In the last couple of years, several educational institutions in Canada have experienced a data breach incident. This can be worrisome for students and teachers who are heading back to the classroom for a new school year.
The 2022 Data Breach Investigations Report by Verizon reported 1,241 incidents in the education sector. This sector, especially colleges and universities, keeps a lot of private information on file ranging from student and staff names, addresses, medical information, and birth dates to banking and financial data as well as innovative research.
How can educational institutions help protect confidential information?
- Take stock: Establish the different types of confidential information the institution holds and put formal and comprehensive data security policies in place.
- Think compliance: Understand the privacy laws that safeguard personal information. For example, in Ontario the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) outlines the rules that school boards and other municipal institutions need to follow regarding the collection, use, retention, and disclosure of personal information.
- Scale back: Privacy laws dictate that personal information should only be gathered and used for legitimate purposes. Keep only the information the institution needs.
- Protect it: Use a document management process to help ensure that all data, in digital and paper format, is secure from creation to disposal. A retention policy should identify which documents to keep and for how long. Mark records in storage with their destruction dates. The more data an institution stores, the higher the chances of a physical data breach or cyber-attack.
- Increase cyber security: Prevention and detection tools are critical; keep everything up-to-date and patched.
- Educate: Teach students and staff about information security risks and best practices. Provide ongoing employee training highlighting threats to physical data breaches. There are a few ways to educate employees to recognize and respond to data breach threats, including training, policies, and using a trusted third-party who can offer support.
- Have a plan: An incident response plan is a documented, written plan for staff detailing procedures to detect, respond to, and limit the consequences of a malicious attack. These plans are designed to save time and reduce staff stress should a data breach occur, as it keeps all personnel aware of their assigned duties. Without intentional plans and clearly designated tasks, businesses can risk worsening a data breach incident, potentially damaging their reputations and budgets.
- Destroy it: Have a formal procedure for information destruction. Use a professional document destruction service like Shred-it®, which uses locked consoles and NAID-certified processes. A professional information destruction company will provide these services and recommend a shred-it-all policy.
How Educational Institutions Can Dispose of Physical Data Securely
Businesses can use a trusted professional shredding service like Shred-it® that offers a variety of shredding options:
Learn more about how Shred-it® can help protect your educational institution’s data with our secure document and hard drive destruction services.