Private eyes: Parents, schools and the trouble with photos

Private eyes: Parents, schools and the trouble with photos

Private eyes: Parents, schools and the trouble with photos

Color photo of a surprised six year old girl student with a look of shock.

Recently a friend of mine fell out of favour with some of the parents at her daughter’s school. There was a moment of standing toe-to-toe in the playground, supporters evenly divided, before she was able to elicit a promise from the parent in question to “remove my child’s photos” from a recent social media post.

Let’s set the scene: we’re on a school excursion to the museum. Parent “helpers” are invited along as part of the containment strategy for the bouncing, giggling, sticky-fingered packs of eager first graders. The museum guides are guiding. The teachers are teaching. And the parents… they are taking photos of the whole event on their smart phones.

In the evening, after the kids are tucked into bed, the parents scroll through their favourite photos from the museum trip… and post the best of them (i.e., the ones involving their kids looking studious and adorable) to social media for friends, family, and other school families in their circle to see.

The next morning at school drop-off, my friend hears a chuckled comment from a parent she barely knows about a photo of her daughter circulating on social media – she with her delighted gappy-toothed grin after accidentally soaking herself at the museum’s water fountain. Say what?! You know the rest…

In this case, there wasn’t a concern about child or family safety – like in instances where details gleaned from a photo can place a child or their family at risk of domestic violence. My friend was just concerned about privacy; particularly, that the happy-snapping parent hadn’t asked her first before placing her daughter’s photo online for the wider (and unknown to her) community to see.

The photos were taken on a school excursion, during school hours, capturing school kids doing school-related things. Schools are supposed to have policies and procedures relating to when, how and with-what-restrictions photos are taken and published of children in their care. Indeed, my friend had clearly stated to the school (on the requisite “media usage consent form”) that her daughter’s photos must never be published on the school’s website or social media feeds.

But here’s the thing: when it’s not the school taking the photos, and it’s not the school’s social media feeds we are talking about, the rules (and, indeed, individual sensitivities about when it is appropriate to be photographing kids) are muddied a bit. I would argue, however, that schools have a continued role to play in 1. ensuring the privacy of their students and 2. ensuring that parents have good information at their disposal to help them make responsible decisions when dealing with photos of kids.

When it’s “on their watch”, schools must be vigilant about upholding privacy obligations around the taking and publishing of images of children:

Photos that identify (or could lead to the identification of) children are ‘personal information’ under Australian privacy law – not just the Commonwealth Privacy Act 1988 (to which private schools are bound), but also State and Territory privacy laws (which regulate the personal information handling practices of public, state-funded schools). This means that there are rules attached to how images of children are handled and that schools risk breaching student privacy if they fail to follow those rules.

Applying rules

Many schools have access to clear policy and procedural advice, as long as they know where to find it. In Victoria, for example, the Department of Education supplies policy advice around image privacy for state schools, with bodies such as Independent Schools Victoria providing similar guidance to the independent school sector. There is also directly-from-the-horse’s-mouth guidance available from the various privacy regulators.

Where parents or other community members are recruited to help during school events, the school’s attention to privacy requirements mustn’t slip. Schools should actively communicate to the P&C Association, other volunteer groups, on-site after school care providers and parents exactly what the school’s expectations are in relation to the taking, keeping/storing, using and publication of photos.

In my friend’s case, perhaps a pre-excursion reminder bulletin (or even a quiet word) to all parent “helpers” about the school’s policy for taking photos would have prevented the uncomfortable playground exchange the next day. Equally important, the same reminder bulletin would have clearly demonstrated the school’s awareness of, and commitment to, its privacy obligations when conducting on- and off-campus student events.

In today’s technology-driven world, schools could also consider implementing automated systems where photos of students are gathered and managed in one secure place and subject to the specific consents (or restrictions) parents have placed on what happens to the images of their children. Before doing this, however, the school should check the privacy credentials of the technology or platform they choose.

In my friend’s case, and in conjunction with the pre-excursion reminder bulletin about privacy… if the school had a process whereby all parent “helpers” could supply/ upload the photos they had taken at the museum directly to the school, then the school would have had the ability to manage those photos in accordance with the school’s media usage policy.

Schools should spend time educating parents and community members

No matter what the schools do at school, there is still a need to address the extent to which parents should post photos of their kids (and other people’s kids!) online. Schools have more resources at their disposal than just their own local policies and procedures; and, where appropriate, they should use them to help educate their community.

From time to time, concise and well-packaged information becomes available through Australian Government websites in relation to posting images of children and young people online – see, for example, the Office of the eSafety Commissioner or the Australian Institute of Family Studies. Similarly, Australia’s mainstream news media may publish a useful article about privacy that touches on the key messages parents ought to receive.

A well-placed regular link in the school’s newsletter may be just what’s needed to get parents talking about when it is (or isn’t) cool to post the photos of children online.

I’d like to thank my colleague – Nicole Stephensen – for her help with unpacking the privacy rules. If you would like to discuss this topic further, please feel free to connect with me here on LinkedIn.

How schools can stop the data breaches

How schools can stop the data breaches

How schools can stop the data breaches

Concept of fear with businessman like an ostrich

Did you know over 80% of data breaches in Australia this year occurred in the education sector? I didn’t either until I asked a member of my team to conduct some quick research of our own, and of the 6 publicised data breaches in Australia between January and July this year 5 breaches occurred in the education sector (NB: In the same period, there were roughly 186 breaches in the education sector published globally). Now, that’s either very unlucky or Australia’s education sector needs to address some serious privacy and data security shortcomings. I expect that we may see those numbers climb next year when mandatory reporting of notifiable data breaches in Australia comes into effect.

Our schools have it tough

I turned to the latest Deloitte ‘Australian Privacy Index 2017’ report. The report’s sub-title really made sense to me, “Trust starts from within.” The report’s core recommendation was to ensure sectors educate and train all their staff on privacy. Guess which sector landed last in the “meet Australian consumer expectations” and “exhibited good privacy practice” stakes? Yep, you guessed it, education. In 2016 education was ranked 6 out of 11 sectors. This year it dropped dramatically to the last place. Five years ago, no one really heard much about data breaches, but now it seems that overnight the education sector has become a key target (probably second only to healthcare). It makes sense that schools are a ripe target for those seeking to misuse personal information… just as it makes sense that, with the myriad responsibilities placed on school administrative staff and systems, some personal information could be inadvertently compromised. Just think of all the sensitive data and personal information that schools are responsible for; they retain banking information, medical histories and photos of your children to name just a few.  And with Australian schools under pressure to innovate, they are struggling to balance the overwhelming array of new learning technology offerings from 3rd parties (if you attended the latest EduTech Conference in Sydney in May you would have noticed this) with the growing demands of privacy regulation, while simultaneously dealing with the reality of reduced funding and resources. New ‘privacy & technology’ issues must be an overwhelming headache for many school Principals and Boards right now.

How to make tech and privacy work better in our schools.

Now is the perfect time for school Principals and Boards to take a closer look at privacy. So, what should schools do?

Firstly, school principals can’t just stick their heads in the sand. Technologies will continue to demand more access to our lives, and schools will continue to feel the pressure to remain internationally competitive and produce world-class students. It’s time to face facts. The movement toward digitisation of our schools will continue, and some of the technologies we employ will require more than a cursory understanding of privacy and security issues.

Principals should take the next step and audit their current digital footprint. If their digital service providers are locally-based, secure and specifically engineered with privacy in mind then they get three ticks. Anything less and the school should seriously consider looking at alternatives.

Then they should go deeper:

  • Does the school have someone in management who is responsible for privacy and (if it becomes necessary) the handling of personal data breaches?
  • Do all staff understand what personal information is? For instance, do they know that images of students are generally considered “personal information” under Australian privacy law?
  • Does the school offer meaningful privacy training to all staff?
  • Do external contracts entered into by the school for the onboarding of new technologies contain relevant obligations in relation to the protection of personal information?

Addressing these questions will help place much-needed attention on privacy, educate schools about the potential privacy pitfalls they are facing, and encourage schools to explore technologies that offer a holistic approach to privacy.

It’s quite right to suggest, as many recently have, that using external third-party technologies in schools can be harmful to privacy and data ownership. But schools should also know that not all third-party technologies are equal when it comes to privacy. Companies like LearningField and Kinvolved are beginning to combine innovative technology with robust privacy measures to provide schools with real, tangible solutions. I am hopeful that these solutions will assist schools as the Australian Government gets tougher on privacy and data protection regulation.

My personal belief – yes some may say it’s outdated or naive – is that the core values of trust and mutual respect are still heavily present in society. That protecting the digital legacy of our children is still of utmost importance to us all and, as parents, if we were given the opportunity to be part of a technology platform that championed and nurtured a universal culture of trust and respect at schools, we’d take it!

I can’t deny that taking the privacy high road in business has been a long, hard slog in this new digital landscape, but maintaining the right of our consumers to privacy must remain front and centre of any business. Together, we can build a safer, more secure and protected online space for our children, and our children’s children. We can make a difference if we unite and tell our schools “Privacy matters to us, and to our children”.

How to protect your child’s digital identity: 5 simple suggestions

How to protect your child’s digital identity: 5 simple suggestions

How to protect your child's digital identity: 5 simple suggestions

Father and son using Virtual Reality glasses sitting outside. Stock Photo. Creative Content Brief 603438805

One of the main reasons I started my own digital business over 5 years ago was because I was increasingly concerned about the impact social media would directly have on my young daughter. The dilemma was that although I wanted her to enjoy the positive aspects of developing a digital identity – connecting with friends, enjoying Minecraft and Roblox, and expressing herself creatively – I also wanted to protect her from the obvious downsides and protect her privacy.

I’ve been working in the digital space for nearly 2 decades now and the proliferation of social media – as well as its darker side created from the technology itself, or the person driving it – has come as no surprise. That is why I’ve been spending many years recently building a business around digital privacy. Yet, recently there has been a lot more awareness of this topic in the news, online and even on social media channels. Only this week, we received another warning about protecting children’s safety on a popular app (which legally they shouldn’t be on anyway).

So I am feeling now might be a good time to share what I’ve learned with other parents who are wanting to prepare themselves and their kids for this permanent digital extension of the real world – and yes, the digital world is not going away, if anything we need to teach kids how to become good digital citizens so they can hopefully thrive and build a better world in the future, online.

Here are my top suggestions:

  1. Get your head out of the sand.

Digital media is not going away. Your social media ‘Dad joke’ about how you couldn’t care less about looking at pictures of what people are having for lunch isn’t funny anymore (hint: it was never funny). You need to stop thinking about digital media as an addition to your children’s life and start developing their DQ, preparing them for the new reality where digital media is everywhere in the online or offline world.

Alternatively you could move to the sticks like Captain Fantastic – but in Australia keep in mind there are drop bears out there!.

  1. Understand what motivates your child to be online

Your child’s strong desire to engage online is increasingly a topic of academic enquiry.  The current thinking is children are motivated by a desire to fit in with their peers, but other aspects such as exploration of content to fill in spare time and the feeling of having freedom, have also been identified as key motivators.  Charities are also now encouraging families to talk more often to their children about their online lives.

  1. Get smart on what social media channels are popular.

How can you guide your son or daughter’s SnapChat use if you don’t know how to use SnapChat or even what it is? Finally solve the mystery of why your son or daughter is talking in that weird American accent. Do some research on what social media channels are popular. There are many lists out there like this one. Next, find out what’s appropriate for your child to have access to at their age (see the Australian Government eSafety Commission recommendations). Finally, educate them on why they shouldn’t use certain other channels right now. Together select a couple of age-appropriate social media channels they can use (that you can also follow) and together start to build a simple online profile of your child, making sure you default to the strictest privacy settings and that geolocation is switched off.

  1. Find an alternate safe online place

Your child needs a space they can store and share more private and precious content with their close friends. Search for online apps that have been specifically designed with privacy in mind. Either they’ve been developed using the ‘privacy by design’ approach and partnered with reputable organisations and parents, like pixevety, or are aimed at providing kids with a parent-monitored “social media training wheels” experience like KUDOS or GeckoLife. Remember free is not free. Majority of social media providers are in it for the money and monetisation of social media platforms often comes at the expense of your privacy.

  1. A simple checklist of do’s and don’ts online

A simple checklist will help them understand which channels or audiences is best for sharing different type of content. Ensure they’re aware of stranger danger and which sites are deemed “safer sites”. Teach them that online is forever. Give them real-life examples of how people have missed out on opportunities, put themselves at risk, or suffered a blow to their reputation as a result of online behaviour.

While we’re at it, give yourself some do’s and don’ts. Set a good example for your kids. Be transparent, ask for their consent whenever you want to share a photo or video of them online. Talk to your kids about what you’re doing online, the choices you’re making on social media, and why. Get off your phone once in a while!

Don’t let your kids be a social media statistic. A little early education and intervention can prevent a whole heap of heartache and issues down the track.

Let me know what your thoughts are on this.

Six effective steps schools can take to protect student privacy in the “image age”

Six effective steps schools can take to protect student privacy in the “image age”

Six effective steps schools can take to protect student privacy in the "image age"

Boys football

We live in the age of the image. Whether we like it or not a perfect digital storm created by the collision of smartphones and social media sees our children navigating their formative school years inside a hall of mirrors.

For parents this can provide a wonderful insight into our kids’ lives – every performance, sporting triumph or speech is easily captured, savoured and shared.

But for schools and other family-focused communities it poses a serious challenge. How can schools celebrate and build the community with images, while maintaining their duty of care to protect our kids’ precious privacy?

Here are six positive steps schools can take:

1. Stay up-to-date on privacy legislation

It’s crucial for schools to know their obligations under privacy law. You could forgive school boards, principals and administrators for feeling a little off balance in relation to privacy. Consider the tension between trying to steer clear of privacy pitfalls (to prevent inappropriate collections, for example) while also dealing with people fiercely attached to their own copyright. After all, anyone who takes a photo automatically owns the copyright to that photo and most photography in any public place (aside from the obvious breaches of the Criminal Code) or on private property with permission is legal.

The introduction in 2014 of the 13 Australian Privacy Principles (APPs) affirmed for many that photos and other images that identify a person are, indeed, personal information. Australian private schools and private tertiary institutions are covered by the APPs, while public schools and universities in the states and territories are required to apply the privacy laws in those jurisdictions. It all seems rather messy, but there are systems and processes schools can put in place to meet their obligations without turning a forest into an encyclopaedia of paper consent forms.

2. Provide a central private online image storage space

If your school has photos stored on various hard drives shared freely between administrators and teachers; these images are not secure.

If your school has photos stored ‘in the cloud’ on servers located in far-flung jurisdictions, owned by corporations that sell your data; these images are not secure (and this approach may breach Australian privacy laws in relation to off-shore data storage and processing).

Schools should provide a locally administered central online space, with strict data security protocols, where teachers, administrators, parents, children and friends can store, contribute and share photos, privately and securely. This is an essential step towards managing large digital media collections and building engagement in close-knit communities.

3. Look in to new technology

Digital asset management technology (DAM) has been around in the corporate world for years. A DAM uses permissions to enable multiple users to access and use media centrally and reduce the storage footprint of large files. However, like our brains, we tend to only use a small part of DAM capabilities.

It is also true that existing enterprise-level DAM solutions are simply too expensive, complex and difficult to use. In addition, most DAM solutions are designed to be inwardly-focused when schools and other family-focused organisations want to create an outward sense of belonging and stronger community through sharing.

It is now possible – with a significant amount of customisation – that DAM technology can be adapted to suit the specific needs of, say, a school community, and implemented at an affordable price so that the best of enterprise-level DAM capabilities is made available to other important communities beyond big corporates.

4. Explore artificial intelligence (AI)

AI technology is increasingly used in photo sharing and management applications. Most of us are familiar with auto-tagging to assist in photo retrieval, or even facial detection. Facial and pixel recognition can offer schools a large opportunity to identify and manage photos based on permissions. This technology is evolving quickly and there are learning technologies now available out there to explore. However, a proactive approach to privacy must remain an essential part of the mix.

5. Invest in private, local data centres

Storage costs are decreasing as the big storage providers like Dropbox, MS OneDrive, Google Drive and iCloud grow. However, the increasing cybersecurity and privacy concerns that come with these big providers pose a problem for schools. How far away is “too far” in relation to the secure storage and management of our kids’ images? School policies should demand to know the location, and under which legal jurisdiction, data is kept… If it’s not local, it’s risky.

6. Get smarter on dynamic privacy

The concept of access-based privacy is now well entrenched in photo sharing and photo management apps. Be careful though – an “on” or “off” approach to privacy is too simplistic. Schools should use dynamic privacy which allows images to be accessed according to different permission levels (where the permission levels can be changed by a student or their parents at any time). For example, view only access. Or view & print access with limited abilities to share or download. It also can provide a highly transparent audit trail to reduce breach risks via tracking and reporting.

Schools should also keep an eye on an emerging new privacy concept called the “digital handshake”.  The digital handshake creates personal privacy policies between community members and encourages mutual respect for privacy between family and friends.

***

We all understand that maintaining full control over our kids’ privacy may be close to impossible these days, but this shouldn’t mean we sit back and let our children inherit a future where no form of privacy is possible. Schools should take positive steps towards managing large digital media collections and building engagement in close-knit communities, while meeting their obligations under privacy laws.

What do you think? Can schools do more to protect students’ privacy? What barriers does your school or organisation face maintaining student privacy in the age of the image?