Earlier this year, the Personal Data Authority released a report outlining the trends and developments that are occurring within the education sector regarding privacy.
The conclusion? Fortunately, there is an increasing focus on protecting the privacy of students and pupils. But the basics are not yet in place, and there are major challenges for education, as the Personal Data Authority highlights.
Source Article Personal data authority – big challenges for education
A challenge to handle student data safely
One of the major challenges mentioned in the report is dependence on large software suppliers. Educational institutions desperately need these suppliers to provide good education. Of course, this does mean that those suppliers have to process all kinds of very sensitive data about students and pupils. And that makes them very interesting prey for hackers….
Where this can lead was made painfully clear again this week. Iddink, a large reputable player in education land, turned out to be the victim of a hack in which the data of numerous students and schools were stolen. These include names, e-mail addresses and bank information, for example. The investigation is currently ongoing so the exact extent is still unclear, but that this is a major data breach is certain.
Exactly what went wrong here and how criminals were able to hack into the systems is now being investigated.
But how can you as an organization defend yourself against such criminals?
It is an illusion to think that you can always prevent a hack like this. The more valuable the data you process as an organization, the harder criminals will try their best to get at it.
Perhaps it would be helpful to look critically at needed data for better privacy protection and data security.
Suppose, of course, you need the students’ names in order to enroll them in school. But do you also need them to order the books for them? Or in that case, would a unique number per student be enough where you only share that number with the supplier?
Another example, everyone understands that you need students’ names for such purposes as preparing a diploma. But suppose you want to do research to compare the academic performance of different schools, you don’t need those names. Even then, a pseudonym will do perfectly well. Provided the student’s profile remains sufficiently intact.
So with this article, we want to urge school boards and providers to take a very critical look at what data they process and whether they always need it. By being much more selective about this, you can greatly reduce the impact of a data breach.
After all, what you don’t have can’t be hacked either
DataFactory from EntrD masks databases and applications for secure use in nonproduction environments. Customers use DataFactory to create representative and non-reducible test data.
FileFactory is the solution for efficiently finding, masking and deleting information in documents and files. Our customers use FileFactory to clean up digital archives, mask out data, automatically manage new or changed documents, classify documents based on content, and improve searchability.
