Lock It Up: Keeping students’ personal information secure


It’s easy to forget that the data we handle on a daily basis is precious to the person it belongs to (and valuable to many others). Class rolls, forms bearing address and government-issued identification numbers, copies of documents such as driver’s licences and passports are just a few of the items we might come across during the course of a normal day. Understanding how to safeguard this information, even in the smallest way, offers extra levels of protection for our students and colleagues.

It doesn’t take much to breach privacy and be completely unaware. Both online and in our daily interactions with others, it’s not always clear what kind of activities can leave personal information unsecured. On a day to day basis you may be breaching privacy by simply walking into an elevator chatting to a colleague about a specific student’s issue. You might mention their name and, completely by accident, disclose private information about them, not realising that a classmate is in the same elevator.

We’re in a people-based industry and often situations arise that require consultation with co-workers. If you’re looking for advice and need to mention specifics about another person, always find somewhere private.

Another area where it’s very easy to slip up is holding a security-card-access door open for someone you don’t recognise. 9 times out of 10 the person hurrying to slip in to the office behind you without swiping a card has every right to be there. However, if you don’t recognise them (and despite the skin-crawling horror of going against social convention) it’s really important to check they should be allowed through the door. A quick, “Oh, I don’t think I’ve met you before. What unit are you in?” is a good way to start.

Meeting rooms, shared spaces where whiteboards are used to brainstorm ideas or issues, are also a classic weak point. When meetings finish participants hurry off to their next tasks leaving information on the whiteboard. This may be a breach of privacy if there is personally identifiable information left in public view. It’s good practice to ensure white boards are wiped clean and no sensitive paperwork is left in publicly accessible bins. Other risk areas around privacy are physical files left unsecured on desks in open work spaces. This also applies to open files on your computer monitor. When you nip away, even just for a minute or two, without locking your screen this information is not secure. Although you might work in a card-access area it’s still important to lock your screen as we often have guests in our buildings and, hey, it’s just good practice.

Online, it’s important to always ask questions. If you’d like to use an online resource in class that requires students to sign up it’s essential to take time and think about how important the resource is to your learning outcomes. As you’ll no doubt know, every time we give out name and email addresses we end up bombarded with marketing materials. If you do want to use a resource that requires students sign up, make sure they know to tick the box to opt out of marketing or other auto-filled preferences. It’s also important to bear in mind that the location of the company that owns the site you want to use, really matters. This is because the data entered into a site is covered by the local laws of the owners. For example, if the company is based in Ireland all data collected by them will be subject to Irish law. This means that data won’t necessarily be covered by your own country’s laws and could therefore contravene industry regulations. This all feels a bit technical but it’s worth remembering for the security of your own personal information as well as your students. If in any doubt at all, it’s probably best not to use the online resource.

When dealing with personally identifiable information always go that extra step to protect it, treat it the way you would treat your own personal information.

Want a chance to test your privacy knowledge? Check out the Navitas PEP QRM online privacy training here. (Use your Navitas login and request access. Any issues: pep.qrm@navitas.com)