Last week SPM results came out, 373,974 aspirants who have been waiting patiently over the last few months would now know their fate. Some 10,109 have received all A’s, the golden standard of academic success and the ticket to those looking to study the “more advanced” subjects in university.
Proudly, I’m able to report that my daughter was in this group. So, I would be remiss not to thank all her teachers, tutors, her family members who helped in various ways, and her friends who studied with her over the last few years. And to recognise her hard work in this achievement. It truly takes a team effort to ensure that one person can meet this kind of educational objective.
SPM results season is also an opportunity for institutions of higher learning to catch as many students as possible, and rightfully so for Malaysia to become a fully developed nation, this process needs to be successful. Not just for universities but for TVET institutions and other further study options for students looking for a better life than their parents. But somewhere along the line, there has been a failure in data governance.
The last few weeks, I have been inundated by a steady stream of WhatsApp messages and phone calls from various sources asking for my daughter to consider a given course or attend a briefing by a particular learning institution. They know my number, my daughter’s name and the fact that she is receiving her SPM results; the only problem is, I have never given my data to anyone and such refined data is not easy to come by.
This suggests a breach. Usually, the only concern that finds its way into conversations is the security of test papers ahead of the exams. That has long been resolved. Now a contemporary threat exists – the integrity of data.
Firstly, how was this highly refined time-sensitive data generated to understand if there has been a data leak or a cyber-attack that allowed this information to leak to multiple organisations? Where did it happen, how did it happen? At what level and when? This requires a forensic investigation on a wholistic level so that the data ecosystem that the education industry operates in remains safe for all users and for all organisations operating in this critical space.
Secondly, the environmental, social, and governance (ESG) standards of those educational institutions looking to conduct marketing exercises need to have a deeper understanding of data governance and data ethics. They must be accountable for the data that they maintain and hold, not just with a strict adherence to data security protocols, so that others do not get it but to understand how they got that data and whether they have expressed permission to use it. Using data that has been obtained through dubious means should be akin to receiving stolen property.
My daughter aspires to study law. Perhaps, in time, this is one area of the law where she can pioneer the intellectual and structural changes that will make a difference. That is for her to decide.