Are we ready for data protection in schools?
THE EDITOR, Madam:
The Data Protection Act (DPA) 2020 came into effect on December 1, 2023. This act requires institutions, organisations, private and public business entities to obey the law by securing their stakeholders’ personal data/information.
Schools, as data controllers, have a fiduciary responsibility to protect students’ personal information and should be mindful that it’s not business as usual. Adhering to the DPA will require a change of mindset, additional resources, and an increase in budgetary allocation to facilitate the data protection requirements.
The retention and disposal of stakeholders’ personal and sensitive data/information is crucial. Simple data/information that were taken lightly or as routine classroom procedures in the past, such as displaying students’ names on a public achievement list, may now require parents, guardians and students to consent to the publishing of this information. Personal information should not be disseminated without the approval of the data subjects.
It is therefore pertinent for educational institutions to utilise the six-month grace period allotted by the Office of Information Commissioner to prepare their policies, sensitise stakeholders, and register to be compliant.
Let us all remember that ‘privacy still matters’ and get ready for the change in how we store, utilise and dispose of stakeholders’ personal data/information in 2024.
OLGA MORGAN
omichellemorgan1985@
gmail.com

