both safe for individuals and compliant with the law.
Karen Foster, Jisc’s executive director of data, says:
“We’re proud to have worked with members to develop a code of practice for wellbeing and mental health analytics that we hope will deliver real benefit to staff, students and institutions throughout the UK. Data analytics applications have the potential to deliver wide-ranging benefits and support student wellbeing.
"However, this area also raises complex ethical and legal issues. Our code will help institutions assess their readiness and understand what they need to have in place to deliver benefits with confidence that they are meeting ethical and legal obligations."
The code of practice for wellbeing and mental health analytics is now available, supporting educational institutions to conduct Data Protection Impact Assessments (DPIAs) for their planned activities and to assess compatibility when considering new data sources. The tools should also help institutions meet their General Data Protection Regulation (GDPR) obligations.