In an age when companies and public bodies are increasingly adopting cloud computing, schools have been urged to ensure that students’ privacy is guarded. Many educational institutions are turning to the cloud as a way to save money and gain flexibility; however, there are privacy risks involved and it is important for organisations to understand these.
Given their budgets, many schools can achieve value for money if they utilise cloud services instead of traditional models; in addition, massive open online courses (Moocs) have helped to facilitate better learning processes. This also creates a system where students’ data could be potentially stolen, however, and the Spanish Data Protection Agency (AEDP) has developed Europe’s first inspection model for cloud computing services utilised in education.
Figures from the Spanish National Institute of Statistics reveal that over eight million secondary and primary school pupils use cloud computing technologies in Spain. It is rare that private clouds are used to store their personal data, with most institutions opting for hybrid systems or infrastructure-as-a-service (IaaS). An AEPD spokesperson said: “All the school management platforms reviewed collect and store data specially protected, such as health information (data on allergies, supplied medicines, medical examinations and diseases reported by parents), along with data from the Guidance Department (psychological data).”
Several recommendations were made in the report, including that those setting up networks need to ensure they understand who is responsible for maintenance; for example, physical security aspects need to be handled by an educational institution’s infrastructure providers and user management aspects need to be handled by individual schools and software-as-a-service (SaaS) providers. “The contracts should clearly specify the responsibilities of all those involved in the delivery of cloud services, both customers and entities,” the report said. There is also the factor of data location to bear in mind. Whilst there is no problem with information stored within the EU, Norway, Iceland or Liechtenstein, the national protection agency needs to be notified if data is transferred to another country.
It is also recommend that parental consent is gathered and complies with existing EU data protection authority requests. Research showed that third-party apps were largely utilised for learning processes; however, these often contain students' personal data even if they are for teacher use. This means that schools need to put procedures in place to protect such information.
Cloud computing is increasingly being used by a wide range of institutions. As the AEPD’s report has shown, it is essential to think about the potential for data theft and place protecting people ‒ particularly pupils ‒ as a priority.
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP Recruitment, BI & Data Recruitment, Information Security Recruitment, Enterprise Architecture & Strategy Recruitment , Energy Technology Recruitment, Demand IT and Business Engagement Recruitment, Digital and E-commerce Recruitment, Leadership Talent, Infrastructure and Service Delivery Recruitment, Project and Programme Delivery Recruitment.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid management in permanent and contract roles.