A wake-up call for data protection


  • Letters
  • Thursday, 23 Jul 2020

AWARENESS of data protection law and its relevance in the education sector has been coming to bare in the past few months.

Online teaching and learning has been in a boom globally as a result of the Covid-19 pandemic.

On March 20, the Higher Education Ministry gave approval to all institutions of higher education in Malaysia to proceed with e-learning.As part of delivering education services, the higher education sector is a repository of the personal data of both students and staff. According to the Personal Data Protection Act 2010 (PDPA 2010), any person subject to or has links with specific data are known as data subjects while businesses and institutions who collect and process data are known as data users.

Before the pandemic, the risk arising from e-learning under the PDPA 2010 was low due to the face-to-face classes and limitations of sharing non-electronic data.

With e-learning via Learning Management Systems (LMS) applications and social media platforms, the risk of exposing student data is higher. Academic institutions in Malaysia therefore need to observe some levels of precautions in the management and processing of their student’s personal data.

Under Section 4 of the Act, processing data includes collecting, recording, holding, storing or carrying. It also includes organisation, adaptation, retrieval, transmission and making data available to others.

Obtaining the consent of the data subject is mandatory in order to store and process his/her personal data for educational purposes.

The General Data Protection Regulation 2016 (EU-GDPR) also applies to data subjects who are European Union citizens. The regulation provides additional rights for data subjects, including the right to erasure or right to be forgotten. This is particularly important for Malaysian universities with international students from EU countries.

Students and staff are the main data subjects on LMS, hence their developers are continuously taking steps to comply with data protection rules in the learning environment. However, the use of social media tools for teaching and learning raises major protection concerns.

Although there is implied consent given to academic institutions to process their students’ data, this obviously does not extend to sharing them on social media. A survey of 126 students in higher learning institutions in Malaysia reveals that 49.2% agreed that their personal data stored in the university system are secure and safe as opposed to 15% who felt otherwise.

A quick search of selected university websites reveals that several universities have detailed data protection policies and notices. Although there is a presumption that university students and staff are aware of these notices and policies, awareness is actually still low in the education sector.

Online learning and working from home are likely to continue into the future. Therefore, universities are expected to sensitise staff and students to any activity which could make the institution liable to offences under the PDPA 2010, such as sharing of screen-shots of online classes, facial features of attendees/students, disclosure of matriculation number and other personal information.

Similarly, official documents and information that are normally kept in offices should remain confidential. Any unauthorised disclosure of personal data to a third party could trigger offences under the PDPA 2010.

In order to gain the trust of students and staff, higher education institutions are expected to do some housekeeping, which may include the provision of a Data Protection Policy notice, conducting awareness campaigns among students and staff, appointment of a data protection officer and setting up of internal reporting procedures through an ombudsman in the university.

DR SODIQ OMOOLA

Ahmad Ibrahim Kulliyyah of Laws

International Islamic University Malaysia


Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 18
Cxense type: free
User access status: 3

Online learning , data security

   

Did you find this article insightful?

Yes
No

100% readers found this article insightful

Across the site