The amount of data we are gathering is huge and only getting bigger, the irony is that the more we have, the more we know, the more questions arise, as does uncertainty about legal culpability.
How do you manage data, where do you store it, how can it be made accessible, not to mention how it can be applied in a useful way and how are we liable should something amiss happen?
We’re in a digital age and brand reputation, both schools’ and their students’, and trust levels are particularly vulnerable to attack through online threats.
There is also a layer of increasingly elaborate and stringent legislation around data capture and its retention, in most states student data must be retained for 20 plus years now, effectively for life, if all bases are to be covered.
“When you start looking at the Personal Information Retention Act in NSW and the Privacy and Personal Information Protection Act and the combination of these types of legislative changes around privacy, the requirements to keep data are starting to change the landscape as to what schools are seeing data as being,” says Nathan Steiner, Head of Systems Engineering at Veeam who offer data management, protection and recovery.
“The average lifespan of a claim or a case from when the incident may have occurred to when it becomes something that goes through the court system is around 22 years. That's ultimately driving a requirement that says, ‘we’ve got to be keeping data for ever and make sure were being protected’”.
Further changes in legislation now mean school officers can be personally liable if it’s been found that they or their schools have deliberately destroyed systems and records.
“There’s a myriad of complexity that is starting build into the education system around data, it’s the digital age, we’re so much more attuned to the portals and the platforms that are allowing complexity to proliferate in a way that I think is new to students, politicians, citizens, everybody. It’s still in some respects a moving target.”
Dealing with the deluge of data and policy is a challenge and a road map is very much specific to each institution, a solution needs to identify the combination of what requirements are, what each school is working towards and what they are currently doing within their state environment.
“We focus on being able to provide flexibility around data and making sure that no matter where it resides or spawns it can be protected and made available in a consistent way.
“The next part is security and compliance, particularly when you look at exposure to ransomware, malware and cybercrime; what technologies and operating policies do you have in place that work together that make sure you can mitigate your risk, not just around preventing those types of incidents but if they do occur and when they occur, how quickly can you minimise the impact?
“A student’s data, a student’s persona and their personal brand can start to get exposed, particularly with social media platforms. Schools are a part of social media platforms as well they have Facebook pages, their Instagram, they are participating in the digital age just as much as the staff and students are,” Steiner says.
Image by dirkcuys under flicr cc attribution license