Under the Privacy Amendment (Notifiable Data Breaches) Act 2017 – which came into law on 22 February – schools must report all data breaches made within or from outside their organisation.
While it might seem logical from a privacy standpoint, one expert says principals lack awareness when it comes to the implications of sharing students’ photos – an oversight that could put them, and their schools, at risk of potential legal action.
In 2012, Colin Anson founded pixevety, a secure digital platform that facilitates the sharing of images, but ensures that the protection of individuals’ privacy remains front and centre.
“Back in 2012, privacy wasn’t even a point of discussion,” pixevety founder and CEO, Colin Anson, told The Educator.
“Even in mid-2017, I recall one school saying to me outright that ‘our parents don’t care about privacy’.”
To Anson, the issue is a personal one.
He established pixevety after he and his wife learned that their young daughter’s photos were being openly published by the school without their knowledge – let alone consent.
In one instance, her image was used in a manner that made her highly embarrassed and caused her some significant emotional pain. She was only eight at the time.
Anson said that while some schools are beginning to understand the ramifications of breaching students’ digital privacy, the majority “are slow to respond – let alone do anything about it”.
“They think it won’t happen to them, and when or if it does, they will tackle it at that time. This reactive strategy can be devastating for the School’s reputation, the reputation of the leadership and more importantly the person or people directly affected,” he said.
Anson said the introduction of the NDB scheme should encourage schools to be more proactive about the issue of child privacy.
“Schools will be making sure their in-house privacy programs are sufficient to meet the obligations set out in the Australian Privacy Principles [APPs],” he said.
“This is paramount if they are to avoid school reputational damage and possibly a million dollar fine.”
Anson said that while posting student images on school social media or handing out flash drives containing end-of-year class photos to parents might seem innocuous, such acts could be risky under the APPs.
“Worse still, these activities may put schools at risk of unauthorised disclosure of personal information that requires assessment and notification under the new data breach rules,” Anson pointed out.
“I hope that schools will look at how they currently leverage cloud-services and Internet-enabled technologies to streamline their processes and personal data storage.”
Anson said pixevety is now looking to embed new technological advancements in privacy, artificial intelligence and security in the year ahead.
“We will also continue to work in finessing the platform’s usability and interface to ensure that our sophisticated enterprise-level technology is easy for schools and parents to use and navigate,” he said.
Soon-to-be-released functionality includes video consent management, tracking school media use and existing school-based information system integration.
“In this ever-changing digital landscape, we believe it’s time both schools and parents got back greater control over who takes, sees and distributes a child’s photo. pixevety is about building solutions, not just talking about them,” Anson said.
“Our existing photo management product contains a fully-automated, end-to-end media usage consent module to assist schools in better managing photo consent in real-time with parents – this is world first technology.”
For more infromation about pixevety, visit https://pixevety.com/