Edu institutes must prioritise data privacy, security: Cyber experts
The cyber experts’ warning regarding data privacy and breaches comes in the wake of five students getting cheated for an MBBS degree admission to the tune of ₹3 crores in Hinjewadi recently
Pune
In the light of recent data breach of aspirants appearing for the MPSC exam in Maharashtra and several complaints by parents of getting random calls from colleges and counsellors, there is a need for educational institutions to prioritise data privacy and security for data collected in an educational context, experts said.
The cyber experts’ warning regarding data privacy and breaches comes in the wake of five students getting cheated for an MBBS degree admission to the tune of ₹3 crores in Hinjewadi recently.
In the scam, victim students and parents received phone calls until September 29 allegedly from fraudsters posing as counsellors who lured them with the promise that their names would appear on the merit list of the MBBS college of their choice if they paid a sum in cash, online, or by cheque.
Educational institutions must prioritise data privacy and security and use technology to protect sensitive student data. Experts also stressed the need to adhere to relevant norms and laws.
Rakesh Raghuvanshi, CEO and founder of city-based tech company Sekel Tech said, “Any student data breach can have severe repercussions on students. Identity theft can occur, causing financial and personal harm to students. Also exposing the personal data of students can lead to student harassment or cyberbullying. Exposed academic records or personal information can be exploited to tarnish a student’s reputation, potentially affecting college admissions, scholarships, or job opportunities. That is why it is very necessary to have robust data security measures to safeguard students’ sensitive information and well-being.”
The newly passed Digital Personal Data Protection Bill 2023 has included provisions specifically protecting student data.
“The Bill mandates consent requirements for the collection of student data. Educational institutions and other entities handling student data must obtain explicit consent from students or their guardians before collecting and processing their personal information. Moreover, the Bill stipulates that student data should only be used for specific educational purposes,” added Raghuvanshi.
Information security researcher and Cyber Law consultant Rizwan Shaikh said, “If student data gets hacked and sold, it’s not limited to use for promotion or marketing but imagine any anti element has access, it may lead to big issues.”
Deputy Commissioner of Police (DCP EOW and Cyber) Sriniwas Ghadge explained that the cyber police have invoked IPC sections 419 (impersonation), and 420 (cheating) along with section 43 (A) (G) (I) (F) of the information technology act, 2008 against the accused found involved in cheating students for MBBS admissions.
“The accused are found to be utilising personal data of students and their connections from online databases and it is a very serious offence. The student community and parents must be made aware of the dangers of such callers and exercise caution before proceeding with their transactions which are always fraudulent in nature. Data breach and privacy protection of personal information is a major issue which is being dealt with at the policy level,” he said.
