Student records scattered across DU offices: Alarming threat to data security

At the University of Dhaka (DU), student records—both academic and personal—are being stored haphazardly across office verandas and corridors of the administrative building, raising serious concerns about data security and student privacy at the country’s premier higher education institution.

An on-site visit revealed thousands of sensitive documents tied with red strings, left in open spaces near Room 208 and adjacent corridors. These include students’ names, roll numbers, exam results, admission forms, transcripts, and other academic records, placed on open desks, old rusted cabinets, or near windows—highly vulnerable to being photographed or copied without authorization.

Experts warn that these documents clearly contain personal information of students from various academic years, constituting a grave breach of data protection protocols. Among the records are photocopies of national ID cards, exam mark sheets, and admission-related paperwork, all of which could be exploited for identity theft, university admission fraud, or other criminal activities.

Students themselves fear that such exposure of their personal data could lead to online or banking fraud, the use of fake certificates for employment or higher education, manipulation of academic records, and even blackmail.

Professor Dr. Mamun Ahmed, DU’s Pro-Vice Chancellor (Academic), told Views Bangladesh, “There is no justification for leaving these files scattered like this. It reflects gross negligence and irresponsibility on the part of the relevant administrative branches. Both the university’s reputation and student security are at stake.”

Registrar Munshi Shams Uddin Ahmed explained, “New files are submitted every day. Due to a lack of storage space, old and unnecessary files often end up in corridors or verandas. Eventually, these are sold off following government procedures.”

However, experts argue that selling files increases the risk of data leakage even further. The University Grants Commission (UGC) has repeatedly recommended secure digital archiving, but DU has yet to implement such systems. Insufficient training, lack of skilled personnel, and the absence of modern data management infrastructure have contributed to this situation.

In a notable incident in 2022, a fake student named Sajid Ul Kabir was discovered in the Department of Political Science after attending classes and taking exams for three years under someone else's identity. A poorly designed and easily accessible ID card system made this deception possible. There are also allegations that fake IDs are regularly used within the university to secure private tutoring opportunities.

Students point out that DU’s culture of data security remains fragile and continues to rely heavily on outdated paper-based systems. For instance, even though library borrower cards have been introduced, their usage is limited and they have not replaced traditional student IDs.

Masud Alam, Deputy Commissioner of the Ramna Zone, Dhaka Metropolitan Police (DMP), said “Students build their academic futures at a national institution. Such negligence is a betrayal of their trust. Under the Data Protection Act, this is a serious offense and could expose the university to potential legal action.”