Outlet Title

AMCIS

Document Type

Article

Publication Date

3-1-2026

Abstract

Student-developed applications increasingly replicate or replace official university platforms, often prioritizing speed over security and privacy. This “shadow IT” ecosystem emerges from gaps in institutional tools and is amplified by AI-assisted development, which can introduce insecure defaults. These informal systems risk exposing FERPA‑protected or sensitive institutional data, as seen in student‑built directory and club‑information apps that redistributed restricted information more permissively than intended. While most universities lack clear governance mechanisms for student developers, Yale’s structured, student‑specific data‑use policy offers a notable model. This paper examines these risks and proposes a collaborative, API‑first framework that supports innovation while enforcing privacy, security, and accountability. Such an approach enables institutions to shift from reactive enforcement toward proactive governance

Comments

Submitted to AMCIS 2026 Reno as a emerging research forum paper, returned for consideration as a one-page TERO talk. 

Share

COinS