Online Safeguarding: What Pupils Need to Know about Data Protection

Data protection safeguarding is a key topic for teachers and students. Every tier of a school needs to have a good understanding of the crucial issues and implications surrounding data protection. Teachers must take the time to teach their pupils the best practices for data protection so they can protect themselves now and in the future.

Here’s the information your pupils need to know about data protection.

1. The Importance of Password Management

Passwords are usually the first line of defence in online safeguarding for individuals of any age when protecting their data. Password management is, therefore, a great thing to teach children as they increasingly interact with digital platforms. This is especially important during the current coronavirus pandemic, where digital platforms will utilise their work and contact details more than before.

Children can be taught about the following vital factors to do with password safety:

  • Don’t enter passwords on public computers. 
  • Make sure passwords are long and contain a sufficient amount of random numbers and letters. They may be harder to remember, but they’re much better at keeping data protected.
  • Have a separate, unique password for each platform used. 
  • Two-factor authentication is a great method of providing an extra layer of security for digital applications.
  • Change passwords regularly, at least a few times a year. 

2. Data Protection on Social Media

More and more children and young people are creating social media profiles. Something to teach pupils about social media is that less is more. They don’t need to include where they go to school, their family ties, their relationships or contact details (including phone numbers and email addresses). 

Staff members must teach them about the dangers of fake profiles on social media, “catfishing” and internet scams. Most importantly, they need to realise what they put online, stays online. It's almost impossible to completely delete data off the internet today. Even if they delete things from their profiles, it can potentially be cached somewhere for people to access.

While there are appropriate age limits for social media (the current age limit for accounts on Facebook, Twitter, Instagram and popular video-sharing site TikTok is 13), there isn't much those sites can do to stop younger people from accessing them. In light of that, while you can’t fully police your pupils, you need to ensure they understand that if they have a profile, they should make it private. 

If they do have a social media profile, teach them to set their privacy settings to the most strict ones available, limiting who can see and interact with their profiles. At the very minimum, the information they have on social media, such as photos and statuses, should only be accessible to people they know, such as family and close friends.

3. Internet Safety Tips for Pupils

There are more generic safety practices concerning data protection safeguarding that children and young people can follow. These include:

  • They must be aware of phishing and other online scams. If they don’t trust an email or a website asking for their data, teach them never to give away their information in those circumstances.
  • If they own an internet-capable phone, tablet or other devices, make sure they know to keep their security systems up-to-date. Even online games might ask for personal details that can then be used maliciously, so having operational security is a good method of protection. 
  • Log out of any profiles if they’re being used on public devices.

Similarly, pupils also need to be taught about the types of data they can share with other parties, as there are differences in the potential of harm caused by breaches to these data.

4. The Difference Between Personal and Sensitive Data

When it comes to data protection safeguarding, both teachers and students need to learn the difference between personal and sensitive data. Personal data is any information that can be used to identify you or your family. 

For example, within a school’s data or records, this would be a pupil’s name, address and contact details. It may even include their disciplinary or progress records. This kind of data remains personal even if the person it belongs to decides to publish it. 

Sensitive data comprises of a lot more important and intimate information. A breach in this kind of data can potentially harm the people it concerns. It’s made up of biometric data (such as fingerprints), dietary requirements, religious beliefs and health records. In an education setting, sensitive data also includes grades and exam results. The Information Commissioner's Office (ICO) has special regulations for how this kind of data is processed. It’s the type of data that can’t be used without consent from parents.

5. Performance Data and Learning Platforms

Another consideration that applies to both pupils and teachers is how learning platforms collate and use both personal and performance data. There’s a certain amount of risk and opportunities of data analytics. Especially in the wake of the coronavirus pandemic and the increase in home or remote learning, proper use of these types of platforms has become important. 

In the UK, for schools and other education providers who are using remote learning platforms, there is the issue of GDPR. GDPR rules won’t stop teachers from delivering online learning, but they evidently do apply to how data is collected and stored through these sites. Before a learning platform is chosen, it needs to be rigorously assessed to see whether it’s compliant with GDPR regulations. For example:

  • You must check whether the online service has one lawful purpose for processing personal data and one lawful purpose for processing special category data. 
  • Identify whether the platform is compliant with privacy laws. 
  • Carry out a risk assessment to mitigate the damage of any future issues. Are there any ways to ensure better compliance and safety?
  • Inform students about the type of information they should and shouldn’t be sharing on or with the platform.

The recent shift towards remote or blended learning styles has raised concerns about data privacy issues. The Director of Youth and Education Privacy at the Future of Privacy Forum, an American organisation, Amelia Vance said, regarding the topic, that "What’s been left out of the conversation is teachers at the K-12 levels and college professors randomly adopting non-education software without privacy vetting or (educational technology),".

"What’s been left out of the conversation is teachers at the K-12 levels and college professors randomly adopting non-education software without privacy vetting or (educational technology),"

One of the issues is that technology that wasn’t specifically designed for the education sector is being used. Rather, generic tools that are widely commercially available have been implemented, which means that any data entered into those systems has the potential of entering the commercial market. While this may only mean the student can be targeted for advertorial purposes, it leaves them more vulnerable to other nefarious data uses. 

The practice that Vance and others want to properly instill in schools is that technology shouldn’t just be implemented because it is easy to use. Each learning platform or service needs to be properly vetted before use.

6. Resources for Teachers

There are several resources teachers can use to create a more secure environment for data in their school, inform themselves of the best practices and also teach their students how to remain safe.

  • The ICO has created lesson plans concerning data protection for both primary school pupils and secondary school pupils. These are intended to be creative and engaging for students and will help to raise awareness of the important issues surrounding data protection. 
  • The UK Government created the ‘data protection: toolkit for schools’ which includes guidance for supporting schools and education professionals with successful data protection.
  • The London School of Economics and Political Science released a report on children’s data and privacy online. You can use this to learn about core arguments covering the current state of children’s protection online, findings from parents and teachers as well as what children actually think of the online landscape.

For even more information, listen to our podcast episode ‘Privacy and Data Protection in Schools’. In the episode, Jen Persson, from Defend Digital Me, talks about how schools can fairly and safely handle children’s data, as well as talking on the importance of awareness for all organisations on how that data is used.