Data security is an absolute prerequisite of a good student experience, and we need to talk about it more

Sign up to our free Brexit and beyond email for the latest headlines on what Brexit is meaning for the UK

Sign up to our Brexit email for the latest insight

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

UK education is undergoing a period of significant change. The fallout of the recent EU referendum remains to be seen; universities and colleges are now within the remit of the Department for Education, and the intentions of new Education Secretary, Justine Greening, are unknown at this early stage in her tenure. But for all of the challenges this time of uncertainty represents, it’s critical for institutions to remember the driving principle behind their success: offering the best student experience possible.

But what actually contributes to the ‘student experience’? Academic factors, such as course offering and teaching quality, understandably spring to mind first and, indeed, these are the areas in which universities and colleges invest most of their resources.

However, WPM recently collaborated with YouGov on a research project which revealed students and their parents consider a much larger number of factors to be valuable to the overall student experience. The main takeaway from the research was that, while academic standards remain a priority, communication, convenience, and security are increasingly important.

These factors are often overlooked - albeit unintentionally - but, as we have seen, they are just as crucial to the quality of our education system. Data security is, perhaps, the prime example: our research revealed 91 per cent of those surveyed believe compliance with data protection regulations is either “important” or “very important.”

This is entirely understandable. When you’re attending a university or college, it’s fair to expect your private information will remain private, and that everyday processes, such as making payments, are as convenient and secure as possible. From an institutional perspective, a strong data security policy not only enhances student satisfaction, it also saves money and preserves reputations by mitigating the risk of costly data breaches.

However, universities and colleges can only assure students and parents their data is in safe hands if they can demonstrate compliance with the major data security standards. The EU General Data Protection Regulation (GDPR) will be coming into force in May 2018, but, post-referendum, we don’t yet know what this will mean for colleges and universities. For the moment, there are two main security benchmarks to consider: the Data Protection Act 1998 (DPA), and the Payment Card Industry Data Security Standard (PCI DSS).

The former is a legislative measure which requires any organisation handling the information of identifiable living people to maintain certain standards of privacy and discretion. The latter is a set of criteria designed to safeguard networks, access control, and information security within the payments industry. While it has no formal status in UK law, PCI DSS noncompliance carries fines of up to £500,000 from the Information Commissioner’s Office (ICO).

In light of this, colleges and universities should be providing regular data security training in accordance with the roles and responsibilities of their staff members. We often assign blame for data breaches to outside, malign influences, but human error still causes more of them than anything else: in 2015, half of the worst incidents were caused by staff making inadvertent mistakes with the system.

In the spirit of staying current, it’s also essential institutional practices don’t become stale or outmoded. There will always be room for improvement; data security is a moving target, and goals for success should move with it. By scheduling regular reviews of systems and processes, it’s easier to understand how performance relates to key organisational drivers - and where the institution can do better.

Finally, it’s vital college or university budgets the necessary resources. Complying with data security standards costs money in the short-term, but it can save tens of thousands in fines, and make a college or university a more attractive study destination. When students and parents are satisfied their data is safe and that processes, like making payments are secure, efficient, and convenient, they become less likely to disparage the institution and more likely to promote and recommend it. According to our research, 71 per cent of students and parents would be less likely to recommend the institution to others if they had experienced an unsatisfactory payments experience.

Investing in the security of processes like payments will affect your budget, but the enhancement to student experience and institutional reputation will be worth it.

That last point will no doubt be the most contentious. Educational budgets have been slashed in recent years, and the full consequences of the dissolution of the Department for Business, Innovation and Skills are yet to play out. In times like these, it’s understandable to double down on teaching quality and academic standards.

But it’s an impulse that ought to be resisted. Data security isn’t flashy, it isn’t particularly visible, and any impact it has on an institution’s place in the league tables will be negligible at best. Nevertheless, it remains one of the many different factors students are taking into account when judging the quality of their colleges and universities. Education is about more than just courses and lecturers: it’s about the entire student experience - and safety and security are absolute prerequisites of a good student experience.

Holger Bollmann is director at WPM Education