Universities, schools should always ensure data privacy

While applying to public universities online through the admissions portal, applicants fill in the online form with lots of data – both personal and academic. This is all good, since that data facilitates and supports your admission/selection. 

But when releasing the admission lists, universities also release online or publish in the newspapers personal information of the applicants, in total disregard of privacy laws and regulations. While it is important to specify that X has been admitted to study Bachelor of Laws, going ahead to list his date of birth or phone number is not helpful at all. I have also seen universities requesting to know the applicant’s religion, and marital status, things that are not in anyway required for admission. 

That is very sensitive information- personally identifiable information (PII). This brings us to the issue of personal data in our daily lives, or student data in case of education sector.  It is quite well-known that the effective use of student data is essential for improving student outcomes and equipping educators with the information they need to help every student remain on a path to educational success.

Thus, student data can help teachers personalise and customise instruction, equip parents and students with information to make important, and informed educational choices, and assist policymakers with programme evaluations and resource allocations. 

In a world where knowledge is power, student data provides parents, students, and educators with the tools they need to ensure that every student attains his or her true potential. At the same time, parents and students must be able to trust that student educational data is securely safeguarded, secure, and used solely for the betterment of students’ educational needs and experience. 

When personal, academic or health data/information leaks, it can have disastrous outcomes for the victims. If it must be shared publicly, then the consent must be obtained from data subjects. Yet, this is not the case, especially for the admission lists released by universities each year in Uganda. 

In schools, it is common practice to have reception desks near the gate, where a lot of personal information is usually obtained from visitors, parents by the security team or teachers on duty. Most schools also display academic results, including personal information, on the notice boards. And most of this data obtained does not any way help in enhancing services, nor do they perform any analysis to identify useful patterns to help in decision making. 

The examples are many, and abuse of personal privacy, and data breaches happens often in Uganda. No wonder, the number of con men, and online scams are ever increasing. It is partly due to the fact that it is quite easy to get someone’s phone number, date of birth, or even NIN. Many people are not serious in upholding their privacy.   

Privacy simply means keeping private things private. Things concerning a person’s home, family, religion, tribe, health, sexuality, personal life and private affairs are covered by the concept of privacy, except where these go against public wellbeing. One way to curb the rising instances of abuse of privacy such as the ones I have highlighted here is to uphold, and enforce ICT laws and regulations in place. The Ministry of ICT and National Guidance, National Information Technology Authority (NITA-U), and Uganda Communications Commission (UCC) should be at the forefront in enforcing the Data Protection and Privacy Act 2019.  

Furthermore, the perpetuators of these digital crimes should face the law so that other intending abusers will stay on the right path. Universities and schools, together with local governments, and NGOs must be able to uphold and adhere to requirements specified in the Data Protection and Privacy Act, 2019.

The government should fast-track the implementation of the provisions in the Act, such as establishment of office of personal Data Protection Office (DPO), as is the case in Europe after passing of GDPR in 2016. Also, people should also avoid sharing their private issues on social media, or with friends, or neighbours. 

Gabriel García Márquez, one of the best-known Latin American writers, summarised it all when he said: “All human beings have three lives: public, private, and secret.” Therefore, universities, and schools, being the biggest offenders, should keep what’s private private. 

Emmanuel Angoda, Founder of Centre for Skills and Innovation, teacher at Lira Town College                 [email protected]