student life

Data privacy issues in higher education

data privacy
Written by C Wolsey

Over 50% of students are confident their higher education institute is protecting their data sufficiently, while just 39% feel their university is transparent with them about how their data is stored and used, the Higher Education Policy Institute reveals. Concerningly, 54% of universities across the UK reported a data breach to the ICO (Information Commissioner’s Office) in the last year. With the risk of cyber threats on the rise, it’s therefore essential higher education institutes make protecting student data their top priority.

Sophisticated phishing attacks

Phishing attacks against higher education institutes are becoming more sophisticated than ever before. For example, student grant fraud is increasingly commonplace (particularly at the start of each academic year). This involves students receiving phishing emails either offering free grants or requesting up-to-date bank details for student loan payment. Alternatively, spear phishing attacks are also occurring more often; they target specific individuals with information requests. So, for example, a spear phishing email may be sent from a Gmail account using a senior staff member’s name and to a member of staff requesting they open an attached document. In turn, the attachment shows a link that takes the staff member to a new web page, which asks them to enter their university credentials.  

Despite the growing risk of cybercrime and data breaches, only 15% of higher education IT and security staff rated their institution as eight or more out of 10 on a scale with one representing “not at all well protected” and 10 representing “very well protected: comprehensive controls in place”. 5.9 was the average score. Ultimately, poor data security comes down to insufficient budgets, staff training, and policies — indicating upper management isn’t taking the issue seriously enough.

More needs to be done to protect student data

By using software that allows organisations to share data with others without breaching data privacy and protection laws, higher education institutes can continue to safely harness the benefits of big data, TripleBlind explains. Indeed, big data is proving a valuable tool for higher education institutions as a way of improving the student experience. For example, big data can be used to target prospective students, boost student retention rates, and better understand student feedback regarding their classes and professors. Fortunately, privacy-enhancing software allows organisations to encrypt and share data without it needing to be decrypted, while ultimately ensuring the entire process remains compliant with data protection regulations. Moreover, penetration testing is also a key method universities should use to test the security of their networks, particularly as they typically have large IT infrastructures and hundreds or thousands of users. Penetration testing is a type of controlled and ethical hacking performed by security professionals to test and fix weak points criminals may target. 

Students across the UK are entitled to IT and network infrastructure that adheres to comprehensive security standards, yet, unfortunately, their data remains at significant risk of being compromised. By taking steps to strengthen their security capabilities, higher education institutes can better protect student data from the growing risk of attack.