Six effective steps schools can take to protect student privacy in the “image age”

Six effective steps schools can take to protect student privacy in the "image age"

Boys football

We live in the age of the image. Whether we like it or not a perfect digital storm created by the collision of smartphones and social media sees our children navigating their formative school years inside a hall of mirrors.

For parents this can provide a wonderful insight into our kids’ lives – every performance, sporting triumph or speech is easily captured, savoured and shared.

But for schools and other family-focused communities it poses a serious challenge. How can schools celebrate and build the community with images, while maintaining their duty of care to protect our kids’ precious privacy?

Here are six positive steps schools can take:

1. Stay up-to-date on privacy legislation

It’s crucial for schools to know their obligations under privacy law. You could forgive school boards, principals and administrators for feeling a little off balance in relation to privacy. Consider the tension between trying to steer clear of privacy pitfalls (to prevent inappropriate collections, for example) while also dealing with people fiercely attached to their own copyright. After all, anyone who takes a photo automatically owns the copyright to that photo and most photography in any public place (aside from the obvious breaches of the Criminal Code) or on private property with permission is legal.

The introduction in 2014 of the 13 Australian Privacy Principles (APPs) affirmed for many that photos and other images that identify a person are, indeed, personal information. Australian private schools and private tertiary institutions are covered by the APPs, while public schools and universities in the states and territories are required to apply the privacy laws in those jurisdictions. It all seems rather messy, but there are systems and processes schools can put in place to meet their obligations without turning a forest into an encyclopaedia of paper consent forms.

2. Provide a central private online image storage space

If your school has photos stored on various hard drives shared freely between administrators and teachers; these images are not secure.

If your school has photos stored ‘in the cloud’ on servers located in far-flung jurisdictions, owned by corporations that sell your data; these images are not secure (and this approach may breach Australian privacy laws in relation to off-shore data storage and processing).

Schools should provide a locally administered central online space, with strict data security protocols, where teachers, administrators, parents, children and friends can store, contribute and share photos, privately and securely. This is an essential step towards managing large digital media collections and building engagement in close-knit communities.

3. Look in to new technology

Digital asset management technology (DAM) has been around in the corporate world for years. A DAM uses permissions to enable multiple users to access and use media centrally and reduce the storage footprint of large files. However, like our brains, we tend to only use a small part of DAM capabilities.

It is also true that existing enterprise-level DAM solutions are simply too expensive, complex and difficult to use. In addition, most DAM solutions are designed to be inwardly-focused when schools and other family-focused organisations want to create an outward sense of belonging and stronger community through sharing.

It is now possible – with a significant amount of customisation – that DAM technology can be adapted to suit the specific needs of, say, a school community, and implemented at an affordable price so that the best of enterprise-level DAM capabilities is made available to other important communities beyond big corporates.

4. Explore artificial intelligence (AI)

AI technology is increasingly used in photo sharing and management applications. Most of us are familiar with auto-tagging to assist in photo retrieval, or even facial detection. Facial and pixel recognition can offer schools a large opportunity to identify and manage photos based on permissions. This technology is evolving quickly and there are learning technologies now available out there to explore. However, a proactive approach to privacy must remain an essential part of the mix.

5. Invest in private, local data centres

Storage costs are decreasing as the big storage providers like Dropbox, MS OneDrive, Google Drive and iCloud grow. However, the increasing cybersecurity and privacy concerns that come with these big providers pose a problem for schools. How far away is “too far” in relation to the secure storage and management of our kids’ images? School policies should demand to know the location, and under which legal jurisdiction, data is kept… If it’s not local, it’s risky.

6. Get smarter on dynamic privacy

The concept of access-based privacy is now well entrenched in photo sharing and photo management apps. Be careful though – an “on” or “off” approach to privacy is too simplistic. Schools should use dynamic privacy which allows images to be accessed according to different permission levels (where the permission levels can be changed by a student or their parents at any time). For example, view only access. Or view & print access with limited abilities to share or download. It also can provide a highly transparent audit trail to reduce breach risks via tracking and reporting.

Schools should also keep an eye on an emerging new privacy concept called the “digital handshake”.  The digital handshake creates personal privacy policies between community members and encourages mutual respect for privacy between family and friends.

***

We all understand that maintaining full control over our kids’ privacy may be close to impossible these days, but this shouldn’t mean we sit back and let our children inherit a future where no form of privacy is possible. Schools should take positive steps towards managing large digital media collections and building engagement in close-knit communities, while meeting their obligations under privacy laws.

What do you think? Can schools do more to protect students’ privacy? What barriers does your school or organisation face maintaining student privacy in the age of the image?