Interview with Dr. Rodrigo Filev on data privacy and data security in educational institutions.

– May 25, 2019 –

 

Interview with Dr. Rodrigo Filev on data privacy and data security in educational institutions.. Rodrigo Filev is CEST´s Collaborator. 

Is there in Brazil a strict data privacy policy for students of educational institutions?
Prof. Dr. Rodrigo Filev

In Brazil, there is no specific rule to deal with students´ data privacy. Although I am not an expert in the law, in debates we use as reference the Civil Rights Framework for the Internet, in the absence of another text. But, this is not exclusive in Brazil. In a group that I participate in IEEE called P7004 (Standard for Child and Student Data Governance), these are the concerns: the students ´privacy, and whether data disclosure compromises the student in the future.

What types of data can or should be shared between educational institutions if a student transfers from one institution to another?

In general, it is more acceptable to share only academic data, such as the grades given in curricular contents and presence, provided that the parents or legal guardians give their approval. The other data, such as behavior or medical history (some schools have this type of data) should not be shared since using computational processes of data analysis can generate undesirable considerations about a student. In the P7004 group, we debate that there are many risks in disclosing the data, which are not the exclusively academic ones, to an institution. We also work with scenarios that indicate that the disclosure of any other data may compromise activities that are not even related to education.

Are the students aware of the data the educational institutions store about them?

They are certainly not. It is likely that most do not even know that the institution has data about the student. And they understand much less the risks.

What is done to safeguard the privacy and data security of students at an educational institution?

I cannot say that the institutions are prepared to store the data with security. Although I know institutions that are aware of this fact, I don’t see it as a common practice. Not to mention the lack of control over social networks that, although are private to a student, can still disclose confidential data and expose the institution.

Which body monitors respect for students’ data privacy?

I believe that the Ministry of Education and Culture (MEC) has this role, but in the case of a security breach, other bodies, such as the police and the justice system, are involved.

Who is responsible at an educational institution for the safekeeping of students’ private data and the security of that data?

Some schools that have computer departments and an information security team. At least the educational institutions should be attentive to security issues. The law is clear in charging the institution and its leaders in the cases of private information violation, and illicit use of the school computer infrastructure.