Private eyes: Parents, schools and the trouble with photos

Private eyes: Parents, schools and the trouble with photos

Private eyes: Parents, schools and the trouble with photos

Color photo of a surprised six year old girl student with a look of shock.

Recently a friend of mine fell out of favour with some of the parents at her daughter’s school. There was a moment of standing toe-to-toe in the playground, supporters evenly divided, before she was able to elicit a promise from the parent in question to “remove my child’s photos” from a recent social media post.

Let’s set the scene: we’re on a school excursion to the museum. Parent “helpers” are invited along as part of the containment strategy for the bouncing, giggling, sticky-fingered packs of eager first graders. The museum guides are guiding. The teachers are teaching. And the parents… they are taking photos of the whole event on their smart phones.

In the evening, after the kids are tucked into bed, the parents scroll through their favourite photos from the museum trip… and post the best of them (i.e., the ones involving their kids looking studious and adorable) to social media for friends, family, and other school families in their circle to see.

The next morning at school drop-off, my friend hears a chuckled comment from a parent she barely knows about a photo of her daughter circulating on social media – she with her delighted gappy-toothed grin after accidentally soaking herself at the museum’s water fountain. Say what?! You know the rest…

In this case, there wasn’t a concern about child or family safety – like in instances where details gleaned from a photo can place a child or their family at risk of domestic violence. My friend was just concerned about privacy; particularly, that the happy-snapping parent hadn’t asked her first before placing her daughter’s photo online for the wider (and unknown to her) community to see.

The photos were taken on a school excursion, during school hours, capturing school kids doing school-related things. Schools are supposed to have policies and procedures relating to when, how and with-what-restrictions photos are taken and published of children in their care. Indeed, my friend had clearly stated to the school (on the requisite “media usage consent form”) that her daughter’s photos must never be published on the school’s website or social media feeds.

But here’s the thing: when it’s not the school taking the photos, and it’s not the school’s social media feeds we are talking about, the rules (and, indeed, individual sensitivities about when it is appropriate to be photographing kids) are muddied a bit. I would argue, however, that schools have a continued role to play in 1. ensuring the privacy of their students and 2. ensuring that parents have good information at their disposal to help them make responsible decisions when dealing with photos of kids.

When it’s “on their watch”, schools must be vigilant about upholding privacy obligations around the taking and publishing of images of children:

Photos that identify (or could lead to the identification of) children are ‘personal information’ under Australian privacy law – not just the Commonwealth Privacy Act 1988 (to which private schools are bound), but also State and Territory privacy laws (which regulate the personal information handling practices of public, state-funded schools). This means that there are rules attached to how images of children are handled and that schools risk breaching student privacy if they fail to follow those rules.

Applying rules

Many schools have access to clear policy and procedural advice, as long as they know where to find it. In Victoria, for example, the Department of Education supplies policy advice around image privacy for state schools, with bodies such as Independent Schools Victoria providing similar guidance to the independent school sector. There is also directly-from-the-horse’s-mouth guidance available from the various privacy regulators.

Where parents or other community members are recruited to help during school events, the school’s attention to privacy requirements mustn’t slip. Schools should actively communicate to the P&C Association, other volunteer groups, on-site after school care providers and parents exactly what the school’s expectations are in relation to the taking, keeping/storing, using and publication of photos.

In my friend’s case, perhaps a pre-excursion reminder bulletin (or even a quiet word) to all parent “helpers” about the school’s policy for taking photos would have prevented the uncomfortable playground exchange the next day. Equally important, the same reminder bulletin would have clearly demonstrated the school’s awareness of, and commitment to, its privacy obligations when conducting on- and off-campus student events.

In today’s technology-driven world, schools could also consider implementing automated systems where photos of students are gathered and managed in one secure place and subject to the specific consents (or restrictions) parents have placed on what happens to the images of their children. Before doing this, however, the school should check the privacy credentials of the technology or platform they choose.

In my friend’s case, and in conjunction with the pre-excursion reminder bulletin about privacy… if the school had a process whereby all parent “helpers” could supply/ upload the photos they had taken at the museum directly to the school, then the school would have had the ability to manage those photos in accordance with the school’s media usage policy.

Schools should spend time educating parents and community members

No matter what the schools do at school, there is still a need to address the extent to which parents should post photos of their kids (and other people’s kids!) online. Schools have more resources at their disposal than just their own local policies and procedures; and, where appropriate, they should use them to help educate their community.

From time to time, concise and well-packaged information becomes available through Australian Government websites in relation to posting images of children and young people online – see, for example, the Office of the eSafety Commissioner or the Australian Institute of Family Studies. Similarly, Australia’s mainstream news media may publish a useful article about privacy that touches on the key messages parents ought to receive.

A well-placed regular link in the school’s newsletter may be just what’s needed to get parents talking about when it is (or isn’t) cool to post the photos of children online.

I’d like to thank my colleague – Nicole Stephensen – for her help with unpacking the privacy rules. If you would like to discuss this topic further, please feel free to connect with me here on LinkedIn.

How schools can stop the data breaches

How schools can stop the data breaches

How schools can stop the data breaches

Concept of fear with businessman like an ostrich

Did you know over 80% of data breaches in Australia this year occurred in the education sector? I didn’t either until I asked a member of my team to conduct some quick research of our own, and of the 6 publicised data breaches in Australia between January and July this year 5 breaches occurred in the education sector (NB: In the same period, there were roughly 186 breaches in the education sector published globally). Now, that’s either very unlucky or Australia’s education sector needs to address some serious privacy and data security shortcomings. I expect that we may see those numbers climb next year when mandatory reporting of notifiable data breaches in Australia comes into effect.

Our schools have it tough

I turned to the latest Deloitte ‘Australian Privacy Index 2017’ report. The report’s sub-title really made sense to me, “Trust starts from within.” The report’s core recommendation was to ensure sectors educate and train all their staff on privacy. Guess which sector landed last in the “meet Australian consumer expectations” and “exhibited good privacy practice” stakes? Yep, you guessed it, education. In 2016 education was ranked 6 out of 11 sectors. This year it dropped dramatically to the last place. Five years ago, no one really heard much about data breaches, but now it seems that overnight the education sector has become a key target (probably second only to healthcare). It makes sense that schools are a ripe target for those seeking to misuse personal information… just as it makes sense that, with the myriad responsibilities placed on school administrative staff and systems, some personal information could be inadvertently compromised. Just think of all the sensitive data and personal information that schools are responsible for; they retain banking information, medical histories and photos of your children to name just a few.  And with Australian schools under pressure to innovate, they are struggling to balance the overwhelming array of new learning technology offerings from 3rd parties (if you attended the latest EduTech Conference in Sydney in May you would have noticed this) with the growing demands of privacy regulation, while simultaneously dealing with the reality of reduced funding and resources. New ‘privacy & technology’ issues must be an overwhelming headache for many school Principals and Boards right now.

How to make tech and privacy work better in our schools.

Now is the perfect time for school Principals and Boards to take a closer look at privacy. So, what should schools do?

Firstly, school principals can’t just stick their heads in the sand. Technologies will continue to demand more access to our lives, and schools will continue to feel the pressure to remain internationally competitive and produce world-class students. It’s time to face facts. The movement toward digitisation of our schools will continue, and some of the technologies we employ will require more than a cursory understanding of privacy and security issues.

Principals should take the next step and audit their current digital footprint. If their digital service providers are locally-based, secure and specifically engineered with privacy in mind then they get three ticks. Anything less and the school should seriously consider looking at alternatives.

Then they should go deeper:

  • Does the school have someone in management who is responsible for privacy and (if it becomes necessary) the handling of personal data breaches?
  • Do all staff understand what personal information is? For instance, do they know that images of students are generally considered “personal information” under Australian privacy law?
  • Does the school offer meaningful privacy training to all staff?
  • Do external contracts entered into by the school for the onboarding of new technologies contain relevant obligations in relation to the protection of personal information?

Addressing these questions will help place much-needed attention on privacy, educate schools about the potential privacy pitfalls they are facing, and encourage schools to explore technologies that offer a holistic approach to privacy.

It’s quite right to suggest, as many recently have, that using external third-party technologies in schools can be harmful to privacy and data ownership. But schools should also know that not all third-party technologies are equal when it comes to privacy. Companies like LearningField and Kinvolved are beginning to combine innovative technology with robust privacy measures to provide schools with real, tangible solutions. I am hopeful that these solutions will assist schools as the Australian Government gets tougher on privacy and data protection regulation.

My personal belief – yes some may say it’s outdated or naive – is that the core values of trust and mutual respect are still heavily present in society. That protecting the digital legacy of our children is still of utmost importance to us all and, as parents, if we were given the opportunity to be part of a technology platform that championed and nurtured a universal culture of trust and respect at schools, we’d take it!

I can’t deny that taking the privacy high road in business has been a long, hard slog in this new digital landscape, but maintaining the right of our consumers to privacy must remain front and centre of any business. Together, we can build a safer, more secure and protected online space for our children, and our children’s children. We can make a difference if we unite and tell our schools “Privacy matters to us, and to our children”.

How to protect your child’s digital identity: 5 simple suggestions

How to protect your child’s digital identity: 5 simple suggestions

How to protect your child's digital identity: 5 simple suggestions

Father and son using Virtual Reality glasses sitting outside. Stock Photo. Creative Content Brief 603438805

One of the main reasons I started my own digital business over 5 years ago was because I was increasingly concerned about the impact social media would directly have on my young daughter. The dilemma was that although I wanted her to enjoy the positive aspects of developing a digital identity – connecting with friends, enjoying Minecraft and Roblox, and expressing herself creatively – I also wanted to protect her from the obvious downsides and protect her privacy.

I’ve been working in the digital space for nearly 2 decades now and the proliferation of social media – as well as its darker side created from the technology itself, or the person driving it – has come as no surprise. That is why I’ve been spending many years recently building a business around digital privacy. Yet, recently there has been a lot more awareness of this topic in the news, online and even on social media channels. Only this week, we received another warning about protecting children’s safety on a popular app (which legally they shouldn’t be on anyway).

So I am feeling now might be a good time to share what I’ve learned with other parents who are wanting to prepare themselves and their kids for this permanent digital extension of the real world – and yes, the digital world is not going away, if anything we need to teach kids how to become good digital citizens so they can hopefully thrive and build a better world in the future, online.

Here are my top suggestions:

  1. Get your head out of the sand.

Digital media is not going away. Your social media ‘Dad joke’ about how you couldn’t care less about looking at pictures of what people are having for lunch isn’t funny anymore (hint: it was never funny). You need to stop thinking about digital media as an addition to your children’s life and start developing their DQ, preparing them for the new reality where digital media is everywhere in the online or offline world.

Alternatively you could move to the sticks like Captain Fantastic – but in Australia keep in mind there are drop bears out there!.

  1. Understand what motivates your child to be online

Your child’s strong desire to engage online is increasingly a topic of academic enquiry.  The current thinking is children are motivated by a desire to fit in with their peers, but other aspects such as exploration of content to fill in spare time and the feeling of having freedom, have also been identified as key motivators.  Charities are also now encouraging families to talk more often to their children about their online lives.

  1. Get smart on what social media channels are popular.

How can you guide your son or daughter’s SnapChat use if you don’t know how to use SnapChat or even what it is? Finally solve the mystery of why your son or daughter is talking in that weird American accent. Do some research on what social media channels are popular. There are many lists out there like this one. Next, find out what’s appropriate for your child to have access to at their age (see the Australian Government eSafety Commission recommendations). Finally, educate them on why they shouldn’t use certain other channels right now. Together select a couple of age-appropriate social media channels they can use (that you can also follow) and together start to build a simple online profile of your child, making sure you default to the strictest privacy settings and that geolocation is switched off.

  1. Find an alternate safe online place

Your child needs a space they can store and share more private and precious content with their close friends. Search for online apps that have been specifically designed with privacy in mind. Either they’ve been developed using the ‘privacy by design’ approach and partnered with reputable organisations and parents, like pixevety, or are aimed at providing kids with a parent-monitored “social media training wheels” experience like KUDOS or GeckoLife. Remember free is not free. Majority of social media providers are in it for the money and monetisation of social media platforms often comes at the expense of your privacy.

  1. A simple checklist of do’s and don’ts online

A simple checklist will help them understand which channels or audiences is best for sharing different type of content. Ensure they’re aware of stranger danger and which sites are deemed “safer sites”. Teach them that online is forever. Give them real-life examples of how people have missed out on opportunities, put themselves at risk, or suffered a blow to their reputation as a result of online behaviour.

While we’re at it, give yourself some do’s and don’ts. Set a good example for your kids. Be transparent, ask for their consent whenever you want to share a photo or video of them online. Talk to your kids about what you’re doing online, the choices you’re making on social media, and why. Get off your phone once in a while!

Don’t let your kids be a social media statistic. A little early education and intervention can prevent a whole heap of heartache and issues down the track.

Let me know what your thoughts are on this.