Category Archives: Uncategorized

Student Privacy Boot Camp

Presenters

  • Michael Hawes, Director of Student Privacy Policy, US Department of Education
  • Amelia Vance, Education Policy Counsel, Future of Privacy Forum
  • Rachel Rudnick, Privacy Officer / Assistant Director, University of Connecticut

Resources

What is your top privacy concern?

Attendees have many reasons for being here (several on GDPR, the European Union’s privacy law – something International students will care about). I’m specifically here to learn more about the use of student data within web applications. For example, how do we let students know how we’re using their data, beyond ToS (Terms of Service) or EULA (End User License Agreement).

Types of Risk

Keep in mind the “front page of the newspaper” kinds of risks, because that’s a significant driver on the perception side of things.

  1. An actual security or privacy risk
  2. Risk of not being in compliance
  3. Perception Risk

Michael Hawes’ Segment of the Session

By the end of this session, you’ll know a lot more about PTAC – Privacy Technical Assistance Center. This provides loads of guidance and tools you can use in your work.

ED’s role in protecting student privacy

  • We administer & enforce federal laws governing the privacy of student information (FERPA)
  • Raise awareness of privacy challenges
  • Provide tech assistance to schools, districts, states, colleges and universities
  • Promoting privacy and security best practices

What is Privacy?

Privacy and security are related, but not the same thing.

Privacy: the state of being free from intrusion or disturbance in one’s private life or affairs.” Components include:

  • Info
  • Bodily
  • Territorial
  • Communications

Privacy Principles (from NIST):

  • Authority and purpose
  • Accountability
  • Data Quality and Integrity
  • Data Minimization and Retention
  • Individual Participation and Redress
  • Security
  • Transparency
  • Use Limitation

IT Security:

  • Focused on confidentiality
  • Integrity
  • Availability

Privacy and Security overlap at Confidentiality & Integrity, plus Accountability, Audit and Risk Management

FERPA 101

  • 43 years old, passed in 1974
  • Applies to all institutions receiving federal funds under any program administered by the Secretary of Education
  • Gives eligible students the right to access and seek to amend their education records
  • Protects personally identifiable information (PII) from education records from unauthorized disclosure
  • Requires written consent before sharing PII – unless an exception applies

FERPA definitions

PII: is info that alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty.

Education records are any records directly related to the student that are maintained by, or on behalf of, an educational agency or institution.

The Netflix Prize from a few years ago is a good case in point (algorithm to improve their movie recommendation engine). The de-identified data was able to be re-identified by data researchers, based on movie preferences! Favorite movie became highly identifiable information.

  • Directory information exception
  • Students don’t attend school anonymously
  • Allows schools to release certain information without consent. A few examples:
    • name, address, telephone, electronic mail address
    • date and place of birth
    • photographs
    • weight & height of athletes
  • Schools/Districts must designate data elements they consider to be directory information. Common uses: yearbooks, concert programs, telephone directories.
  • Students have a right to opt-out of disclosures under the directory information exception.

School Official Exception: schools or LEAs can use the school official exception to disclose education records without consent to a third party if the 3rd party:

  • performs a service / function the school would otherwise do themselves
  • under direct control of the school / district
  • uses education data in a manner consistent

Health or Safety Emergencies Exception

  • Disclosure necessary to protect health & safety of the student or others
  • Articulable threat to health or safety
  • Typically law enforcement

Parents of Dependent Students

  • A school may choose to disclose, without the students consent, a student’s ed record to that student’s parent if the student is sa dependent for IRS tax purposes.

Judicial Orders & Subpoenas Exception

  • School may disclose PII from ed records necessary to comply with a judicial order or lawfully issued subpoena
  • Reasonable effort to notify eligible student of the order before complying with it
  • Some judicial orders and subpoenas are exempt from FERPA’s notification requirement

Financial Aid Exception

  • Ed records may be disclosed in connection with financial aid

Studies Exception

  • Permits disclosure of PII that are for or on behalf of the school for developing, validation, or administering predictive tests
  • Administering student aid programs
  • Improving instruction
  • Must specify purpose, scope, duration

Attendee question: what counts as consent?

  • Must be written (electronic must be authenticated).
  • Has to specify PII that will be disclosed
  • Has to specify category of people it’s going to
  • Has to specify purpose
  • Has to be voluntary (for example, it cannot be waived in a “blanket ToS” at the beginning of the term)

Data Governance, Online Services, and Predictive Analytics

  • Increase in data silos at IHEs and the importance of Data Governance
  • Guidance on Protecting Student Privacy while Using Online Educational Services (2014) and Model Terms of Service (2015)
  • Be mindful of privacy and ethics when using predictive analytics in higher education

HIPAA

  • If an institution keeps student medical records, HIPAA (generally, but not always) applies, not FERPA
  • Student and treatment records can be very complex! Engage counsel when working with this data

As recipients of federal student aid, universities are financial institutions under the Gramm-Leach Bliley Act.

Audience question: is there a NIST standard for transmitting FERPA data? Yes! When in doubt, ask the school about their requirements for PII.

CASE STUDY 1: DATA BREACH

Knowing how to respond when you’ve had a data breach can be really helpful. Thank about each of the roles needed in your org. The full extent or impact of a data breach is rarely known up front. Don’t get ahead of yourself.

We broke up into groups and discussed the following:

  • Public & Internal communications/Messaging
  • Response Plan

Things to consider:

  • How can you prevent this in the future?
  • Policies & Procedures
  • Central # to call should they have questions
  • FERPA training implemented in any way? Whoever would respond to such breaches should definitely be trained.
  • Have reporting obligations changed?

Federal Laws and Actions

  • FERPA rewrite
    • Potential rollback of 2008/2011 updates
  • Several student data privacy bills introduced in Congress in 2015 and a FERPA re-write may pass in 2018. One bill has been re-introduced in 2017 so far.
  • 40 states have passed 126 laws since 2013
  • Over last 5 years, states have enacted over 100 laws governing how schools and their service providers collect, use, and protect student data

Unintended Consequences

  • Words matter: definitions and vague language; governance needed
  • Fear-based policies
  • Privacy problems with privacy legislation
  • Need for input
  • Penalties

Big case of unintended consequences: LifeTouch (a billion-dollar photo vendor) is impacted and engaged politically because photos can be classified as PII. What do they sell? Yearbooks.

Interesting Trends

  • Governance
  • Transparency
  • Contracts
  • Opt-in or Out Requirements
  • Device and social media privacy
  • Audits
  • Training
  • Penalties (financial & criminal)

State Laws

  • Of 106 state laws passed on student privacy since 2013, only 26 are applicable to higher education.
  • Most laws discussing higher ed either do not differentiate between private or public institutions or higher ed, or only apply the law to state schools.
  • Reflects a perceived inability by state legislators to govern private institutions of higher education.

Lack of laws

  • 75% of data breaches occur in higher ed, so it’s surprising that there aren’t MORE laws governing data breaches in higher ed.
  • In total, 19 states since 2014 have passed laws that included at least one provision targeted at researches. Most of these are governance-focused, but some are far more restricted.

What is Driving These Laws?

Typical comments that encapsulate what’s driving these laws:

  • “What is ed research, and why do I care about it?”
  • “Researchers are able to get access to student data and use it for whatever they want”
  • “Parents should always be allowed to opt their child out of research that will not directly improve their child’s ed or help their child in some direct way”
  • Beyond IRBs

Rachel Rudnick, University of Connecticut Privacy Officer

I think of my role as mostly a compliance function. How many campuses have a privacy office and officer? It differs from campus to campus; there’s no one way to manage it.

Do you have a designated Privacy Officer?

  • What is a privacy officer?
  • Privacy vs. Information Security
  • Privacy Office
  • Centralized function vs. embedded?
  • Just part of someone’s job?

Where Should Privacy Report?

  • Compliance (good place to start, should have buy-in of C-suite)
  • Legal
  • IT
  • Audit
  • Provost
  • Registrar
  • President/Board
  • Nowhere? Everywhere?

Models to Consider

  • Compliance/regulatory function vs. Program
  • Centralized vs. distributed (embedded)
  • Big picture comprehensive program vs. regulation-by-regulation
  • Reactive vs. Proactive approach

What is Privacy?

This is a gross oversimplification, but this helps folk understand privacy a little better, especially when they need to call someone for help:

  • Privacy is the WHAT
  • Security is the HOW

What does a Privacy Officer Do?

  • Does not mean I have a “Do Not Disturb” sign on my door!
  • Knowledge of ever-evolving rules
  • Oversee program
  • Serve as privacy resource/Subject Matter Expert
  • Write and possibly enforce policies
  • Review/draft contract language
  • Assist/provide guidance to faculty, staff, students, constituents
  • Investigate concerns/complaints
  • Educate/conduct training
  • Breach mgmt
  • Internal/external communication
  • Create and maintain relationships/partnerships
  • Work hand-in-hand with the ISO
  • Be a team player > committees, committees, committees…

To manage privacy properly on a campus, you need great partnerships!

Partnerships & Collaboration with Stakeholders

  • ISO
  • Legal
  • Audit
  • Risk Mgmt
  • Senior Mgmt (buy-in, elevator speeches)
  • Functional Offices (registrar, bursar/financial aid, research compliance/sponsored programs, HR/Payroll, Health-related units, etc.)
  • Compliance Cowboys: liaisons to support your efforts; train the trainer

Tools

  • Data inventories
  • Records retention & Info Mgmt strategies
  • Privacy Impact Assessments (PIA)
  • Maturity Modeling
  • Nymity’s comprehensive approach
  • Beg, borrow and steal from colleagues

External resources

  • HE-CPO group (supported by EDUCAUSE)
  • IAPP
  • Law firms
  • Vendors (webinars, free tools)
  • NACUA/AACRAO
  • FERPA|Sherpa
  • PTAC

Want to Be a Privacy Officer?

EDUCAUSE has resources, search for Higher Ed CPO Primer, Parts 1 & 2 on their web site

 

The 2016 EDUCAUSE MEGA Post

Hey y’all! Here’s my “MEGA POST” for my stint at the 2016 EDUCAUSE national conference in Anaheim from October 25 – 28.

Tuesday, October 25

Wednesday, October 26

Thursday, October 27

Friday, October 28

  • [ KEYNOTE ] Because I Said I Would

Preparing for That IT Strategic Planning Project: A Data-Driven Approach

Presenters

  • Jerrold Grochow, CIO-in-Residence, Internet2
  • Sara Jeanes, Program Manager, Internet2

Underlying Ideas for this Seminar

  • Data: facts and statistics collected together for reference or analysis.
  • If you can’t define it, you don’t know what your data says
  • If you don’t analyze it, you don’t know what your data means
  • If you don’t organize and present your analysis, you can’t convince anyone of what it means
  • Data is most valuable when it can be turned into information that can be used for action

Goals

  • Understand what data is important to different constituencies
  • Learn practical approaches to collecting, organizing and presenting that data
  • Start to apply this framework to your own strategic planning projects

What is Strategic Planning all About?

  • Determining where we are now (org assessment)
  • Determining what drives us to the future (drivers & trends)
  • Determining where we want to be in the future (ID strategic issues)
  • Determining how we’re going to to get to that future (develop strategic business plan)
  • “If you don’t know where you want go go, any road will get you there.”
  • “If you don’t know where you are, it’s tough to figure out how to get to where you want to be.”
  • Being aware of external drivers that influence our organization
  • In short: where/what/how, now and in the future

What Makes Data Important?

  • Things that get measured get managed
  • Can be used to look for trends
  • Helps democratize the process by removing emotions
  • Value to the institution
  • Allows for effective SWOT exercise
  • Sets the stage
  • Raises a strategic issus
  • Highlights a trend
  • Distinguishes a constituency
  • Presents a resource concern

Different Types of Strategic Planning Projects

  • Initial plan
  • Revisited plan: why? what changed?
  • Plan update
  • Organizational focus: resources, culture
  • Service focus
  • Technology focus

Strategic Planning Data Planning Framework

  1. Determine type of project and focus
  2. Determine key questions/issues
  3. Assess & define data
  4. Collect data
  5. Perform analysis
  6. Organize & present

Types of Data Needed

  • Skills assessment: what do we need?
  • Who is using our resources, and how?
  • Retention and recruitment: who is leaving and why? What’s their demographic? What are the demographics of the various departments?
  • What’s the data we’ve already got? Staff counts, project portfolio, budgets, etc.

Two Principal Types of Data

  • Primary: data you collect specifically to serve the needs of the strategic planning activity
  • Secondary: data you have (or can get) that was collected for other purposes but that will be useful
  • You are going to have to use data you already have
  • Internal secondary data: operational data, i.e. logs, usage data, help desk ticketing system, admissions data, anything in IR, IPEDS, infrastructure, monitoring, etc.

Operational Data: Service Utilization

  • Definition: how much of a particular service is used by different groups of users
  • Measure: what best shows usage
  • Analysis: trends/patterns
  • Organization/presentation: table, chart, interactive graphic

External Secondary Data

  • What data can you readily get that would be useful?
  • EDUCAUSE Core Data Service, NSSE, IPEDS, census, industry surveys (Gartner, Forrester, McKinsey)

Internal/External can be both primary and secondary

  • Internal: about the organization
  • External: about the environment

How do you collect data?

  • Instrument your systems, surveys, questionnaires, focus groups
  • Sensors

What Kind of Data?

  • Text, numbers, pictures
  • Qualitative
  • Quantitative
  • USE BOTH, to show impact and value

Timing: When Do You Collect Data?

  • Before: to help ID and frame issues, and to ensure the planning process can proceed smoothly.
  • During: as discussion uncovers additional data that would be useful
  • After: to better manage your organization and monitor progress against plan
  • Always: for the reasons mentioned above

How Can We Best Present Data?

In ways that best resonate with the audience, in ways that show importance. For example: “That’s the equivalent of a the cost of a full-time grad assistant” or “IT capital plan == building capital plan” or “system maintenance == building maintenance”

  • Text: quotations, narrative, video
  • Numbers: tables, charts, graphs
  • Pictures: infographics, photos

Institutional Strategic Priorities

  • Understand research and learning/teaching focus areas! This will tell you where senior leadership of the institution wants to go.
  • Understand the financial areas! This will interact with research and learning/teaching focus areas.
  • Understand the technology focus! You’ll be able to explain how this will interact with all the other areas.

Moving to the Cloud with Amazon Web Services

Presenters

  • Ron Kraemer, VP and CIO, University of Notre Dame
  • Ryan Frazier, Director, System Engineering & Operations, Harvard Business School
  • Sarah Christen, Director of Community Platforms and CIO, Cornell University
  • Mike Chapple, Senior Director, IT Service Delivery, University of Notre Dame
  • Blake Chism, IT Transformation Sr., Amazon Web Services

Resource

Session Introduction

RC: we want to accomplish 1 major goal: roadmap and framework to take back to campus and “deal with the cloud in your culture and your world.”

It’s not perfect, and it’s a lot of work. BUT, it’s better service to our universities if we do it well.

SC: we’re a cloud-first institution. Lots of leadership change since that initiative started. We have 62 accounts under our master contract (master contract signed 18 months ago). Lots of accounts outside our contract. About $300K annual spend outside the IT org…we have a very distributed IT model.

We call the transformation “cloudification.” It’s a partnership with campus IT units. We refactor for most effective use of cloud technologies and containerization vs. “lift and shift.” Central IT must be the expert that campus wants to come to for help. We want to enable, not enforce (we do have SOME requirements to move to the master contract). We understand that if IaaS isn’t better with us, campus will make the move without us. We allow campus technologists to focus on unit differentiators central IT can help with the utilities.

Reqs for Cornell Master Contract

  • Onboarding discussion
  • Attestation
  • Shibboleth for authentication
  • DUO for multi-factor authentication for AWS Console access
  • Lock down root account, escrow with security office
  • Activation of AWS config
  • Activation of CloudTrail
  • CloudTrail logs sent to Security office
  • Activation of Cloudcheckr

What About Researcher AWS Accounts?

  • Easy onboarding without a lot of steps or complication
  • No interference with their research. No overhead (cost or performance)
  • Solutions for export control data and other compliance reqs.
  • Standard network config not always a good fit. “I am an island, not part of Cornell campus.”
  • Technical consultation options: docker, data storage, training, devops support

Today

  • All centrally hosted apps are being moved if possible
  • Infrastructure services are a large part of our on prem inventory
  • Campus units are moving more quickly than our central IT org

Biggest Challenge to Cloud Transformation: RESISTANCE TO CHANGE

RF: I’m director of Infrastructure Customer and Project Services. Initiated cloud strategy and planning when I was in the central IT division.

Cloud @Harvard

  • <2013: Exploration. Very early adopters at Harvard Medical School (research lab), pockets of uncoordinated use, little use within central and school-level IT departments.
  • 2013-2016: Alignment. We got enterprise agreement, direct billing and enterprise support services, laid technical foundations, brought on early adopters, developed cloud strategy.
  • 2016-?: Implementation. Accelerating adoption at all levels, i.e. labs, initiatives, schools, and central IT; shared service roadmaps; early adopters beginning to focus on optimization.

The Case for Cloud

  • Quality, cost, reliability, speed.
  • cloud.huit.harvard.edu
  • Our goal was to have 75% of our infrastructure at AWS by 2017. We’re currently at 31%.

HBX: Can We Deliver the Rich Interactive Experience of the Business School Online?

  • LET’S TRY
  • Move fast – 90 days to build, implement and launch application and registration system, < 1 year for complete course platform
  • Run independent of HBS IT – minimize impact on eisting services, enable new approaches to new needs
  • Be able to scale up or down rapidly – prepare for success or failure of the experiment

AWS Service Mix

  • 17 VPCs, 23 ELBs, 135 EC2 instances, 345 EBS volumes, 18TB instance storage, 4 Redshift Clusters, 18 RDS DBs, 30+ TB loaded via snowball, 78 TB object storage
  • Storage is a very small part of our spend (data transfer is 1%)
  • EC2 is about 58% of our spend

Notre Dame’s Journey to the Cloud

Why move at all? For us, we were sitting on an aging data center infrastructure. A capital investment – particularly cooling – had to happen if were going to continue. Tech demands from students, faculty and administrators outpaced our time and budget. In 2012, emergency communications were a critical concern.

2012

Originally we moved the web site as part of an emergency mitigation effort – “can we move the site in the event of an emergency?”

  • www.nd.edu
  • 3 web servers
  • load-driven autoscaling
  • Geographic diversity
  • It was really an easy move for us

2013

  • 435 web sites
  • 4 million monthly views
  • db as a service
  • ElastiCache

Cloud First

  • In 2013, we began having conversations about “why don’t we move everything over?”
  • We wanted to take advantage of what the cloud offers: 80% by the end of 2017; we’re at 59% today.
  • SaaS first, then PaaS, then IaaS, then on-prem.
  • Setting a goal created “a line in the sand,” that made it real for our people.

What We Learned

  • Rethink technical roles. NOBODY IS GOING TO LOSE THEIR JOB! However, you might not be doing the same job three years from now…
  • We were a very siloed organization prior to the cloud move. As a result of our move, those silos are breaking down.
  • Rethink security processes and tools (this was hard for us). We’re not mapping THINGS 1-to-1, we’re mapping OBJECTIVES.
  • Leverage automation – we’ve used ansible
  • Practical financial engineering. Our data center manager is now the guy who is our financial expert, who gives us insight into our costs. We’ve standardized on regions, instances (T2 class – about 3/4 of all our instances), use of reserve instances, etc.
  • Make a few choices and just go with them!

Cloud Transformation Maturity Model

  • Project Stage: limited knowledge, executive support, inability to purchase, limited confidence, no clear ownership or direction.
  • Foundation Stage
  • Migration Stage
  • Optimization Stage

Blake Chism from AWS: we developed this model to help you figure out where you are in the process. We’ve found that for most of our customers, procurement conversations are getting easier, but they’re still a challenge. If the central IT team helps take ownership, it can help organizations move forward more effectively, i.e. central IT not perceived as “being in the way.”

If your team has good processes now, your move will be much easier.

Project Stage

No matter what, you need to have a business case, a reason why you’re doing it. The roadmap helps describe how you’re doing it. Governance models evolve, and you get better at understanding them. Services change, and you need to have a plan about how you’ll integrate them (or not).

POC are much easier because if it doesn’t work, you can simply shut it off and you’re only out a few bucks. Try things out!

During the Project Stage, establish a “Cloud Center of Excellence” or “Cloud Competency Center” to get the organization moving in the right direction.

Foundation Stage

Lack of a detailed organizational transformation plan can be a challenge. Do a staff skills gap analysis to help you here.

Migration Stage

Should be as short as possible to get over the hump of hybrid and duplicate hosting. All-in will allow you to BEGIN doing new and exciting things. Imagine a space where the default state of, say, development environments, is OFF. All in is just the end of the adoption journey.

Were your enterprise systems like LMS, SIS, HR, Financials and the portal viewed as special and treated differently from smaller apps? Have you moved them yet?

  • Cornell: our KFS (Kuali) finance moved first (we dockerize ours) high availability on file shares was an early challenge (EFS – Elastic File Services are out now)
  • Harvard: IdM was first, we do Peoplesoft now, Oracle e-business is happening now
  • ND: ERP and LMS  – do not separate db servers and application servers!

AWS Cloud Adoption Journey

ALL: we use our AWS solutions architects extensively, and we’ve relied on AWS consulting almost exclusively for our migrations. These interactions have helped to accelerate our staff learning, because our staff are the ones who will need to maintain it long-term.

The professional services unit can help you figure out the high-level ecosystem you need for your particular situation. Enterprise support services is a bit pricey, but it’s useful in many cases.

SC: at Cornell, we created a 100 day training program that includes getting Amazon Solutions Architect certification. This is a good way to assure a certain level of competency. Some schools are using our model for training up their people, and they’re also using it as a way to network and learn new things, i.e. get names of people at other institutions that are going through the same problems.

Building the Roadmap – “Cloud Adoption Framework”

More details here: https://aws.amazon.com/education/movingtothecloudworkshop/

Organizes and describes the perspectives in planning, creating, managing, and supporting a modern IT service. Provides practical guidance and comprehensive guidelines for establishing, developing and running AWS cloud-enabled environments.

Don’t try to use all the components at once! Have your Cloud Center of Excellence (or whatever you choose to call it) do it in sprints by taking five or six of the elements and working through them.

In the private sector, the push to move to the cloud typically comes from the top. In higher ed IT, the push to move to the cloud typically comes from below. What we’ve often done is break off a small part of our budget, and use it to fund an “engineering SkunkWorks” where we can do the POCs and get staff buy-in. If the “where you do computing versus how you do computing” equation doesn’t click in your leadership’s minds, you’re going to have a hard time going anywhere.

Student Affairs and Social Media

Warning:  I’m about to sound like a curmudgeon.  I’ve held my tongue (so to speak) on this topic for several years now, but Eric Stoller’s post today in Inside Higher Ed was the straw that broke the camel’s back.  And to be clear, this has nothing to do with this specific post, or with Eric personally.  I’ve never met Eric, and I find many of his posts thought-provoking and entertaining.  I just had to put what I’ve been thinking about into words.

Maybe I need to broaden my online reading horizons, but whenever I see posts about technology in student affairs, nine times out of ten it’s about social media.  Social media and leadership.  Social media and identity.  Social media and the admissions process.  Social media and emergency notification systems.  Social media and campus climate.  Social media and why you’re missing the boat if you’re not on the latest platform.  Enough already!  Without a doubt, social media is important, and there are interesting ramifications for students with this new “permanent record” that we older folks haven’t come to grips with yet.

Many rising stars in the student affairs profession are brilliant at using social media as a platform for self-promotion.  An irrepressibly upbeat attitude coupled with a positive message goes a long way in this field.  If you have an EdD, you’re probably also an unstoppable force of nature and you don’t give a damn what I think.  Popularity contests don’t bother me.  What bothers me is the implicit connection being made that somehow social media IS technology.

That’s wrong, and it really grinds my gears.  Mastery of social media is not the same thing as mastery of technology.

Legions of IT pros in student affairs support an incredibly diverse range of systems, services and infrastructure.  Most of them work behind the scenes and don’t draw any attention to themselves.  It just so happens that the things they work on aren’t perceived as being as sexy as “SoMe.”  But the systems they manage are an integral part of what makes a university run.  And if any of those systems fail, boy howdy.

What makes social media interesting as a technology (at least to me) is that they’re platforms designed from the ground up AS PLATFORMS.  They’re easy to integrate with and can “talk to” virtually any system you can shake a stick at.  But this isn’t what student affairs social media evangelists talk about.  They instead use it as a fulcrum to leverage against current hot topics in the field.

I usually don’t complain without bringing some sort of solution to the table, but in this case I’m annoyed and need to vent a bit.  Maybe the quiet techies need to speak up more and participate in standards-making bodies.  Maybe they should be more active in (gasp) social media.  The only thing I can say for sure is that I’d really like to see the student affairs social media evangelists slow their roll a smidge.

Frankly, I doubt this post will resonate with anyone.  Hardly a surprise, given my massive double-digit readership.  Maybe I should take the hint and use social media more effectively << sighs >>