Mandated biometric attendance systems for teachers are not updated while experts believe that such systems for both students and teachers are running with no knowledge about security laws.
Bengaluru; Biometric attendance system is not working properly in Karnataka colleges due to lack of funds, say officials. Moreover, experts believe that the system has data breach issues due to outsourcing of information by educational institutions.
The security issues stem from lack of awareness about the security laws in educational institutions, said Sushanth Samudrala, a cyber law expert.
Department of Collegiate Education (DCE), Karnataka had mandated biometric attendance systems of for teachers but the machines are not working currently due to expired tender and lack of funds to maintain them, according to DCE.
The system was installed for marking teachers’ attendance which was required to release their salaries, said Nalini Srinagesh Paul, associate professor at a government college in Bangalore. The data is submitted to the directorate of education for attendance verification, she added. “However, the details have not been sent to the department for some time now as they did not request for it,” she further said.
Lack of awareness
Educational institutions have a lot of data about teachers and students which is often outsourced for technical maintenance or to vendors for college activities. Biometric fingerprints come under Sensitive Personal Data or Information (SPDI) according to the Information Technology Act Rules, 2011, Sushanth added.
Institutions are not aware about the laws and if a third-party vendor or maintenance facility breaches the data for inappropriate actions, institutions will be responsible for it. “They will not understand where they went wrong because they do not know about these laws but are responsible for these systems in colleges,” he added.
“Collegiate department’s employees came and installed the machines. Hence, the college does not have much idea about its operation or security norms,” said Paul.
Data breach through these systems is common for instances of money withdrawal through Aadhar card linked accounts, said Rakshit Tandon, a cyber security consultant. Technologies like zero trust and multi-factor authentication have come in because misuse of fingerprints is widespread.
Since the data servers come under their jurisdiction, knowledge about signing non-disclosure agreements with the third-party vendors that maintain it, could be a step towards securing the data and being aware of what the institutions are getting into, Tandon further said.
Moreover, students should be made to sign a legal consent for submitting their personal data for educational purposes. This would make them aware that authorities are responsible for their data. Instances where students start receiving random calls or electronic mails, can then be challenged by them for data breach, he added.
University Grants Commission (UGC) had recommended the same for student attendance to prevent them from marking proxy.
“Student attendance is great by calling names because that helps in developing a bond but with 150 students in a class it is practically impossible. Hence biometric system is the only solution as it is documented and gives correct data,” said Dr. Dipshikha Chakravortty, professor at the Indian Institute of Science (IISc).
“Our college hostel has the biometric attendance system for hostels to maintain discipline in the college as to make sure they leave and come in within the allowed hours,” said Shiv Chhatrala, a college student in Bangalore.
However, according to Jeevika Chourey, another college student in Bangalore, there is no need of such attendance systems in colleges as she believes that teachers certainly can look after who is absent or who is present in a class rather than relying on automated system of attendance. “They are aware of how students mark proxy as they are not that dumb,” she added.