Educational institutions handle large amounts of personal
information and are increasingly becoming targets for cyber-attacks
and data compromise. Considering managing and planning for these
risks will help an educational institution better protect its
students' personal, confidential and health information from a
data breach, and will assist the institution in being compliant
with privacy law and regulation.
Laptops, tablets and internet connected devices are now
omni-present in Australia's educational institutions. Used by
students, staff and the institution, these technologies provide
efficiency in how the institution interacts with its student
population. But the increased use of mobile devices within a
network poses significant challenges for institutions – in
particular, in protecting its network against infiltration,
compromise or attack and in securing the personal and confidential
information accessible within that network.
What are the emerging risks and how do you manage them?
More gateways: An
unsecured network made up of multiples of devices is a labyrinth of
open doors for hackers into an institution's network. This risk
will only intensify with the increasingly common implementation of
'bring your own device' (BYOD) policies at schools and
universities. Ensure your BYOD policy prohibits non-education
related activities and consider how you can actually enforce it.
Without proper enforcement, even the best policies are just words
on paper. Educate your teachers, lecturers and students about
online risks. Most importantly, plan for a data breach and prepare
an effective response. Know what to do and who to call when the
Hackers are not only those external demons who wish to steal
information or compromise systems. Academic fraud through internal
infiltration is becoming increasingly common. Identify data which
is particularly valuable to an internal intruder seeking to commit
academic fraud, such as tests, assignments and results, and
implement additional security measures that protects this
information from compromise.
regulations: Public and private educational institutions
are subject to the Privacy Act by their collection of personal
information. Know which laws you come under and ensure that you are
compliant with the law and regulation relating to personal
information – keep an up to date and effective privacy
policy, and implement appropriate security practices and safeguards
at your institution to ensure the policy is effective and actively
encourage privacy within your institution. Remember, your
institution should only retain information that is reasonably
necessary for its functions. The OAIC provides useful guidelines on
your compliance obligations. Finally, remember that mandatory data
notification laws are looming. You don't want to be the
educational institution which tells parents that you haven't
properly secured the personal or health information of their
Privacy issues require a considered strategy where sets of big data come with ever-increasing regulatory obligations.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).