The lack of knowledge and guidance relating to data privacy is prevalent. Students and parents should be well aware of their rights in this regard. But how do the readers propose that should be taken into account?
One of my peers mentioned, “The challenge that education implies in privacy matters is a topic that has been broadly discussed over the years.” It is intriguing to read about the US law that you have mentioned. And with the enforcement of GDPR in May this year, do you observe that the US is revising their law and planning well to comply with the new law?
Especially for higher education, where the colleges and universities will have many students from EU so the changes would be necessary to be made to comply with GDPR. The educational institutions in the US hold and process the data of the students or prospective students. And any failure to comply will lead to big fines. As AACRO (2017) states “Failure to comply could lead to fines of up to 4 percent of global turnover or €20 Million, whichever is higher. Additionally, the law requires that data breaches be reported to European national state authorities within 72 hours, among other things”.
EU has made this necessary move to solidify the basic right relating to the digital era. It permits the people to reserve the right to challenge a particular data processing act and update, restrict or delete their data. Talking about the educational institutions, this is a major shift for them as it would put them under the radar to justify the data they store and process. With the introduction of GDPR, it would be essential to document why data is stored, how it is obtained, for how long is it maintained and who has the access to this data. In the UK, before GDPR there is no legal obligation (just a recommendation by ICO) to report a breach to the concerning local authority but with GDPR institutions and organizations will be legally bound to report to ICO (Information Commissioner’s Office) and in some cases to the individuals as well (Cormack, 2017).
Do the US readers presently have any law regarding the obligation to report a breach when it happens in the US?
References:
AACRAO (2017) New EU Data Protection Law to Impact US Institutions. Available at: http://www.aacrao.org/resources/resources-detail-view/new-eu-data-protection-law-to-impact-us-institutions (Accessed: 31 January 2018)
Cormack, A. (2017) A year to get your act together: how universities and colleges should be preparing for new data regulations. Available at: https://www.jisc.ac.uk/blog/a-year-to-get-your-act-together-how-universities-and-colleges-should-be-preparing-for-new-data-regulations (Accessed: 31 January 2018)
