In recent months, schools have had to adapt rapidly to the new normal of remote learning. There is no doubt that teachers, parents and pupils alike have demonstrated great resilience and dedication during this period, but distance learning has also brought increasing challenges and dangers.
Online platforms have been instrumental in enabling students to continue learning, but there will unfortunately always be dangerous individuals who are willing to exploit such situations to steal from or harm young and vulnerable people. Data protection has never been more important and in certain cases is the first line of defence in safeguarding.
It is vital that the importance of data protection procedure is recommunicated to teachers during this time, whether they are currently working from school or remotely. This is especially true for teachers who are working from home, as the risks are even higher. With students communicating on a range of unknown and “unmanaged” devices, the dangers escalate.
Using devices securely
It may feel like it goes without saying, but when using any device, schools must ensure school staff are taking great care over what websites they visit. Users should only visit trusted sites, and avoid downloading or opening any attachments from sources they do not recognise.
Teachers should also be aware that they must avoid sharing a device at home, unless there is the appropriate access control to the areas they use for work. This is also true for their family members. While school staff should already have been trained in data protection and therefore should know what is safe to access and what is not, other family members may be less vigilant.
It is essential that all teachers are reminded to check that their devices have the latest security installation updates and that they have appropriate and updated anti-virus and malware. Additionally, there should be a school IT security team available at all times to advise teachers and staff.
Utilising free resources
A wealth of free resources and support have been created in recent months to support schools, teachers and parents to help with remote learning. Many are superb and the authors must be congratulated. If a system can be used which involves no data to be entered, no registration and no file downloads, and is within a secure website which displays “https”, then it should be safe to use.
However, no website should be used which asks teachers or students to enter personal data without thinking it through. The website’s privacy policy must be checked and simple due diligence should be carried out. Somewhere on the website or in the privacy policy will normally be details of who they are and how to contact them. If the information is not there, either this organisation genuinely wants to help but does not have the process in place to keep data safe, or they are not what they seem. In either case do not expose students to the website.
Reporting concerns
This is a stressful time, meaning things can easily be forgotten or side-lined, which is why it is important to remind teachers and staff that if they believe their device or emails have been compromised then this should be immediately reported.
Keeping communications safe
When contacting and receiving messages from students, teachers should be instructed to assume that every student device may be compromised. Of course this is unlikely, but it is imperative to be as cautious as possible in these circumstances. There is a great website you can use to check if your email address has been compromised: https://haveibeenpwned.com/
Conclusion
One simple way to help safeguard students and teachers alike, is by ensuring that no personal information is shared through these channels. If personal information is requested from a student, they should be instructed to pass this message on to a member of school staff.
Finally, while video-conferencing has been wonderful, all students and staff should be properly briefed on the fact that they must never turn on their video for a person they do not know. Equally, no one should make a recording unless express consent has been obtained before the recording takes place.
- Lynne Taylor is the founder and co-CEO of GDPR in Schools (GDPRiS) and founder of ParentPay. Visit www.gdpr.school
Further information & resources
- The Information Commissioner’s Office has published a range of information to support schools in meeting GDPR requirements. Visit https://ico.org.uk/for-organisations/in-your-sector/education/
- The GDPR in Schools website has regular updates and free resources: www.gdpr.school
- The SecEd Guide To Getting GDPR right (June 2018) is available to download for free, via www.sec-ed.co.uk/knowledge-bank/guide-to-gdpr