Sorry, you need to enable JavaScript to visit this website.

Protecting Students' Personal Information

Summary
Teachers/Educators/IT Coordinators
This article informs educators on what information they are allowed to share about their students and guides them on how to protect it from cyber attackers.

What does students' personal information mean? 

A student’s personal information is defined as any information or data related to the student's identity, age, academic level, social status, personal health records, conduct, and behaviors, or attendance records, as well as his digital data such as personal e-mail address, phone number, contact details, identity of other family members, their ethnicity and religious beliefs, or any other information gathered, stored and transmitted by the school or by online service providers on behalf of the school.  

On the other hand, data leakage is defined as the unintentional disclosure of sensitive information to unauthorized third parties and this can happen at any given time, unintentionally, or due to a malicious cyber-attack.  

 

So how do I ensure the students’ data privacy? 

There are three important factors: 

Discussing data privacy and security might be confusing, but to put it simply, three main factors are involved: 

  • Privacy 
  • Confidentiality 
  • Safety 

Always remember that a student’s personal information is his own property and must remain private. You can ensure your students' data privacy by enabling them to share only the information they need to share and helping them understand the risks and consequences of sharing their personal information. 

Moreover, confidentiality plays a big role when sharing this information, so you need to make sure that your students and their parents trust that you will keep their data private and confidential. You are responsible for maintaining the confidentiality of each of your student's personal information, and for sharing it only when necessary. 

The next step would be to assess the security practices when it comes to your students' information. Therefore, always use safe online tools, safely store students’ information and educate your students on the best practices to ensure the privacy and safety of their data.  

 

What personal information belongs to my students and that I can share? When can I do that? 

Basically, all personal information should be strictly confidential and kept in the custody of the school and the teacher. Generally, you need to get a written permission from the student’s parents or guardian to disclose any of the student's personal information, especially during any of the following situations:  

  • Other schools to which the student moves to because the new school or the other relevant teacher would definitely need the student’s personal and school data, for purely learning purposes. 
  • Officials that are designated by the school or ministry for follow-up and evaluation purposes.  
  • Entities that are interested in giving financial aids to students. Some official entities offer scholarships to some students so it's extremely important to select the personal information to be shared with them given their sensitivity.   
  • Independent and licensed research centers that conduct independent research studies. This requires a written authorization from the student’s parents or guardian to share limited information and data. 
  • When sharing photos, videos, and names of students on social media pages since they contain various personal data and are considered available to the public domain. Some students and their parents might be reluctant to their personal data being shared on these networks. 

At other times, disclosure of students’ personal information could be mandatory, and sharing some information can be inevitable, under specific legal circumstances, for example: 

  • Sharing students’ health records with medical professionals, during healthcare and safety campaigns or during the regular in-school medical check-ups, or in case of an emergency medical interventions in serious or life-threatening situations.  
  • Legal public institutions; schools are required by law to share their students’ personal data with legal and judicial institutions, as well as local authorities. In this case, the authorization of the guardian, or the concerned student, is not required. 

 

Can cyber attackers target students’ personal information? How? 

A report published on CNBC News showed that cyber attackers and hackers are increasingly targeting academic institutions, increasing more than ever the risk of student identity theft, as well as other related scams. 

In the first quarter of 2019, schools and educational institutions received more malicious e-mails than any other sector. According to the report, hackers usually target new students or students who are new to personal information, or even careless about it, and who are yet to learn how to protect the privacy of their data.  

Cyber attackers or hackers steal students’ data for multiple reasons, including: 

  • Selling students’ personal information to other cyber attackers:

Cyber attackers can profit from stolen personal data by selling it in bulk to other hackers or advertising agencies. This data might include millions of stolen students’ records, and it is used by the buyers for their own criminal purposes. 

  • Stolen personal information is fuel for identity theft: 

 Many online learning services and file sharing websites require the student to fill in his/her personal information and hackers can steal this information to commit identity theft, and seize the student’s identity. 

  • Phishing and extortion:  

When criminals steal personal information, they can target students with phishing attacks. This attack happens by tempting victims to willingly share their important personal or financial information, while cyber attackers hide their scam behind a legitimate innocent communication. When these hackers gain access to sensitive information, they can eventually blackmail the student any way they can. 

  • Data leak can harm both the student and the school:

In addition to the personal damage that stolen personal information can cause, it can also harm the school itself. When cyber attackers gain access to the school’s data, as well as its login credentials, they can target remaining school and students’ records, and expose it publicly and sell them to other criminals on the dark web. 

 

How do you stop personal data leaks? 

  • Minimize data collection:

The most important step you can take to minimize the risks of unintentional or harmful release of students’ personal information, is to reduce the amount of information being collected at the school level and prioritize crucial, and more important information. 

  • Eliminate unnecessary records:

In addition to reducing collected data to the minimum possible, make sure you eliminate sensitive information when it is no longer needed. This will lower the impact of a potential cyber-attack. 

In addition, schools can have their own record retention policies that specify the period of time any record should be preserved before it is eliminated. 

  •  Extreme safety measures: 

Schools can also take additional measures to protect sensitive data, such as: 

  • Using strong passwords,  
  • Disable automatic login to websites 
  • Enable two-factor authentication to access sensitive information 
  • Preserve a backup copy of school records 
  • Eliminate older records when possible 
  • Ensure the safety of the school’s network infrastructure. 
  • Coach your students: 

A human precautionary approach is definitely the most important. The more you raise your student’s awareness on technical issues, as well as the importance and risks of sharing their personal information online, the more you can protect this information, and prevent any potential breach or leak. This is why always talk to your students and share safety measures with them, so they can safely connect online. 

Secondary Keywords
Last edited
26-07-2021
Reading time
6 minutes

Call to Action

Encourage your school to take the needed measure to protect students’ personally identifiable information.

External Resources