30 Survey Results: Survey Questions and Responses Suppress data (e.g., removing data for groups smaller than 20) 13 33% Other data protection measure 5 13% Please briefly describe the other data protection measure. N=5 Access to data is limited to FERPA-certified staff. Aggregate data as highly as possible across both collection usage and student profile information so that individuals are not identifiable. Follow IRB guidelines for studies with people. Most of our raw data is stored on secure active directories managed by the Office of Institutional Research. Again, data have a student ID but no identifiers on items used. The library does not engage in “learning analytics” per se, but the techniques checked in the list above are used to protect circulation and on-site usage data. 26. If your library anonymizes its learning analytics data, please briefly describe the anonymization procedure. N=16 Data is anonymized by institutional research before it reaches the library. Data provided as aggregate without identifiers. Identifiers purged from data two years after individual leaves university. In presentation we only make available in aggregate. Library data is typically presented in the aggregate. Manual OIT performs this function for the library. Remove all ID numbers and names. Removing the student ID number. Strip personal information from data set. University IDs are used only to associate data with aggregated user profiles and they are not retained in our systems or tools. Use of “honest brokers” to link library and institutional data. Returned data for analysis is stripped from any identifying information. All subsequent analyses are carried out at cohort levels. We are not currently anonymizing data, but we will be looking at demographics that define students in order to participate in program-level assessments and predictive learning projects. We assign random numbers to individuals, and retain a key on an OIR server for use with longitudinal analysis. We do not collect identifying information or IPs when we conduct surveys. We mask identifiers for some of our data. When we receive data from Institutional Research or other campus units/departments, we either request that data be anonymized before it is sent to us, or we anonymize it when we receive it. As described earlier, we anonymize circulation data after 30 days as long as there are not fines/fees associated with the data. Whenever possible, we anonymize data and use only unique identifiers to refer to user data.