Navigating the Digital Frontier: Cybersecurity Challenges and Data Privacy in Online Education

CXOToday has engaged in an exclusive interview with Manish Sehgal, Partner, Deloitte India

1. How is the growing digitization of education influencing the broader learning experience, and what steps are being implemented to guarantee the cybersecurity and data privacy of students in the online learning environment?

MS: Digitisation continues to touch various corners of our society including education. Increasing digital footprint is also opening more avenues for unwanted cyber exploitation and breach. Students (especially children below age of 18 years) needs to continuously be sensitized on dos’ and don’t’s of online learning space. It’s broadly noticed that efforts are underway to spread this awareness, however more action could be taken to ensure that the importance of being cyber secure is well understood and practiced by academicians.     

2. Considering the rising threats to online learning platforms, what are the most significant cybersecurity challenges faced by these platforms, and how can they effectively address and mitigate these challenges while complying with data protection regulations like the DPDP Act?

MS: Apart from technical vulnerabilities or loop-holes in the application or IT infrastructure, ‘humans’ are potentially the weakest link in this value chain and one of the top significant cybersecurity challenges faced by online learning platforms is limited awareness about being cyber secure. Multiple measures can be taken to secure application and IT infrastructure along with 24X7 monitoring of cyber operations, however, there is no shortcut to make people exercise safe cyber practices. Repeated attempts are required to make people / users aware about cyber safe practices. Specific to DPDPA, a concentrated effort is required to make data principles aware about their privacy rights. It is important for online learning platforms to offer simple to understand privacy notice, and consent forms so that users are aware about personal data that will be collected and processed; along with how users may exercise their rights granted by DPDPA.

3. What implications does the DPDP Act have on the legal framework for online learning platforms in India, and what guidance would you offer to ensure compliance while delicately managing the balance between providing accessible education and protecting user data and privacy?

MS: Privacy is the fundamental right in India and no more an option. Thus, any product or services enterprise including online learning platforms needs to adhere with the requirements of the Act. This may require significant changes in the way online learning platforms collect and process personal data. The operating ecosystem needs to ‘evolve’ across people, process, technology and governance layers to deliver expected services and maintain user privacy, be it customers or employees or third parties like merchants, contractors, suppliers, etc. Unsolicited use of personal data beyond the purposes for which it was collected is strictly prohibited and hence necessary steps need to be taken to reshape current ways of working. To begin this journey, online learning platforms may consider basic steps including but not limited to assessing current state against requirements of the Act, defining personal data for the enterprise, preparing inventory of personal data, conducting awareness sessions for employees, and preparing the techno-functional framework. Many more steps and initiatives may be required basis the current state of privacy readiness.