Date: Thursday, May 15, 2025
I’m Brenna, a PhD graduate from UTK, a People Analytics Consultant at Penn State University (PSU), and a former Extension Evaluator at PSU.
I’m Chelsea, a current PhD student in Evaluation, Statistics & Methodology (ESM) at the University of Tennessee, Knoxville (UTK).
Higher education administration offices handle highly sensitive data, not only related to students and institutional operations but also concerning their own employees. As universities and colleges increasingly rely on digital systems and interconnected platforms, the privacy of employee data has become a critical internal concern. Evaluators, we believe, are uniquely positioned to address this challenge.
As a former Evaluator for Penn State Extension, I (Brenna) created logic models in partnership with Extension Agents to plan, update, and evaluate their educational programming. In the ESM PhD program, I (Chelsea) have created logic models as part of a needs assessment. More broadly, logic models can be used to evaluate both the current and future states of administrative effectiveness. When used thoughtfully, a logic model is a powerful tool for mapping, analyzing, and improving internal systems—including employee data protection. For instance, a Human Resources professional partnering with an evaluator could use a logic model to lay out:
This kind of documentation becomes even more important when considering global regulatory contexts. For example, the EU’s General Data Protection Regulation (GDPR) provides robust employee data protections. See general EU guidance here. In contrast, while higher education institutions in the U.S. have well-defined rules for handling student data (e.g., FERPA), internal employee data practices may receive less scrutiny. From my (Brenna’s) experience, comprehensive U.S. data privacy laws are not currently in effect for employee data at all higher education institutions.
Although, we noted, several states have data privacy acts that may apply to employee data, such as the California Consumer Privacy Act (CCPA), not every state has a privacy act. Furthermore, employee data often falls under a “medley” of security laws that only apply to specific data, such as health-related data protected under HIPAA or data related to a credit or background check protected under the Fair Credit Reporting Act (FCRA). Primarily, data security is up to the individual institutional data protection policy. This landscape of a hodge-podge of security and privacy laws for employee data at higher education institutions presents an excellent use case for logic modeling.
Evaluators working with HR and administrative teams in higher education could use logic models not only to compare their institutional practices around data protection against international frameworks like GDPR, but also to conduct reflective needs assessments. Key questions might include: Are employees receiving adequate security training? Is access to HR data appropriately monitored? What factors lead to an increase in staff trust around data security? By applying logic modeling to internal operations, evaluators can help improve transparency, build trust, and promote ethical data stewardship within higher education administration.
Do you have questions, concerns, kudos, or content to extend this AEA365 contribution? Please add them in the comments section for this post on the AEA365 webpage so that we may enrich our community of practice. Would you like to submit an AEA365 Tip? Please send a note of interest to AEA365@eval.org. AEA365 is sponsored by the American Evaluation Association and provides a Tip-a-Day by and for evaluators. The views and opinions expressed on the AEA365 blog are solely those of the original authors and other contributors. These views and opinions do not necessarily represent those of the American Evaluation Association, and/or any/all contributors to this site.