Personal data and data security


Our team topic for discussion on Tuesday related to data security and personal data.

Definition of personal data: Any data or information that identifies an individual that if lost or mislaid could cause harm or distress.

In educational institutions all the collected student data, which can be combined with pupils in some way, are personal data. The teacher can collect only such information related to the student or student’s parents or the student’s home, that the need for the information can be justified. The data must be not only necessary but also appropriate and relevant to the purposes of, and must not be excessive.

There are many points that teacher need to take care of when gathering and processing personal data. First, you need a plan to what information you are going to gather, how it is collected and why. Reasons need to be clear before information is asked. Secondly the processing of personal data is based on confidentiality and cooperation with the student and parent or guardian.

Another important term is sensitive data which is prohibited. What is sensitive data? Sensitive data are considered personal data, which describe or are intended to illustrate:

  • data revealing racial or ethnic origin;
  • the social, political or religious beliefs, trade union membership3) criminal offense, penalty or other sanction of the crime;
  • a person’s state of health, disease or disability, or her targeted treatment or other comparable measures;
  • The person’s sexual orientation or behavior; or
  • the need of social care or he received from social welfare services, support and other social welfare benefits.

Polytechnics Act and Vocational education and training Act defines that just certain people has right to process sensitive dataOnly people who prepare a decision on student admission, withdrawal of the right to study, restore the right to study or discipline, can deal with sensitive data. Education provider must keep sensitive data separately from other personal data. The removal of sensitive information must take place within four years. There is a few exception. According to the Student Welfare Law a teacher can deal with sensitive information if it is necessary to sort out learning difficulties and to obtain psychological services. Also a teacher has the right to inform the police if there is a threat to the health and life and the necessary information must be reported.

We decided to use examples during our  discussion to clarify in concrete way about content of our topic.

Example A: A teacher has prepared a lesson plan. This plan includes the initials of the students that will have the special needs assistant help them during the lesson due to their learning difficulties. Also the initials of another student are written, to remind of his absence due to his doctor’s appointment. Can this lesson plan be shown to the class on the whiteboard with the document camera?

Answer: No, personal data, identifiers, medical issues, special needs issues are sensitive which are illegal to share.

Data security is strongly related to personal data as. As necessary information is collected it is important how it is stored. For me next example B was a good wakeup call, as a private person I would have answered that yes, for sure you can use your tablet, it is easy and convenient. But as a teacher the situation is different.

Example B: As part of an engineering course students will participate on a field visit to a chemical production facility. For security reasons the teachers has to provide a list of the students attending the visit including names, addresses, age, contact details. The list has also to be presented at the gate for clearance. Can I as a teacher take the student list on my tablet? It would be nice to have everything about the visit in one place. I can take pictures etc.

Answer: Private tablets and other devices normally store the data in cloud services which might certified as secure and most certainly are not authorised by your school. Furthermore, this services might store data outside EU and therefore you would be breaching the Personal Data act.

One important aspect of privacy is openness as was mentioned by guest visitor. Certain information is public and open for all according to Publicity Act Section 24 Act.

Highly recommended book to read, a lot of practical examples (in finnish):

Public Access and Data Protection in Teaching (PDF)













Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s