This is a series of occasional blogs by BESA members and is part of their paid membership service. These views are not necessarily those of BESA and a published blog does not constitute an endorsement.
The data privacy landscape looks a lot different than it did even a few years ago. Holding rich personal data about millions of learners and professionals, higher education providers are increasingly likely to fall victim to cyber attack. And the cause may lie a little too close to home.
Just last year, a security analysis of cyber-attacks against universities and colleges in the UK discovered staff or students could often be responsible, rather than organised crime or hacking groups.
So, whilst encouraged to focus IT security budgets on monitoring tools and incident response, what role should EdTech suppliers play in the data protection war for the EU’s 500 million citizens?
As we mark one-year this May since the General Data Protection Regulation (GDPR) came into force, it is vital that universities have the peace of mind in terms of their data.
“A provider failing to protect the data of the client exposes both to legal risk and liability.”
The GDPR requires that any contracts which involve suppliers processing personal data needs on the University’s behalf take appropriate account of GDPR. So are your EdTech suppliers playing ball?
As a company primarily orientated towards data collection, the issue of best practice in relation to data protection is seminal to our success. And as a company selling into over 100 countries, we have developed a lot of experience dealing with multiple standards in relation to data protection. Over time, this experience has led to data protection considerations becoming a deep-seated part of the company DNA.
What’s the fuss all about?
The GDPR, is a positive step towards having more control over how data is used and how users are contacted. The changes also help to better protect personal data, which is a critical aspect for any business and universities to ensure that both employees / staff and students’ information needed for our services and applications is not misused and can be controlled, checked, modified and/or deleted upon request. Data breach / misuse can lead to significant disruptions and unauthorised access to other platforms, potentially leading to loss of revenue for businesses and universities alike.
Find the right host
At Turning Tech, we often receive questions about the locality of data we process for our customers – where data is being stored depending on where it originates. And whilst there is no blanket ban on whether a supplier enables personally identifiable information (PII) to leave the EU, many universities require their server to be located within the EU for control purposes.
All Turning Technologies’ ‘online’ services are hosted by Amazon Web Server (AWS). This allows us to offer servers locations falling under clients’ regional laws such as GDPR. We chose to work with this leading cloud hosting provider for paramount end-to-end security and end-to-end privacy and the ensure our customers have a scalable storage solution.
Is your EdTech supplier taking data protection seriously? Considering that security is one of the fundamental design requirements of the TurningPoint / Turning Technologies applications, we work constantly around six main areas when releasing our products: Data privacy, network, service and physical security, data segregation and plans in case of data breach.
So, what happens if you fall foul of a data breach? In the case that Turning Technologies becomes aware that a data breach has occurred on AWS, we instantly leverage email notifications as well as account dashboards to alert customers. All necessary instructions and updates will be provided to customers until the situation has been remedied.