Privacy Law in Education: Personal Student Data Can Be Threatened

Share this article

In contemporary society, scam artists target the vulnerable. Scam artists focus on finding individuals who can access money. These individuals must also be naive about certain features of the modern world. And that makes college students the ideal target. 

For most college students, college is the farthest they have been from home.  For the first time, they are handling everything on their own. As such, they may not know how to protect their personal information. And, since college students study on campuses all over the country, they are easy to find. 

With this in mind, fraudsters have it easy when it comes to stealing information from students. So, as a student, what can you do to safeguard yourself from data breaches?

Read on to discover how you can safeguard yourself from fraudsters and protect your information. 

Why Students’ Personal Information is Under Threat

Students’ personal information is under threat because of a distortion in student privacy laws.

Students are the ideal target
Students are the ideal target

The FERPA (Family Educational Rights and Privacy Act) passed a law in 1974 to protect student’s privacy. This law safeguarded students against officers of the law accessing their secret documents that the school may be keeping without them being in the know.    

But, over the years, changes to the statute have caused it to become distorted. Government records such as those maintained by public schools are open for public scrutiny. These records often contain sensitive or private information, as well as identifying information. The fact that the public can access such vital student information poses a threat to students’ security.  

Under the instruction of law enforcement, schools can release the contents of students’ records. Journalists can also ask for the records of students who are part of ongoing criminal cases. Even though FERPA protected student’s privacy, alterations to the statute have placed students’ privacy under threat.  

How Scammers Access Students’ Information

The following are the top tricks that scammers use to access students’ information:

Good Apartment Deals

Students will do anything to get a conventional apartment that is close to campus. This is the case, especially when the apartment advertises affordable rent. It is tempting to provide credit card information online to get a great apartment deal. And scammers know this.

Employment Scams

Employment scams were the number one scam for scammers in 2018. Scammers send job offers to students via school emails. The job offers promise decent pay and flexible working hours. Because some college students are desperate for money, they are a perfect target. They send their social security number online without knowing who they are sending it to.   

Grant and Scholarship Scams

Scammers take on the persona of company representatives who can help reduce loan payments.  They also pretend that they can help students receive a hefty grant. Fascinated by this, students can provide their credit card or bank information. As tech-savvy as college students, they need to be serious about their data protection. Otherwise, they will keep falling for these scams. 

Is it True That You Can Buy Personal Information on the Internet?

Online threat
Online threat

You can buy or sell personal information on the internet. As shocking as this sounds; it is true. According to a study conducted by Fordham University, there are over twelve private brokers in the U.S. that can share student data.  

The study discovered that fourteen companies that sell student data. These data brokers have a vast database of mailing lists. When contacted by the researchers, the sales representatives from this company agreed to sell a list of “14 and 15-year-old girls data.” So, based on this study, it is possible and easy to buy personal information on the internet. This places more and more students under the threat of having their data stolen. 

Schools have a part to play in the dissemination of students’ personal information. They may be helping data brokers retrieve students’ information by giving students third-party surveys. Once these surveys go through the gate, so does the student’s privacy.  

Terrible Incident in San Diego

A hacker stole the personal details of more than 500,000 students and staff members in the San Diego Unified School District. The breach was a result of a tactic known as “phishing,” which the hacker used to access staff data.  Phishing is the act of sending legitimate-looking emails which redirect individuals to fake login pages. It is at these fake login pages where hackers retrieve login details. 

Some staff noticed the funny-looking emails and reported the incident to IT staff. After investigations, the IT staff discovered the breach. District officials asserted that the hacker accessed the school’s network between January and November 2018. The hacker also stole staff and student data in the years 2008 to 2009.  

After investigations, District Officials identified the hacker. All compromised accounts were reset to prevent any potential attacks. The San Diego Unified School District stated that the hacker stole information such as:

  • Student and staff personal identifying information
  • Student and staff social security numbers
  • Student enrollment information
  • Student and staff emergency contacts
  • Staff payroll information
  • Staff benefits information

Terrible Incident at Lancaster University

Hackers stole the personal data of current and prospective students at Lancaster University. This was after they gained access to databases that contained the personal information of the victims. Hackers retrieved information such as:

  • Names
  • Addresses 
  • Email addresses
  • Telephone numbers

The breach did not go unnoticed. On 19 July, Lancaster became aware of the attack and made a report to the Information Commissioner’s Office. 

Lancaster stated that the incident was a malicious and sophisticated phishing attack which breached student and applicant data. Since the incident, Lancaster has established phishing programs aimed at identifying and advising affected individuals. Lancaster has also set up a helpline for persons who suspect that they are a target of hackers.  

Lancaster is one of many universities that hackers have targeted this year. With hackers trying to dupe students and staff into providing personal data, no University is safe!

Who Is To Blame for These Breaches?

Personnel who manage and oversee IT security operations are responsible for breaches. This is because IT personnel manage security operations daily and are more likely to make errors that can cause a data breach. 

Who is to blame for it?
Who is to blame for it?

In most cases, security breaches surface because of unqualified IT personnel. Many institutions are not strict when it comes to hiring IT personnel. Hiring skilled, trained, and qualified IT staff is crucial. Schools need to have data security personnel who can detect and manage breaches in a timely fashion. Schools also need to enforce privacy laws in education to reduce the chances of breaches. 

Is it Reasonable to buy an Admission Essay?

Not all students can write powerful admission essays. As such, many students seek custom essay writing help from skilled professionals. But, is buying an admissions essay reasonable?

Buying an admissions essay is not the smartest thing to do. A college counselor could not help but love an admissions essay. The essay had a solid theme, and it was related to the student’s academic and co-curricular interests. The writing was faultless. But, the counselor did not believe that her student drafted the admissions essay herself. The essay was too flawless for a student who was not. So, the counselor asked the student if she got some help to which she replied “yes.” 

This answer raised both practical and ethical issues. On ethics, it was not right for the student to submit the admissions essay as her own. As for the practical, the essay was “too flawless” for someone with her grades. 

If you buy an admissions essay, you are guilty of academic dishonesty. Additionally, when you buy an admissions essay, you need to provide a large amount of personal information. These pieces of information you provide can leak to third parties. So, your data is not safe with online writing services, even if they tell you it is!

How Can You Evade Identity Theft

Ensuring that you safeguard your personal data can lower your chances of identity theft.  You can safeguard yourself against identity theft in the following ways:

Secure Your Personal Information When You Are Online 

  • Lock your records and personal files in a place that only you know about. 
  • Only carry a few things when you go out. Take your identification card and only the credit or debit card you need
  • Shred insurance forms, bank statements, credit offers, expired charge cards, and cheques. 
  • Rip off the labels on your medicine bottles before you dispose of them.

Ensure that You Secure Your Personal Data Online

  • Be cautious of impersonators. You must know who you are sending your financial or personal data.
  • Erase all personal data. Before you hand out or dispose of a laptop or computer, erase all the personal data you have stored. 
  • Do Not Share Your Password. Do not tell anyone any of your passwords.
  • Do not over-share on the Internet. Do not give too much identifying information. Only if you are seeking help from trusted service, as ResumeThatWorks, you can share your information. Please try to avoid not trusted sites.

Only Use Secure Websites

Before you give any information to a website, you should ensure that it is secure. Here is how to know if a website is secure:

  • Look at the SSL Certificate

Check the URL of the site you are on. If it starts with “https” and not “http,” you can proceed with ease. This means that the site you are on is secure. The “s” stands for secure. 

  • Check the Domain

Hackers can create sites that look like existing websites. They then trick users into logging into or buying something from their phishing site. 

For example, a hacker can buy the domain “” and develop a website that mirrors “” the hacker then tries to trick visitors to buy items on the fake phishing site. 

To evade such attacks, ensure that you examine the domain you are on. 

Do Not Use Free Wi-Fi in College

Avoid free Wi-Fi like the plague. Even though free Wi-Fi is convenient, in terms of security, it does not offer much. This means that any cyber attacker on the same WI-FI network can track your online activity. Knowing this, would you still want to enter a credit card number or send vital information online? Of course not! 

Even password-protected networks do not pass the security test. This is because many people have the password to the network. Do not make any transaction unless you are on a secure network. If you have to make a transaction, use a VPN. A VPN encrypts your online activity, and others on the same networks cannot see what you are doing. 

Close the Accounts You Are Not Using

Do you have any accounts that you no longer use? Whether it is a dormant Facebook account or an inactive account on twitter; close it. If there is a breach in any of your inactive accounts, attackers can access any personal data that is on that account. For example, a dormant email account can contain past statements, including healthcare forms or bank statements. These documents may contain personal data that could aid in the stealing of your identity. 

Take some time to identify the accounts that you no longer use. It is always better to have less personal information online. Make payments only with secured sites, as

How to Solve This Problem

College students, as well as staff members, can solve this problem by following a few simple steps. 

Protect your data
Protect your data
  • IT personnel can use security software. Data security personnel can enhance college security by using security software. IT personnel can install a firewall, anti-spyware, and anti-virus software. They can also install security patches which will protect schools against infections and intrusion that can compromise password or computer files. 
  • Privacy Laws in Education. Privacy laws in schools protect students’ data. Privacy laws protect educational records, as well as other personal information. They also protect personal information in an out of classroom settings. Privacy laws can safeguard students’ data in this age of easy access to personal information. 
  • Avoid Phishing Emails. Students should not download programs, click on the links, or open files sent by unknown individuals. Opening files from unknown persons can expose your system to spyware that steals your passwords. 

Final Word

As a college student, we understand that it is almost impossible for you to stay offline. But, because you are always online, you are at more risk of encountering security attacks. You cannot prevent all instances of security attacks. But, by using the above tips, you can discover how to safeguard your personal information online. If you are one step ahead of cyber attackers, you have beaten them in their own game! 

Aigerim is using Turtler in her own hiking and outdoors adventures and proud to be promoting it worldwide as our Marketing Director extraordinaire.

Aigerim is using Turtler in her own hiking and outdoors adventures and proud to be promoting it worldwide as our Marketing Director extraordinaire.