Happy International Privacy Day! A day which is celebrated globally by raising awareness and promoting best practice for privacy and data protection. In this article we take a look at five myths about privacy and data protection, myths that need busting!

International Privacy Day 2025: Five Myths about Privacy and Data Protection 

Today is international privacy day, or data protection day to those in Europe. It is a day celebrated internationally and marks the anniversary of the opening to signature of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, which raised awareness on the need to respect and protect individual’s privacy. Its modernised version (known as Convention 108+) addresses the ever-increasing challenges of a digitalising world.  

The day is used to raise awareness and promote best practices for the protection of privacy and data protection. It is the little nudge we all need at the start of the year to make the safeguarding of our own personal data, and the data of those that we process, a priority. At 9ine, we are taking this opportunity to bust five myths about privacy for schools. 

Myth One: ‘I don’t need privacy, I have nothing to hide!’ 

This is a common myth, that privacy is about ‘having something to hide’ which individuals only need if they do have ‘something to hide’. But privacy is about having some level of control over information about you, and deciding who and when to share that with people and organisations. It is a fundamental right and is an important aspect of what makes us human, to have a level of autonomy and make decisions about who knows what about us.  For schools, this could be staff deciding what information they want to share with a school and for what purposes in the context of their employment, and for students and pupils it is about what information about themselves they think is necessary to share for the purposes of their education. We all have information that we choose to share with our partner, friends and family that we would not want shared with our employer or our school, or that we don’t think is necessary for a school to have to provide us with employment or our education. Does a school need to know you like to collect vinyl records? Or that you despise mushrooms? Of course, some data about you, known as personal data, is necessary for the purposes of employment and education, but not all data - and having the right to have some level of control over your personal data is important. 

Myth Two: ‘Where we have security, we have privacy’

Privacy and security massively overlap and complement each other, but they are not the same thing. Privacy is about how your personal data is used and controlled and security is about protecting it from unauthorised access. They are not mutually exclusive, but they are also not the same thing. There will be times where you may have security, but considerations of privacy are not required, for example where the data concerned does not include personal data, but is highly sensitive, such as intellectual property-related data. There will also be times where privacy is considered, but that security is not required. For example, where a school decides not to collect personal data from individuals because it is not necessary for their purposes, there will be no obligation to keep this secure. You can also have security, and yet not be protecting privacy. For example, a school may collect and process personal data about staff and students, which is held in a secure database, but then use this data for purposes which they have not told individuals about and that individuals would not expect. The data may be protected from unauthorised access, loss or destruction, but the privacy of individuals has not been respected.    

Myth Three: ‘People don’t care about privacy and data protection’

This is simply just not the case, whether individuals feel they have the ability to protect their privacy or do so in practice is a different question, but one thing that is consistently clear is that individuals care about privacy. In 2022, the UK’s Information Commissioners Office found that 8 out of 10 parents and carers in the UK worry about their child’s data protection and over half of children surveyed said that they worried about their data protection when they were online.  Other studies have found that many parents consider schools to be the most responsible party to protect student digital privacy and trust that schools are doing this. What is clear here is that  students, parents and carers care about privacy, and that they believe that the school plays an important role in the protection of this. Schools need to make sure that they have the appropriate policies in place to protect students, and teachers need to be informed about these and how to protect the privacy of students.

Myth Four: ‘Privacy and Data Protection Compliance is a tickbox exercise’ 

The protection of privacy and data protection is not, and shouldn’t be seen as, just a tickbox exercise. Whilst all schools are subject to some form of regulation when it comes to privacy and data protection, meeting these requirements can bring so much more to schools than simply compliance. Beyond avoiding fines, poor inspection results, regulatory action and reputational damage, leveraging the benefits of compliance can help build trust in how a school protects the privacy of their staff and students. This can give schools a competitive edge when recruiting teachers and attracting students. It can also reduce costs and support the school’s strategy when it comes to using data, the ‘oil of the digital age’. Providing effective training on what privacy and data protection is can lead to more informed and educated teachers, who can help students protect their personal data inside and outside of the educational environment. This can lead to empowered students and pupils, who leave the education system prepared to protect their rights and their autonomy. Effective risk management can support the school in maximising the benefits that processing personal data can bring, whilst minimising potential negatives. Understanding holistically where your school processes personal data, with who, and why can help the school to realise efficiencies and reduce costs. Viewing compliance as just a tick-box exercise overlooks these benefits and does not appreciate the nuanced, creative and critical thinking which this requires.

Myth Five: ‘Privacy and Data Protection Compliance is an expensive waste of money’

Privacy and Data Protection compliance does not have to be expensive, and in fact it can be seen as an investment, which can lead to reduced costs, as well as the avoidance of regulatory fines, lawsuits and operational downtime. Storing data costs money, and so respecting the principles of data minimisation and storage limitation which require schools to only collect the personal data they need, and to only keep it for as long as they need to, help to keep these costs down. Records of Processing Activities and data maps help schools to understand where this data is, whether it is still required or whether there are duplications. Data Protection Impact Assessments can prompt schools to question whether they need to collect personal data in the first place. Compliance tools can also help to streamline compliance processes, saving schools time and resources compared to performing these processes manually. Fines ($20,700 for trialling facial recognition, €50,000 for failing to handle subject access requests appropriately), ransomware payments ($6.6 median cost for lower education) and lawsuits ($750,000 for selling and sharing student data) can be expensive where a school is not compliant with its data protection and privacy requirements, making the cost of these tools pail in comparison. Seeing compliance as an investment, in your school’s future, reputation, strategy as well as your finances can set your school apart and help you to support the privacy of your staff and students. 

What can we do?

Effective privacy and data protection compliance clearly brings a number of benefits to schools, but schools do not need to navigate the complexity of this on their own. At 9ine we offer a number of products and services that can help schools in meeting their privacy and data protection compliance requirements,, specific solutions include: 

• 9ine Academy LMS: Our AI Pathway is your school's learning partner for AI ethics and governance. With differentiated course levels you can enrol staff in an Introductory course to AI, then for those staff with a greater responsibility, enrol them in Intermediate and Advanced courses. There’s also specialist courses for Ai in Safeguarding, Child Protection and technology. A Privacy Pathway is also coming soon.
• Application Library: A solution that enables all staff to access a central searchable library of all EdTech in the school. The library contains all information staff need to know about the AI in use (if there is), privacy risks, safeguarding risks and cyber risks. With easy to add ‘How to’ and ‘Help’ guides, Application Library becomes a single, central digital resource. Through implementing Application Library your school will identify duplication in EdTech, reduce contract subscription costs and have a workflow for the request of new EdTech for staff to follow.
• Vendor Management: Removes the pain, and time, from evaluating and vetting third party vendor contracts, privacy notices, information security policies and other compliance documents. Vendor Management provides a thorough, ‘traffic light’ based approach to inform you of vendor privacy, cyber, AI, and safeguarding risks. Vendor Management supports you to demonstrate to parents, staff and regulators how you effectively evaluate and manage technology you choose to deploy.

9ine company overview

9ine equips schools to stay safe, secure and compliant. We give schools access to all the expertise they need to meet their technology, cyber, data privacy, governance, risk & compliance needs - in one simple to use platform. For additional information, please visit www.9ine.com or follow us on LinkedIn @9ine.