Comment & Analysis
Editorial
Sep 2, 2018

Students Should Demand Better Protection for their Data

The extent of the information that colleges and students’ unions store about students should raise red flags.

By The Editorial Board

When we think of data protection, things like Cambridge Analytica and the hacking of elections come to the fore, such is the prominence of security breaches involving tens of millions of internet users in our minds. Around this time last year, Yahoo admitted that a 2014 hack likely compromised all three billion of its user accounts, while, earlier this year, Facebook – the social media company that has invaded all of our lives – spent the better part of two weeks making upward revisions to the number of people whose data it said had been harvested by outside firms.

The scale of these kinds of breaches obscures some basic facts, however. For one thing, we know that almost two-thirds of small businesses experienced some form of cyber attack in 2017 – and that they are often the places least equipped to deal with these kinds of problems. And for third-level students, the breadth of information that your college stores about you should raise red flags about what they are doing to protect it. The same applies to a lesser extent to students’ unions – but, in Trinity, for instance, Trinity College Dublin Students’ Union stores data about a wide range of things, from the names and courses of class representatives to the thousands who have at one point or another taken out a loan from the union.

The news this week that University College Dublin Students’ Union (UCDSU) has informed the National Transport Authority of its concerns about a new Leap card system only brings these kinds of issues into sharpened focus. Students’ unions across the country are some of the main hubs for those looking to apply for the student version of the transport card, which allows them to travel on public transport at a discounted price. Given how accessible the names, addresses, photographs, mobile numbers, email addresses and dates of birth of applicants seems to be on the system, it is not at all hard to imagine how a nefarious actor with some technical know-how could scrape this information for malicious purposes.

ADVERTISEMENT

Everyone – including students – should demand better, be it from social media behemoths, government agencies or students’ unions.