Student data privacy is emerging as a serious concern for families across India, especially when children enter higher classes and suddenly become targets of aggressive marketing calls. What starts as an occasional enquiry quickly turns into a flood of unsolicited calls promising coaching, counselling, career guidance and “exclusive deals” — all directed at minors who never shared their information in the first place.

In Vasai–Virar and across India, thousands of parents face this exact situation every academic year. The central question is troubling yet important:
How are coaching centres getting access to detailed student information without consent?

This problem is not just irritating — it raises legal, ethical and safety risks that every parent should understand.

Student Data Privacy Breach Begins Early

Most parents notice something unusual the moment their child reaches Class 9 or 10. Calls start coming in from coaching centres that know:

  • The child’s full name
  • The class or grade
  • The education board (CBSE, ICSE, State Board)
  • The school location
  • Sometimes even academic performance

This level of detail clearly indicates a student data privacy breach. And many parents, understandably, wonder how minors’ personal data is circulating so freely.

A Real Experience That Exposes the Problem

Recently, a parent received a call from a well-known educational institution. The representative confidently referenced the child’s class level, mentioned the academic board and immediately began promoting options for coaching.

The parent’s obvious question was simple:
“Where did you get this information?”

The response?
A vague, dismissive explanation — “We received it from marketing guys.”

The conversation quickly shifted when the parent stated that:

  • The call was being recorded
  • They required clarity about the source of the data
  • They might go public with the issue

This one interaction revealed a disturbing truth:
Student data is being circulated without consent, transparency or accountability.

And this is not an isolated case. It’s a nationwide issue.

7 Shocking Sources Behind Student Data Privacy Breaches

There is no single source of data leakage. Instead, student information trickles out through a mix of formal, informal and outright illegal channels. Below are the seven most common ones.

1. School-Level Data Leakage

Despite guidelines, many schools still indirectly or unofficially share student data. This may happen through:

  • Partnerships with coaching institutes
  • Third-party vendors for admin or marketing
  • Staff members quietly sharing databases
  • Onboarding agencies handling school admissions

While schools are required to secure student data privacy, unofficial access still occurs. Even a small leak can feed enormous databases used by coaching brands.

2. Exam and Board Registration Networks

Boards such as ICSE, CBSE and state boards do not publish personal contact details. However, coaching centres often gain indirect access through:

  • Form-filling centres
  • Offline vendors assisting with registration
  • Printing partners
  • Exam facilitation bureaux
  • Educational middlemen

Even though exam boards do not intentionally share data, these surrounding networks often contribute to privacy leaks.

3. Illegal Third-Party Data Brokers

There exists a thriving market for student data. Brokers illegally sell:

  • Student lists
  • Parent mobile numbers
  • School names
  • Class details
  • Address clusters

Marketing companies, coaching chains and local tuition centres freely purchase these lists. The practice is unethical and mostly illegal, but continues because parents rarely report the issue.

4. Online Forms, Apps and “Free Demos”

Many parents unintentionally share data through:

  • Olympiad registrations
  • Scholarship tests
  • Free demo classes
  • Education fairs
  • Learning apps
  • “Career aptitude” quizzes
  • Websites offering free notes or exams

The problem?
These platforms often hide data-sharing permissions inside long Terms & Conditions. Once you click “Submit,” your contact details may be sold to dozens of partner companies.

This is one of the biggest contributors to student data privacy violations.

5. Peer Referrals and Classroom Mapping

Coaching centres often:

  • Ask current students to refer classmates
  • Map entire neighbourhoods by door-to-door surveys
  • Track school bus routes
  • Analyse WhatsApp parent groups
  • Gather school-wise batches for targeted marketing

These informal networks are not regulated, yet they contribute significantly to data leakage.

6. Local Vendors and Service Providers

Sometimes, data leaks from unexpected places:

  • Uniform shops
  • Stationery stores
  • Textbook vendors
  • Local tuition teachers
  • School transport providers

Even basic conversations like “Which class is your child in?” help build profiles — later sold to marketers.

7. Digital Personal Data Protection Law Violations

Under the Digital Personal Data Protection (DPDP) Act, 2023:

  • Minor data cannot be collected without parental consent
  • Personal data cannot be shared or sold
  • Organisations must disclose why data is collected
  • Unauthorised data sharing is punishable
  • Misuse of children’s data is a legal offence

Yet, thousands of coaching centres continue violating student data privacy laws daily.

Why Student Data Privacy Violations Are Dangerous

When minor data falls into the wrong hands, the risks multiply:

  • Harassment — repeated sales calls
  • Phishing scams — fake exam forms, scholarship fraud
  • Predatory behaviour — targeted messaging
  • Identity misuse — fake admissions or impersonation
  • Emotional pressure — pushing unnecessary coaching
  • Stress for parents — nonstop persuasion and manipulation

A child’s data is not “marketing material.”
It is sensitive personal information protected by law.

How Parents Can Act Immediately

Here are essential steps every parent should follow to protect student data privacy.

1. Ask the Caller Directly

Demand transparency using a simple legal question:

“Under the DPDP Act, please disclose how you obtained my child’s data.”

This question usually ends the call instantly because most telemarketers know they are violating the law.

2. Never Confirm Details

Even casual answers like:

  • “Yes, CBSE”
  • “Yes, Class 10”
  • “Yes, preparing for NEET”

… help them enrich your child’s profile. Avoid engaging.

3. Activate DND

Send SMS ‘START 1909’ to reduce telemarketing calls.

4. File Complaints Through Official Channels

Always attach screenshots, numbers and call logs.

5. Question Your School Administration

Ask the school:

  • “Who has access to my child’s data?”
  • “Is any third-party vendor involved in data handling?”
  • “Do you share student information with coaching partners?”
  • “What is your data protection policy?”

Schools must provide clarity and follow DPDP guidelines.

Should Parents Go Public With Evidence?

Many parents collect:

  • Call recordings
  • Phone numbers
  • Marketing pitches
  • Screenshots

While publishing such details may feel empowering, it comes with risks:

  • Possible legal pushback (defamation claims)
  • Online conflict
  • Personal exposure
  • Unwanted attention

It is safer and more effective to file complaints through official authorities instead of social media.

The Bigger Picture — A Broken System

India’s coaching industry is enormous, especially for students in:

  • Classes 9–12
  • JEE/NEET aspirants
  • Competitive exam streams

Unfortunately, this industry thrives on student data privacy violations. Data is purchased, traded, redistributed and resold to maximise marketing reach.

What India needs:

  • Strict enforcement of DPDP rules
  • Transparent school policies
  • Parental awareness
  • Digital literacy campaigns
  • Clear accountability for vendors and partners

This issue cannot be solved unless all stakeholders take it seriously.

Final Thought — Every Parent Can Make a Difference

This problem is not just about unwanted calls.
It is about the privacy, dignity and safety of minors.

When one parent demands accountability, asks hard questions and refuses to engage without transparency, it sets an example for thousands of others.

Protecting children’s information is not optional.
It is a legal obligation — and a moral responsibility.

If every parent takes small steps, the system will be forced to change.