Outlet Title
AMCIS
Document Type
Article
Publication Date
3-1-2026
Abstract
Student-developed applications increasingly replicate or replace official university platforms, often prioritizing speed over security and privacy. This “shadow IT” ecosystem emerges from gaps in institutional tools and is amplified by AI-assisted development, which can introduce insecure defaults. These informal systems risk exposing FERPA‑protected or sensitive institutional data, as seen in student‑built directory and club‑information apps that redistributed restricted information more permissively than intended. While most universities lack clear governance mechanisms for student developers, Yale’s structured, student‑specific data‑use policy offers a notable model. This paper examines these risks and proposes a collaborative, API‑first framework that supports innovation while enforcing privacy, security, and accountability. Such an approach enables institutions to shift from reactive enforcement toward proactive governance
Recommended Citation
Schroder, Tyler and Fenner, Chad, "Move Fast and Don’t Break Things: Collaborative Privacy Governance in Higher Education" (2026). Research & Publications. 159.
https://scholar.dsu.edu/ccspapers/159

Comments
Submitted to AMCIS 2026 Reno as a emerging research forum paper, returned for consideration as a one-page TERO talk.