The data of all students in the country will be collected into a single IT system “My School”

The Ministry of Digital Development has begun work on consolidating student data in the regions into the federal “My School” system. In particular, passport data or birth certificates of students, identifiers of parents and teachers – document numbers and dates of birth – should be transferred there. This will ensure a uniform level of provision of electronic services across regions, the ministry expects. But experts warn of difficulties in integrating systems and the growing risk of leaks and system failures that will affect many regions at once.

“Kommersant” got acquainted with the draft order of the Ministry of Digital Development on information exchange between the federal state information system “My School” and regional educational institutions, posted on the portal of legal acts on March 13. Among the goals in the document is the formation of “digital portfolios” of students in schools, colleges and additional education organizations.

According to the project, for information interaction between systems, subjects of the Russian Federation will have to create “data showcases” that will ensure the collection and processing of information from regional systems. For example, we are talking about the details of a student’s birth certificate or passport, SNILS and account identifiers in the Unified Identification and Authentication System (USIA). The document states that the data of parents or legal representatives of the child and teachers of educational institutions should be open to the “My School” system.

The systems must ensure the exchange of data on the age, gender, date of birth and citizenship of students, parents and teachers, as well as the educational organization – details of the legal entity, full name and position of the head and other data. The draft specifies that some of the data will be “depersonalized.”

The Ministry of Digital Development explained to Kommersant that the unified data format “will make it possible to provide electronic services in the field of general, secondary vocational and additional education at an equally high level in all regions.”

The Federal State Information System (FSIS) “My School” was launched on January 1, 2023, and is used by teachers, students and their parents. The technological basis of the system was the Moscow Electronic School (MES, controlled by the Moscow Department of Information Technologies, DIT). It combines an electronic journal, an electronic diary, a teacher and student portfolio, and so on.

At the moment, regions can connect to the FSIS “My School” if they wish – this has already been done in Tatarstan and Tyumen. The Ministry of Education and DIT of Moscow did not answer Kommersant.

Kommersant’s interlocutor in the cybersecurity market clarified that the “depersonalization” process usually involves encrypting part of the data and linking the information not to the person’s real name, but to the code assigned to him. JSC Information Implementation Company (IVK, engaged in data protection) believes that information will be stored “in different places” – for example, by separating names and document numbers.

IVC Deputy Director for Research Valery Andreev notes that the state already has experience in integrating such systems. According to the expert, difficulties will arise at the level of the data classifier and its formats, including in the integration of cybersecurity systems, access models, etc.: “Each system has its own protection methods, user role models, its own password service and user directory. They need to be integrated within the framework of the overall information security model, so it’s easier to write a lot of things anew.”

The costs of integrating students’ personal data into a single system can be significant, says Anton Vorobyov, head of IT at K2Tech: “In addition to building data transfer mechanisms, it will be necessary to protect data transfer channels with certified equipment to meet regulatory requirements.”

Informzashita believes that well-constructed depersonalization can reduce information security risks, but “centralization of data in a single system creates one point of failure,” which will also affect the operation of the service in the regions if a failure occurs somewhere else.

Tatiana Isakova, Alexey Zhabin