In this episode of The Data Migration Podcast by binary10,

James and Steve continue their deep dive into the Higher Education (HE) sector, exploring why getting data migration right is so critical for universities and colleges. They talk about everything from moving to the cloud and handling complex mergers to keeping student, staff, and course data accurate, secure, and useful for decision-making.

They also discuss the importance of GDPR compliance, how to protect data during testing, and why planning early can save institutions months of stress later on. If you work in HE IT, data strategy, or transformation projects, this is a must-listen.

In this episode, we discussed:

• Moving from legacy systems to the cloud

• How university data is more complex than most sectors

• Combining lots of data sources during mergers

• Regulatory demands like reporting & national standards

• Why data accuracy matters to students, staff & alumni

• How good data migration empowers universities to focus on their mission

EPISODE TRANSCRIPTION:

Disclaimer: This transcript was generated by an AI tool that did its best, but it's never met different British accents it could fully decode. Expect a few funny mistakes. Enjoy!

[00:00] - James B

Hi there, welcome to the Binary10 podcast. My name is James Blake, I'm the CEO of Binary10.

[00:06] - Steve S

And my name is Steve Smales, and I am the Chief Operating Officer. Welcome to the series of podcasts where we'd like to talk about all things data migration related.

[00:15] - James B

And also we'll talk about the human side of running a business, so we hope you enjoy.

So, welcome back Steve.

[00:23] - Steve S

Welcome Jamie.

[00:24] - James B

Looking forward to this.

[00:25] - Steve S

It's going to be a good one. Yeah. I say that every week, don't I?

[00:27] - James B

I think this is the final chapter where we're targeting the higher education sector specifically. About a couple of podcasts already that were really good, and we got some really good feedback on those. So, really glad that they're talking to people on a key subject, which is great. And I think for this final one, what we wanted to talk about is, you know, how is data different in the higher education sector, maybe to other sectors? So, you know, what are the things do we need to think about when we're doing data migrations, when we're thinking about data for higher education? So, really keen to get into this. I know that you are. There's lots to cover. And I think we'll also try and cover, you know, those kinds of security and regulatory and sort of standardization aspects of data that extend a little bit away from data migration. But we need to know about them. And we do, because we live it and breathe it every day. But hopefully, in this podcast as well, you know, we're really going to explore those areas. And if you want to know more, it might be that we do a separate podcast, you know, targeting that. But we're keen to keep this aligned with higher education. So, yeah, let's make a start. So, I mean, God, we could talk for a long time, but let's see if we can cover… I normally do. I normally do. But let's see if we can cover, you know, some of those key data aspects, you know, in higher education, Steve. If, you know, go through a few, and then I'm sure I'll start getting nervous about all the security things and things we need to think about for that data. Yeah.

[01:54] - Steve S

Well, I suppose in terms of the data of higher education, you've got the essentials that most other organisations have, you know, around your finance data, HR, payroll, that side of things. And we do a hell of a lot of that across all different sectors. But within higher education itself, you've obviously got course data. You've got management information. And we've touched on these before. And I think one of the key ones, though, is the student data. I think in our last podcast, we did mention about sort of universities holding probably more information on an individual in terms of students than any other organisation would with their client. You know, their health records, their previous academic record, their current academic record, and their marks and things like that. So there's all sorts of things. And I think another thing is accommodation. So, yeah, you've got student accommodation. Students are changing every year as well. Some are leaving, some new ones joining every year, new terms, different data within each term. So there's a lot of specifics to higher education. But when you get on to particularly that student information and all the personal information that's being held, that brings a lot of, you know, thought around GDPR, the sensitivity of that data and the security, as you mentioned as well.

[03:08] - James B

Correct. And I think that's something that we should talk about. So, you know, naturally, as part of any data migration, and, you know, the tooling that we use within binary10, and I know that a lot of other companies out there, you know, follow a similar suit, you know, we ensure, you know, the protection, the encryption of data through transit, through storage, you know, as we move data from source systems to target. And that's like a minimum. But you're right, you know, let's face it, the reality is, and I've experienced this a bit, is that in the last 10 years, definitely the last five years, you know, the news around data, the kind of, you know, the nervousness around data, and, you know, data breaches, you know, we see it all the time now, you know, and the guarding of that data is so important. So, you know, even talking about it now, I'm thinking we do need another podcast on this, because there's a lot to cover. But no, but specifically back to there, I mean, one of the key things that you need to do is not only make sure those technical things are in place, but actually you do need to spend effort and time sharing that, you know, with data protection officers, you know, people that have got jobs to just ensure that the data is secured. And actually going through processes to ensure or prove that you are doing it in the right way, because that's what you're finding more and more now, you know, and absolutely they should. But not just in HE, but definitely in the HE sector, you know, you're being held to account, you know, not just by the program to deliver the migrated data, but also by data protection officers, you know, chief information officers to guarantee them that you're going to do it in a controlled, secure way. And, you know, and that, you know, they don't want to be telling their students they were not really sorry, your data's all gone wrong, or there's been a breach and we've lost your data to some other organisation.

[04:55] - Steve S

Yeah, and so there's various factors that we need to consider, particularly with student data. You know, one of this data is sensitive. So, you know, it has to be, you know, private, that has to be held securely. It needs to be accurate, because if you get the information wrong, if you start mixing up people's data, that is a recipe for disaster, isn't it? And cause all sorts of problems. So there's, you know, there's a security, the accuracy, but also with GDPR, you know, we have to consider that as well, how it's stored, how it's transformed. Correct. You know, sometimes we bring in different sort of algorithms for, I suppose, the obfuscation of data as well, when it's stored in test systems. So we have to consider that as well, and how that, you know, and how that data is going to be used in testing. And we'll, you know, we cover all of that sort of, those factors in our sort of strategy and how we're going to move the data, store the data, ensure the accuracy as well. So there's a lot to consider. And so we touched on GDPR, but I think the other thing is sort of DPIA, isn't it? You know, that's something you've done a lot on, haven't you?

[05:55] - James B

I have, yep. And it sends a little bit of a shiver, because it's an interesting process. But actually, you know, even though, and I'll talk about it in a second, you know, these Data Protection Impact Assessments, DPIAs, you know, they are really, really important. And even though they're a painful process, that's not, you know, it really is. And I'll explain why. But it's almost come to the point now where when we go to other HE organizations and other sectors, you know, I'm finding myself telling those organisations, are we going to be doing a DPIA? Have you thought about this? You know, and half the time they're geared up for it. They've got data protection officers, you know, that they're thinking about their data. But some don't. Yeah. You know, even today, people are, why do we need to do that? You know, what's that about? But they don't realise that, you know, when they hold people's information, they are legally obliged to, you know, look after it, care for it, you know, store it in the right way, make sure it's secure. There's a lot of these things that, you know, a lot of companies don't really realise they have the responsibility of, you know, when they take in this information. So yeah, it's really important that we keep promoting this. But geez, DPIAs. So for those of you out there that have never been through a DPIA process, try and stay away from it. But no, it's challenging, right? Because essentially, it's just a risk assessment. Yeah, it's just making sure that you've thought about everything and that you've checked everything in relation to data when it moves and when you, you know, transform it, as you've said, Steve, and you load it into new systems, that you're not missing a trick, that you're not putting unnecessary risk on that data. So essentially you just get questioned and challenged by everybody, you know, security officers, you know, what technology are you using? You know, what is the data? We want to know about all the data that you're moving from A to B. What does that mean? The process, the process of moving.

[07:42] - Steve S

How does it move? And how do you ensure the accuracy as well? And as I mentioned, I mean, the data is going to be stored in numerous places. At the moment, it's just in your legacy systems, maybe on spreadsheets. But as part of the transformation process, it's suddenly going from those legacy systems and spreadsheets, maybe into a sort of middleware somewhere. Then it will get loaded onto your target system, but not straight away into your live system. It will go into test instances of your new system as well. How many testing instances have you got?

[08:07] - James B

Absolutely. And who's accessing those systems? You know, I think gone are the days where we would just sign an NDA. And in a way, I kind of like that, you know, I'm, you know, I consider myself a trustworthy, you know, moral person. And that's what I want from everyone else in the program team. But the reality is that unfortunately, you get individuals that maybe break those rules or go against it, which is a shame. And so NDAs don't cover it anymore. And that's where, you know, and also think about this, like the DPIA is an, you know, it's risk-based. So it just means that even if you do the best DPI in the world, you know, you could still have a data breach. I mean, you know, mistakes happen, but at least it shows you as an organisation that you've thought about it. And so similar to GDPR and DPA 2018, it just means that there'll be less of an impact, less of a fine on that organisation in the event that happens. Whereas if it does happen and you can show no evidence that you've given any care or thought about how you look after people's data, then fair enough. You know, you're in a bit of trouble there. So it's really important that we promote this. And, you know, we want to try and protect people's data as best we can. But yeah, the DPIA process, one of the things I would say about it is that it's another one of those processes that's a bit grey, you know, different organisations go to different levels of asking about things. And one of the interesting things I learned as well is about communication. So depending on what you're doing with that data, there may be the need to communicate to the individuals that hold that data or organisations like supplier information or other institutions information. But, and I thought, geez, this is going to be painful. What we've got to communicate to every single person what we're doing. Now, fortunately, there are some terminology, some legal rules that basically say when you as an organization, take people's data on, you, you know, you will have to at least ensure it's secure. You know, make sure that it's, that it's accurate and up to date. So luckily, when you think of an ARP programme or a transformation programme, essentially, if you think about the activity you're doing, it is to do that, right? It's to make the data better, to make it more secure, to make sure it's accurate. So in a lot of ways, we don't have to then communicate that to the individual. It's part of our responsibility. Yeah. But I think in the higher education sector, there are other areas where that might be needed, you know, especially if we're taking information from different locations different countries. What people don't realise is that some of these new cloud solutions, you know, I know we all say the cloud, but the data is stored somewhere physically in a data center. And that might be in another country. Yeah. And it's even something we as an organization have had to consider, isn't it? When we're selecting our own, you know, HR systems, other systems, you know, it's all good putting it in the cloud, but where actually is it? You know, because different countries have different regulations. Absolutely. So it's a really important one, really important one to think about. But yeah. Oh, God, we've only just touched the tip of the iceberg there. And I think, yeah, we'll definitely follow up with another podcast and get into that a bit more.

[10:58] - Steve S

Yeah. But I think, you know, I think that just the main thing is particularly around student data, whether it's academic record or health or accommodation, there's just so much of it. And we need to put the, you know, the well-being of the individuals concerned here, the students themselves, we've got to make sure that their data is held, you know, accurately, securely. I mean, there's a lot of sensitivity around that data. So it's just absolutely key, isn't it, for higher education? Absolutely. And

[11:25] - James B

I'll touch on one more point. I think we did talk about this in the last podcast. But just to reiterate, when you talk about accuracy of information and why it's so special in the HE sector, and again, it comes down to that point of if we can get that information accurate, if the end reporting of data can be accurate or to a point where it doesn't need further manipulations, what I mean is, you know, students, professors, whoever it may be, or suppliers linked to those institutions, if they can run reports that give them exactly what they need to know, as soon as they run it, that's the target. Because that means we're not impacting their day. You know, I'm sure lots of you out there, you're very used to pulling reports off and, oh, it kind of gives me what I need, but I'm going to put it in a spreadsheet and I'm going to change it further. And then I'll send it to someone that it's now in the right state. So we want to try and remove that. And in the HE sector, it's massive, because think of all the time you then free up to allow them to just get on with what they're trying to do, which is either teach a subject, learn a subject, you know, and just operate as an institution. So, yeah, you know, their data, I mean, you could argue it's equally important in other sectors, but specifically for the HE sector, that is a big goal of ours. If we can really promote this, make sure they're doing data migration well, think about their data, get it accurate, manage it. The amount of time that you'll create to deliver,

[12:47] - Steve S

It's like investing a bit of time up front to save yourself a lot of time going forwards in the long run.

[12:51] - James B

And Steve, yeah, you mentioned previously about student accommodation and it's wracking my brain now, but you delivered, didn't you, a few years back for an organisation that was, you know, that was their business, was providing student accommodation.

[13:03] - Steve S

That's right, yeah. A couple of years ago and it was quite a complex project, really. And it was bringing lots of sort of disparate systems, even spreadsheets as well, from numerous sources because each of the actual, for want of a better word, halls of residence had a sort of a different source system and there was loads of them all in different formats. So it was a case of sort of trying to funnel all of these through a single process to get them into a standard format of data to go into this student accommodation system. So that was quite complex, quite challenging. But yeah, we got through that and very successful outcome. So that was quite interesting.

[13:41] - James B

Yeah, and just thinking that you want to get that right, don't you? Imagine if someone's knocking on your door and it's not what you think it is, or I don't know, delivering something to you in the wrong room.

[13:52] - Steve S

Exactly, because it's like you obviously got the properties themselves, but you've got individual rooms and they're not always just for the entire year. Some rooms are rented out just for a term or you have like summer schools as well that might be only for a week. So it's very, very complex data.

[14:08] - James B

And on that note, I couldn't put it better myself. I think we'll end this podcast there. Well, I think that's been a great series. Really, really enjoyed that. And, you know, maybe we'll come back to it. We've got lots of other topics, haven't we, that we want to cover in future podcasts. But I'd absolutely love to come back to this one. And maybe we could, you know, we're going to start bringing some guests on and things like that. So maybe we could invite someone in from the higher education sector and get their view as well and see if this podcast and the previous two in the series has helped them out. Yeah, but no, brilliant. Really enjoyed that. Thanks so much, Steve. And see you next time.

[14:42] - Steve S

Yeah, see you next time!

We really hope you enjoyed this episode.

Thank you for joining our podcasts. If you want to see more, please like and subscribe!