In the last few years, the amount of data being generated in the education sector has grown hugely. This can bring a wide range of benefits, allowing schools and universities to improve access to student records and reduce their administrative burden. But it also comes with its challenges.
CIO.com noted recently that as with any other sector, any kind of data breach can attract consequences such as fines and reputational damage. However, educational establishments often struggle to keep full control of their data because they simply do not realise what information they possess, or who has access to it.
Jo Webber PhD, chief executive of Spirion, therefore offered several key tips on how these organisations can identify, classify and ensure appropriate access to their sensitive data and avoid the risk of breaches.
She noted that one of the most challenging times for universities is during admissions periods, when data is constantly being received and created. To cope with this, organisations must therefore have processes in place that can continually monitor incoming data for new records that must be protected. Once this data has been identified, it needs to be appropriately classified to ensure only authorised personnel have access.
"University data incorporates all aspects of an individual – from credit card info to academic records to health and medical to income and financial information, as well as employee and contractor data. In short, it's a lot," Dr Webber said. However, not all data is created equally, so it's vital for universities to determine what data would put the institution at the greatest risk if compromised and prioritise securing that above all else.
Determining who can access data can also prove challenging, as universities are known for their collaborative approach to data and open access policies. While some information, such as financial records, is obviously exempt from this, the lines are not always so clear.
Dr Webber said: "It's imperative that educational institutions create stringent and enforceable data access policies based on an individual's role in the institution (eg. a university nurse may have access to student medical info, but not necessarily financial aid records)."
These policies also need to be frequently updated in order to take into account issues such as role changes and staff departures.