On February 22 this year, the Privacy Amendment (Notifiable Data Breaches) Act 2017 came into effect, requiring that schools report all data breaches made within or from outside their organisation
And with good cause. While some schools are beginning to understand the ramifications of breaching students’ digital privacy, the majority are often slow to respond.
To address this, Colin Anson founded pixevety, a secure digital platform that facilitates the sharing of images but ensures that the protection of individuals’ privacy remains front and centre.
Below, The Educator speaks to Anson about the pace of change in this area, the emerging digital privacy risks in the year ahead and how pixevety is helping principals deal with them.
TE: One aim of the NDB scheme was to encourage schools to be more proactive about the issue of child privacy. Based on your interaction with schools since February, does it appear to be working?
CA: Yes, we are seeing change. Schools are keener than ever to talk about ways to reduce photo privacy and data breach. I think that schools are starting to understand the real reasons behind the legislation, and because they are concerned with the wellbeing of children, it is resonating. Awareness has been assisted by the growing amount of media coverage of high-profile player data breaches (i.e. Facebook, Instagram, Google) and the serious problems that can be caused by not protecting student privacy through sharing images online. However, much more still needs to be done to increase the general understanding of the NDB scheme, so the ‘why’ is understood.
TE: I understand that pixevety is now embedding new technological advancements in privacy, artificial intelligence and security. How is this going, and can you tell us more?
CA: We are constantly making technology updates to meet our clients’ needs as well as deliver our promise on child image privacy protection. This is especially important when it comes to the AI space, an industry still in its infancy within the education sector. There are some innovative uses of AI in education, however the true ramifications need to be understood, and this is particularly important when considering facial recognition. As an example, the facial recognition algorithm we use is locked down at a single gallery level – not shared across the platform (as is the norm these days). We’ve also ensured our clients get access to facial recognition technology that is not sourced from open-commercial facial recognition software companies that publicly share or sell data to third parties. Each school gallery is completely separate and locked-down, so only each individual school gets access to its own technology. We are very lucky to be working with great schools who are like-minded and driven by a cause that is worthy of long-term partnership and investment.
TE: In the year ahead, are there any emerging digital privacy risks that might complicate how schools protect and manage students’ digital information? If so, how can principals respond?
CA: The role of educators and the demands placed on schools are constantly evolving to include far more than reading, writing, and arithmetic. But many would argue that resources have not increased at the same rate, with some concerning ramifications including high levels of stress, large workloads, and important responsibilities being overlooked. One such responsibility is student protection and privacy compliance – leaving schools open to legal issues and students vulnerable. Many schools are unknowingly breaking the law when it comes to parental consent and child protection. An increased demand for two-way communication with parents, and for schools to market themselves has seen photos of students shared without appropriate consent or consideration of online identification safety. In the year ahead, with the Australian education sector continuing to be a popular target for cyberattacks, and the emergence of human error being a key factor in data breaches currently occurring at schools, principals need to take digital privacy risks more seriously and ensure their teachers and staff are fully trained and educated on how to handle personal data, as well as improve transparency about activities that could raise privacy concerns with parents.