Fears over security of child data

Queensland independent and Catholic schools have sounded the alarm over the potential for student and parent data to fall into the wrong hands as a result of proposed laws.

The new laws, which require data to be handed over to approved school health program providers, are designed to improve vaccination rates and increase the number of students benefitting from the School Dental Program (SDP).

However, the Queensland Catholic Education Commission (QCEC) and Independent Schools Queensland (ISQ) said they were concerned about the “continued storage and destruction of the disclosed information”.

In a submission to a parliamentary inquiry, ISQ said that it supported the overall intent of the new laws but wanted assurances that the data would not fall into the wrong hands.

However, the state’s Health Minister, Cameron Dick, said the legislation included strict penalties for misuse of information.

Principals have been urged to champion a more mature attitude towards student data privacy in an era of increasing data collection, or risk the potential of student data being misused.

Privacy experts argue the growth of data collection by both schools and third party service providers means student data is now at more risk of misuse than ever before.

“The more data that is available at people’s fingertips, the more easily it is going to be abused,” said barrister and Australian Privacy Foundation (APF) board member, Peter Clarke.

On a school level, Clarke says while an array of sensitive data like health records, counseling notes or even sexual preference information were once kept in separate places in paper form, today’s IT systems allow them to be aggregated and accessed from one central repository.
“This has a positive effect – there’s more administrative efficiency. But the potential for misuse of data and data breaches has the potential for impacts on students,” Clarke says.

Likewise, third party education technology providers, often located in the US, are data mining students and are not subject to the same strict standards set by Australian privacy law.

“The thing to remember when you use services like Google and you are not paying for the use of those services is that you are the product – your information will be data mined.”