The need to create an environment for better protecting students’ private information in the age of cloud computing was the hot topic at a recent seminar hosted on Friday by the Student Privacy Association, a civil watchdog group committed to protecting students’ personal information.

A dozen experts and officials from local security firms, civil groups, and educational institutes gathered in Seoul to discuss how to enhance data security, particularly in the school computer networks where student information is often easily accessible.

Noting such concerns, software giant Microsoft, teaming up with private firms including developers for curriculum software, pledged to deploy measures for improved data protection at schools.

Led by Microsoft, the companies pledged that they would neither sell information on students or use it for any type of marketing purposes. They also promised not to collect the students’ personal data without the consent of the schools or parents.

The move was greeted enthusiastically by the seminar participants who said that student data could fall into the wrong hands if not managed properly.

Hahn Sang-geun, a professor at KAIST’s graduate school of information security, delivered a lecture where he claimed that student information stored in the National Education Information System ― a government-run Web-based administrative system ― is often mishandled and consequently exposed to the risk of data leaks. 

“The private information of our students is being managed by the operators of these computer systems, and facts show us that these same operators can sell the data or use it for their own marketing purposes,” said the professor.

Along similar lines, Han noted that in the U.S., concerns over the security of schools’ cloud computing systems have been mounting for years.

According to a report published by Fortham University in 2013, a large amount of student information in schools’ cloud computing systems are transferred to third-party providers often without parental consent

The state government of California has recently enacted a law restricting the ways education technology firms use student data.

“South Korea, which often puts too much emphasis on doing everything fast is not proceeding fast enough for protecting student data,” Han said.

The KAIST professor called on the education authorities to work together with the students and their parents to help strengthen school data security systems.

Echoing the professor, Jung Kyoung-oh, an attorney at the Hanjung Parters law firm, also said that the excessive collection of student information should be restricted, and the data should be destroyed after students graduate. He also expressed concerns over cloud computing services that are expected to be more widely adopted by schools and the authorities in coming years.

“The ramifications would be disastrous if the schools’ cloud computing services crashes or falls prey to hackers,” said the lawyer, adding that the society should set up laws which hold those responsible for data theft or leakage accountable.

An official from the Ministry of Education in charge of managing NIES, said the ministry is making utmost efforts to deploy state-of-the-art security systems to protect the stored student data.

“Students and parents also should exercise caution in managing their data. They should not be persuaded into handing over their personal information in NEIS to private institutes that want to make a profit out of it, or use it for marketing,” said the ministry official.

Lee Kyung-hwa, president of the seminar’s host organization, called on the teachers, school principals and IT solution companies to jointly make concerted efforts for data protection.

By Kim Young-won (wone0102@heralcorp.com)