Schools issue e-learning guidelines to protect privacy, reduce data breaches

Share on facebook
Share on twitter
Share on linkedin
Share on email

A group of public and private universities and colleges across the country has issued a set of guidelines to help students, parents, and teachers, administrators and other school personnel to safely navigate the digital spaces, as classes have shifted to online platforms to curb the spread of Covid-19.

Among the guidelines contained in Advisory No. 2020-1 that the Data Privacy Council Education Sector issued recently is that schools must consider getting the consent of the parent or legal guardian of students below 18 years old before webcam-supported online discussions are recorded.  

The presence of the parent or guardian during these recorded sessions must also be considered, said the group, which likewise advised that the use of webcams in synchronous online classes be optional.

With encouragement from the National Privacy Commission (NPC), data protection officers of a number of universities and colleges volunteered on June 26 to come up with the guidelines in the wake of a surge in security breaches of data systems of schools in the country in the first half of the year.

The security breaches stemmed from hacked portals and databases, phishing, stolen laptops, system glitches and human error, according to a report of NPC’s Data Security and Compliance Office.

NPC chair Raymund Liboro cited the education sector for coming up with the online learning guidance with data privacy at its core. “Adopting technologies and online tools is a new progression of education as the pandemic continues to inhibit our movements,” he said.

Like everything else, online learning must adhere to the data privacy law for the safekeeping of personal data, he said.

“Educational institutions must choose an online learning platform with the best security features and one that is most capable of protecting students’ privacy. Consider if the platform meets the requirements of the Data Privacy Act before letting students use them,” Liboro added.

For the conduct of personal data processing activities deemed necessary or related to online learning, the advisory emphasized accountability, information about education as sensitive personal information, legitimate interest, legitimate purpose, proportionality and transparency.

The guidance listed areas of concern covered by the guidance. These are:

  • Use of a Learning Management System (LMS) and Online Productivity Platforms (OPP);
  • Other available unofficial supporting tools for online learning;
  • Use of social media;
  • Publication of information or files via other means or platforms;
  • Storage of personal data;
  • Use of webcams and the recording of videos of online discussions;
  • Online proctoring; and
  • Data security

The advisory, among other things, said that:

  • An announcement or posting involving personal data, such as grades and results of assignments, must be viewable only by its intended recipient/s.
  • Downloading of personal data stored in the LMS or OPP should be kept to a minimum and/or limited to that which is necessary for online learning.
  • Mechanisms must be in place so that submissions, such as assignments and projects, may be carried out in a safe and secure manner.
  • Submissions via social media platforms are discouraged.
  • Posting or sharing of personal data, such as photos and videos, on social media, must have a legitimate purpose and be done using authorized social media accounts of the school.
  • Explicit consent of the student (or parent or legal guardian, in the case of minors) should be obtained before the conduct of online proctoring and the use of related tools or technologies.

The advisory also asked schools to practice limited use of supporting tools or technologies that they have not officially adopted, as there is no formal relationship between them and the developer of the tools.

The guidance is meant to be a set of recommendations and shall not be treated as some type of policy since schools retain the prerogative to decide on the measures, they deem appropriate.

The advisory also said that the document covered different areas relevant to online learning, but it was not intended to be an exhaustive list of such concerns.

“Neither does it include issues which, while related to online learning, do not involve the processing of personal data,’’ it read. The advisory can be updated periodically as the need arises, it added.

Data-Privacy-and-Learning

Members of the Data Privacy Council for Education that drafted the advisory are:

  • San Beda University
  • De La Salle University
  • Ateneo de Manila University
  • University of the Philippines-Manila
  • University of the Philippines-Cebu and Technological University of the Philippines
  • De La Salle-College of Saint Benilde
  • University of Perpetual Help-Dalta
  • University of Santo Tomas-Legazpi
  • Central Mindanao University
  • Laguna State Polytechnic University
  • Ateneo de Iloilo

Launched by the NPC in 2018, the DP Council is a stakeholder-based approach for a more effective promotion of data privacy accountability across all sectors.

The Council is tasked with collaborating with the NPC in the creation of privacy codes for the specific needs and conditions of every sector.

Latest Posts

Archives