E-safety and Data Security Policy for Acceptable IT Use, Including Social Media Policy

September 2020

E-safety Co-Ordinator – Emma Tipper

 CONTENTS…………………………………………………………………………………………………………….

  1. Introduction………………………………………………………………………………………………………….
  2. Monitoring …………………………………………………………………………………………………………..
  3. Breaches …………………………………………………………………………………………………………….

Incident Reporting ……………………………………………………………………………………………………

  1. Parental Involvement……………………………………………………………………………………………..

Acceptable Use Agreement

-Pupils ………………………………………………………………………………………………

-KS1 & KS2 Rules……………………………………………………………………………………………

-Parent e-safety Consent Form……………………………………………………………..

Acceptable Use Agreement: Staff and Visitors…………………………………………………………..

  1. School IT Equipment including Portable & Mobile IT Equipment & Removable Media
  2. Computer Viruses ………………………………………………………………………………………………
  3. Data Security………………………………………………………………………………………………………
  4. Disposal of Redundant IT Equipment Policy ………………………………………………………..
  5. Email………………………………………………………………………………………………………………….

Managing e-mail…………………………………………………………………………………………………….

Sending e-mails……………………………………………………………………………………………………..

Receiving e-mails……………………………………………………………………………………………………

  1. Equal Opportunities…………………………………………………………………………………………..
  2. e-safety ……………………………………………………………………………………………………………

e-safety – Roles and Responsibilities…………………………………………………………………………

e-safety Skills Development for Staff……………………………………………………………………… …

Managing the School e-safety Messages……………………………………………………………….. …

  1. Incident Reporting, e-safety Incident Log & Infringements………………………………………
  2. Internet Access……………………………………………………………………………………………….. .
  3. Managing Other Online Technologies …………………………………………………………. ……..
  4. Passwords and Password Security………………………………………………………………………
  5. Personal or Sensitive Information………………………………………………………………. ……..
  6. Safe Use of images…………………………………………………………………………………………….

Image Consent Form……………………………………………………………………………………………….

  1. Social Media Policy……………………………………………………………………………………………
  2. Writing and Reviewing this Policy…………………………………………………………………. ……
  3. Risk Assessment of e-safety………………………………………………………………………………..

 

Legal Status:

This policy has regard for Part 3 ‘The Education (Independent School Standards) Regulation 2014’ in force January 2015.

This is a whole school policy, including EYFS.

It is to be read in conjunction with:

 

Keeping Children Safe In Education 2020

The school’s: –

Safeguarding and Child Protection Policy

Recruitment and Vetting Policy

Prevent Radicalisation Policy

Staff Code of Conduct

 

  1. Introduction

 Computing and other technologies in the 21st Century are seen as an essential resource to support learning and teaching as well as playing an important role in the everyday lives of children, young people and adults.  Consequently, schools need to build in the use of these technologies in order to arm children and young people with the skills to access life-long learning and employment.

‘Computing and other technologies’ covers a wide range of resources including web-based and mobile learning.  It is important to recognise the constant and fast-paced evolution of IT within our society as a whole.  Currently the internet technologies children and young people are using both inside and outside the classroom include:-

  • Apps
  • E-mail, Instant Messaging and Chat Rooms
  • Social Media, including Instagram
  • Mobile/Smart phones with text, video and/or web functionality
  • Other mobile devices, including tablets and gaming devices
  • Online games
  • Learning Platforms and Virtual Learning Environments
  • Blogs and Wikis
  • Podcasting
  • Video Sharing
  • Downloading
  • On Demand TV, video, movies, radio and Smart TVs

Whilst exciting and beneficial both in and out of the context of education much IT, particularly web-based resources, are not consistently policed.  All users need to be aware of the range of risks associated with the use of these Internet technologies and that some have minimum age requirements (13 years in most cases).

We understand the responsibility to educate our children on e-safety issues, teaching them the appropriate behaviours and critical thinking skills to enable them to remain both safe and legal when using the Internet and related technologies, both in and outside the classroom.

We hold personal data on our children, staff members, parents and others to help conduct day to day activities.  Some of this information is sensitive and could be used by another person to cause harm or distress to an individual.  The loss of sensitive information can result in media coverage and potentially damage the reputation of the school.

We all have a shared responsibility to secure any sensitive information used in day-to-day professional duties and we understand that our staff, even though they may not be directly involved in data handling, will be made aware of risks and threats that may occur and how to minimise them.

Both this Policy and the Acceptable Use Agreement (for staff members, regular visitors and children) are inclusive of both fixed and mobile Internet technologies provided by the school (such as laptops, PCs, mobile devices, webcams, whiteboards, digital video equipment etc.) and technologies owned by the children and staff but brought into school (such as laptops, mobile or smart phones, Ipads and other mobile devices).

  1. Monitoring

The Head Teacher and her Deputy may monitor, intercept, access, inspect, record and disclose telephone calls, emails, instant messaging, Internet/Intranet use and any other electronic communications (data, voice, video or image) involving its employees, without consent, to the extent permitted by law.  This may be to confirm or obtain school business related information, to confirm or investigate compliance with school policies, standards and procedures, to ensure the effective operation of the school IT, for quality control or training purposes, to comply with a Subject Access Request under the Data Protection Act 2018, or to prevent or detect crime.

 

All monitoring, surveillance or investigative activities comply with the Data Protection Act 2018, the Human Rights Act 1998, the Regulation of Investigatory Powers Act 2000 (RIPA) and the Lawful Business Practice Regulations 2000.

It is important to note that personal communications using school IT may be unavoidably included in any business communications that are monitored.

  1. Breaches

A breach or suspected breach of policy by a school employee, contractor or child may result in the temporary or permanent withdrawal of school IT hardware, software or services from the offending individual.

For staff, any policy breach is grounds for disciplinary action in accordance with the school’s Disciplinary Procedure.

Policy breaches may also lead to criminal or civil proceedings.

The Information Commissioner’s powers to issue monetary penalties came into force on 6th April 2010, allowing the Information Commissioner’s Office to serve notices requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act.

The data protection powers of the Information Commissioner’s Office are to:-

  • conduct assessments to check organisations are complying with the Act
  • serve information notices requiring organisations to provide the Information Commissioner’s Office with specified information within a certain time period
  • serve enforcement notices and ‘stop now’ orders where there has been a breach of the Act, requiring organisations to take (or refrain from taking) specified steps in order to ensure they comply with the law
  • prosecute those who commit criminal offences under the Act
  • conduct audits to assess whether organisations’ processing of personal data follows good practice
  • report to Parliament on data protection issues of concern

Incident Reporting

Any security breaches or attempts, loss of equipment and unauthorised use or suspected misuse of IT must be immediately reported to the Head Teacher or her Deputy.  Additionally, all security breaches, lost or stolen equipment or data (including remote access), virus notifications, unsolicited emails, misuse or unauthorised use of IT and all other policy non-compliance must be reported to the Head Teacher, her Deputy or the e-safety co-ordinator.

Please refer to the relevant section on Incident Reporting, e-safety Incident Log.

  1. Acceptable Use

We believe that it is essential for parents/carers to be fully involved with promoting e-safety both inside and outside school and to be aware of their responsibilities towards their children.  We regularly consult and discuss e-safety with parents/carers and seek to promote a wide understanding of the benefits of new technologies together with possible associated risks.

Parents/carers are asked to read through and sign our acceptable use agreements for e-safety on behalf of their child annually until the child leaves The Cedars School. Children also sign the same form annually. We have a set acceptable use rules in place for both KS1 and KS2, shown below. During the first computing lesson of each new academic and calendar year all children cover internet safety and review these rules. If a child joins us during a term, these rules will be discussed individually as an induction for their first computing lesson.

These rules help me to stay safe on the Internet

Think then Click
eSafety Rules for Early Years and KS1 Children
 We always ask an adult if we can use the Internet

 We may click on the buttons and links only when we know what they do

 We only use apps and websites that an adult has chosen

 We tell an adult if we see anything that makes us feel uncomfortable

 We never give out information about ourselves or passwords

 We do not use Internet Chat Rooms

 

 Acceptable Use

Agreement of eSafety Rules – KS2 Children

 I will only use IT in school for school purposes

 I will only open/delete my own files

 I will make sure all IT contact with other children and adults is responsible, polite and sensible

 I will not look for, save or send anything that could be unpleasant or nasty.  If I accidentally find something like this I will tell my teacher immediately

 I will tell my teacher immediately if I see anything on-line which makes me feel uncomfortable

 I will not give out my own or others details, such as name, phone number or home address.

 I will not arrange to meet or send an image unless this is part of a school project approved by my teacher

 I will be responsible for my behaviour when using IT and understand that these rules are to keep me safe

 I will support the school approach to on-line safety and not upload or add any images, video, sounds or text that could upset any member of the school community

 I know that my use of IT can be checked and my parent/carer contacted of a member of school staff is concerned about my safety

 I will not sign up for any on-line services, unless this is an agreed part of a school project approved by my teacher and I am old enough to do so

 I will not bring a Smart Watch to school, because I am not allowed to wear one in school

 

The Cedars School

Parent e-Safety Acceptable Use Agreement

 IT, including the Internet, email and mobile technologies, has become an important part of learning in our school.  We expect all children to be safe and responsible when using IT.

Please read and discuss these eSafety rules with your child(ren) and return the slip at the bottom of this page.  If you have any concerns or would like some explanation, please contact Jane O’Halloran.

Please take care to ensure that appropriate measures are in place at home to protect and support your child(ren) on-line.

  • I have read and understood the school’s eSafety Acceptable Use Agreement and give permission for my child to access the Internet in school
  • I understand that Internet use by my child(ren) will be supervised by an adult
  • I understand that the school will take all reasonable precautions to ensure that my child cannot access inappropriate material
  • I will sign the consent form held in school for my child(ren) annually.

E-safety acceptable use agreement/code of conduct

Staff.

 IT (including data) and the related technologies such as email, the Internet and mobile devices are an expected part of our daily working lives at school.  This agreement/code of conduct is designed to ensure that all staff members are aware of their professional responsibilities when using any form of IT.  All staff members are expected to read this agreement and adhere to its contents at all times.  Any concerns or clarification should be discussed with the Head Teacher or e-safety co-ordinator. These rules also apply to any visitors to the school who need to access our technology.

  • I will only use the school’s Internet, Shared Drive and any related technologies for professional purposes or for uses deemed acceptable by the Head Teacher or the e-safety co-ordinator.
  • I will use Google Chrome as the default web browser when accessing the internet.
  • I will comply with the IT system security and not disclose any passwords provided to me by the school or other related authorities.
  • I will ensure that all electronic communications with pupils, parents and staff members are compatible with my professional role, and will only use GDPR compliant platforms for professional communications
  • I will not give out my own personal details such as mobile phone number, personal email address, personal Twitter account or any other social media link to pupils or current parents except by prior permission of the Safeguarding Lead (or the DSL) (e.g. for peripatetic teaching arrangements or private arrangements for extended hours care)
  • I will only use the approved secure email system for any school business.
  • I will ensure that personal data is kept secure and is used appropriately whether in school, taken off school premises or accessed remotely. Personal data can only be taken out of school or accessed remotely with the express permission of the Head Teacher or her Deputy.
  • Personal or sensitive data taken off site must be encrypted, e.g. on a password secured laptop or memory stick.
  • I will not install any hardware or software without the express permission of the Head Teacher or the e-safety coordinator.
  • I will not browse, download, upload or distribute any material which could be deemed offensive, illegal or discriminatory.
  • Images of pupils and staff members will only be taken and stored on the shared drive for professional purposes in line with school policy and written consent of the parent/carer or staff member.
  • Images of pupils and staff taken with personal devices must be moved to the shared drive within 48 hours and removed from the personal device.
  • Images will not be distributed outside the school network without the permission of the parent/carer, staff member, Head Teacher or e-safety coordinator.
  • I will support the school approach to online safety and not upload or add any images, video, sounds or text linked to or associated with the school or its community.
  • I understand that all my use of the Internet and other related technologies will be monitored and logged and made available to the Head Teacher.
  • I will respect copyright and intellectual property rights.
  • I will ensure that my online activity both in and outside school will not bring the school, my professional reputation or that of others into disrepute.
  • I will support and promote the school’s e-safety and Data Security policies and help pupils to be safe and responsible in their use of IT and related technologies.
  • I understand this agreement forms part of my terms and conditions set out in my contract of employment.
  1. School IT equipment, including portable and mobile IT equipment and removable media

School IT equipment:

As a user of school IT equipment you will be responsible for your activity.

  • Ensure that all IT equipment that you use is kept physically secure.
  • Do not attempt unauthorised access or make unauthorised modifications to computer equipment, programs, files or data. This is an offence under the Computer Misuse Act 1990.
  • It is imperative that you save data on a frequent basis to the school’s network. You are responsible for the backup and restoration of any of your data that is not held on the school’s network.
  • Personal or sensitive data should not be stored on the local drives of a desktop PC, laptop, USB memory stick or other portable device. If it is necessary to do so the local drive must be encrypted.
  • It is recommended that a time locking screensaver is applied to all machines. Any device accessing personal data must have a locking screensaver, as must any user profiles.
  • Privately owned IT equipment should only be used on the school network with the express permission of the Head Teacher or e-safety coordinator.
  • It is your responsibility to ensure that any information accessed from your own PC or removable media equipment is kept secure and that no personal, sensitive, confidential or classified information is disclosed to any unauthorised person.
  • All IT equipment allocated to staff must be authorised by the Head Teacher or the e-safety co-ordinator.
  • All redundant IT equipment must be disposed of in accordance with Waste Electrical Equipment (WEEE) directive and the Data Protection Act 2018.

 Personal mobile devices:

  • The school allows staff members to bring in personal mobile phones and devices for their own use. Contacting a child or parent/carer using a personal device is only permitted in an emergency with permission from the Head Teacher.
  • Children are allowed, with permission, to bring personal mobile phones and devices into school but must not use them for personal purposes during lesson times.
  • The school is not responsible for loss, damage or theft of any personal mobile phone or device brought into school.
  • During the school day, all mobile devices must be stored in the kitchen area and only accessed at break and lunch times, away from the children.
  • Smart watches may be worn by staff providing that hey have no photographic capability
  • Permission must be sought before any image or sound recordings are made on the devices of any member of the school community.
  • Users bringing personal mobile telephones or devices into school must ensure that there is no illegal content on the device.
  • Any image taken with a personal device must be moved to the school’s shared drive and removed from the personal device within 48 hours.

School provided mobile devices:

 Where possible the school provides mobile technologies such as laptops or iPads for offsite visits and trips.

  1. Computer Viruses
  • AVG anti virus software is installed on all school laptops. There should be no interference with anti-virus software installed on school IT equipment.
  • Personal equipment used in school which is not part of the school’s hardware must be subject to regular virus updates; unprotected equipment should never be brought into school.
  • If a virus is suspected on any school IT equipment its use must be stopped and the Head Teacher and/or e-safety co-ordinator informed without delay.
  1. Data Security
  • The school gives relevant staff members remote access to files with a unique username and password.
  • It is the responsibility of all staff members to keep passwords secure.
  • Staff members are aware of their responsibility when accessing school data.
  • Staff members have been issued with the relevant guidance documents and the policy for e-safety acceptable use, including information in their staff handbook.
  • Staff keep all school related data secure – this includes all personal, sensitive, confidential or classified data.
  • Staff members should avoid leaving any portable or mobile IT equipment or removable storage media in unattended vehicles. Where this is not possible the vehicle must be kept securely locked and the equipment or storage media kept out of sight.
  • Staff members should always carry portable and mobile IT equipment or removable media as hand luggage and under their control at all times.
  • It is the responsibility of individual staff members to ensure the security of personal, sensitive, confidential and classified information which is contained in documents, copied, scanned or printed.
  • On occasions a school computer may need to be remotely access by an IT technician to fix an error that cannot be done internally. This is monitored and logged in our incident file.

The Office of Public Sector Information has produced Managing Information Risk (http://www.natuionalarchives.gov.uk/services/publications/information-risk.pdf) to support relevant responsible staff members in their role.

Sensitive Information

Any information that is sensitive must be protected.  This will include personal data of children and staff members such as assessment records, medical information and special educational needs data.  The Head Teacher will decide:

  • what information is held and for what purposes
  • what information needs to be protected, how information will be amended or added to over time
  • who has access to data and the reason
  • how information is retained and for how long and the method for its eventual disposal

However, it should be clear to all staff members that the handling of secured data is everyone’s responsibility whether they are an employee, a volunteer or a managed service provider.  Failure to apply appropriate controls to secure data may amount to gross misconduct or even legal action.

Remote Access

  • All staff members are responsible for all activity when accessing data from OneDrive.
  • Staff members will ensure that they only use equipment with an appropriate level of security for remote access.
  • Staff members should avoid writing down or otherwise recording any network access information. Any such information that is written down must be kept in a secure place and disguised so that no other person will be able to identify what it is.
  • Staff members must protect school information and data at all times including any printed material produced whilst using the remote access facility. Particular care should be taken when access is from an environment outside school.

We use the following:

Microsoft One Drive, Sharepoint.

  1. Disposal of redundant IT equipment procedure

 All redundant IT equipment will be disposed with all data removed, or if the storage media has failed it will be physically destroyed.

Disposal of any IT equipment will conform to:-

https:ico.org.uk-organisation/education/

  • Electricity at Work Regulations 1989

http://www.opsi.gov.uk/si/si1989/Uksi 19890635 en 1.htm

  1. Email

 The use of email is an essential means of communication.  In the context of school, email should not be considered private.  Educationally, email can offer significant benefits including direct written contact between schools on different projects within the school or internationally.  We recognise that the children need to understand how to style an email in relation to their age and how to behave responsibility online.

Managing email

  • The school gives all staff members their own email account to use for all school business as a work based tool. This is to protect them, minimise the risk of receiving unsolicited or malicious emails and avoid the risk of personal profile information being revealed.
  • Staff members should use their school email for all professional email communication.
  • It is the responsibility of each account holder to keep their password secure. For the safety and security of users and recipients, email histories can be traced.
  • Under no circumstances should staff members contact the children, parents/carers or conduct any school business using their personal email address.
  • All emails should be written and checked carefully before sending in the same way as a letter written on school headed paper.
  • Staff sending emails to external organisations, parents/carers or children are strongly advised to cc: the Head Teacher.
  • Children may only use school approved accounts on the school system for education purposes and then only under direct teacher supervision.
  • All child email users are expected to adhere to the generally accepted rules of responsible online behaviour, particularly in relation to the use of appropriate language and not reveal any personal details about themselves or others in email communications, or to arrange to meet anyone.
  • Children must immediately tell a teacher or trusted adult if they receive an offensive or upsetting email.
  • Staff must inform the Head Teacher or e-safety co-ordinator it they receive an upsetting or offensive email.
  • Children are introduced to email as part of the Computing programme of study.
  • However a school email account is accessed (whether directly through webmail when away from the office or on non-school hardware) all the school policies must be adhered to and still apply.

 Receiving Emails

  • School email accounts must be checked regularly.
  • Attachments from an unknown or untrustworthy source must never be opened.
  • All unsolicited emails should be deleted from your school email account.
  1. Equal Opportunities

 Children with additional needs

 Staff members are aware that some children may require additional support or teaching including reminders, prompts and further explanation to reinforce their existing knowledge and understanding of e-safety issues.

Where a child has a poor social understanding, careful consideration must always be given to group interactions when raising awareness of e-safety.  Internet activities are planned and well managed for such children.

  1. E-safety

 E-safety – Roles and responsibilities

 IT and online resources are increasingly used across the curriculum.  We believe that it is essential for e-safety guidance to be given to children on a regular and meaningful basis and in an easy to understand manner.  E-safety is embedded in our curriculum and we continually look for new opportunities to promote e-safety.

  • The school has a framework for teaching Internet skills in Computing and PHSEE lessons (Refer to medium term plans).
  • The school provides opportunities to teach about e-safety within a range of Curriculum areas.
  • Educating children about online risks that they may encounter outside school is done informally when opportunities arise and as part of Safety guidance and PHSEE.
  • Children are taught about copyright, respecting other peoples’ information, safe use of images and other important areas through discussion, modelling and appropriate activities.
  • Children are aware of the impact of cyberbullying and know how to seek help if they become the subject of any form of online bullying. Children are also aware of where to seek advice or help if they experience problems using the Internet and related technologies i.e. parent/carer, teacher/trusted staff member, Childline or CEOP Report Abuse button.

E-safety skills development for staff members

  • Our staff members receive regular information and training on e-safety and how they can promote ‘Stay Safe’ online messages.
  • New staff members receive information on the school’s e -safety acceptable use policy as part of their induction programme.
  • All staff members have been made aware of their individual responsibilities relating to the safeguarding of children within the context of e-safety and know what to do in the event of misuse of technology by any member of the school community.
  • All staff members are encouraged to incorporate e-safety activities and awareness within their curriculum areas and ensure they are adequately informed with up-to-date areas of concern.

Managing the school e-safety messages

  • We endeavour to embed e-safety messages across the curriculum whenever the Internet and/or related technologies are used.
  • The e-safety policy is introduced to the children at the start of each academic year.
  • Key e-safety advice will be promoted widely throughout the school via displays, newsletters, classroom activities etc.
  1. Incident reporting, E-safety incident log and infringements

 Incident reporting

 All security breaches, lost/stolen equipment or data, virus notifications, unsolicited emails, misuse or unauthorised use of IT and all other policy non-compliance must be recorded and reported to the Head Teacher or e-safety co-ordinator. The E-safety incident log is held in the main office and will be monitored termly by the e-safety co-ordinator and all incidents discussed with the Head Teacher.

  1. Internet Access

The Internet is an open, World-wide communication medium which is available to everyone at all times.  Anyone can view information, send messages, discuss ideas and publish material, which makes it both an invaluable resource for education and business, a forum for social interaction, as well as a potential risk to young and vulnerable people.

Managing the Internet

  • The school uses Google Chrome as the default web browser, Tiny Filter Pro is installed on all laptops on the Pupil accounts. This add as additional security to filter and prevent the children accessing sites that are unsuitable.
  • The school provides children with supervised access to Internet resources through the school’s fixed and mobile Internet connectivity..
  • We teach the children how to manage any Internet activity that they find distressing through regular Internet safety training.
  • Staff members will review any recommended sites, online services and apps before they are used.
  • If Internet research is set for homework, specific sites will be suggested that have been previously checked by the teacher. It is, however, strongly advised that parents re-check these sites and supervise this type of work.  Parents will always be asked to supervise further work.
  • All users must observe copyright at all times.

Internet use (see Social media policy, reproduced later in this policy document)

  1. Managing other online technologies

 Online technologies (including social network sites), if used responsibly both outside and within an educational context, can provide easy to use, collaborative and free facilities.  However, it is important to recognise that there are issues regarding the appropriateness of some content, contact, culture and commercialism.  To this end we encourage our parents/carers and staff members to think carefully about the way information can be added and removed by all users, including themselves, from these sites.

  • Access to social networking sites is not allowed.
  • Specific online educational sites are used in school and at home; logins and passwords are given.
  • All children are advised to be cautious about the information given by others on such websites e.g. users not being who they say they are.
  • Children are advised not to place images of themselves (or details within images that could give background details) on websites and to consider the appropriateness of any images they post due to the difficulty of removing an image once it is online.
  • Children are always reminded to avoid giving out personal details on websites which may identify them or where they are (full name, address, mobile/home phone number, school details, email addresses, specific hobbies/interests etc.).
  • Our children are advised to set and maintain their own online profiles to maximum privacy and deny access to unknown individuals.
  • Children are encouraged to be wary about publishing specific and detailed private thoughts and information online.
  • Our children are asked to report any incidents of cyberbullying to the school.
  • Services such as Facebook and Instagram have a 13+ age rating which should not be ignored. http://www.coppa.org/comply.htm
  1. Passwords and password security

 Zombie accounts

 ‘Zombie accounts’ refers to accounts belonging to users who have left the school and therefore who no longer have authorised access to the school’s systems.  Such zombie accounts, when left active, may cause a security threat by allowing unauthorised access.  Therefore the school will:

  • ensure that all user accounts are disabled once a member of the school has left
  • take prompt action on disabling accounts to prevent unauthorised access
  • regularly change generic passwords to avoid unauthorised access
  1. Personal or sensitive information

 Protecting personal, sensitive, confidential or classified information

 Staff members must:

  • ensure the accuracy of any personal, sensitive, confidential and classified information that they disclose or share with other people
  • ensure that any such information is not disclosed to any unauthorised person
  • ensure the security of any such information that they copy, scan or print. This is particularly important when shared printers (multi-function, print, scan and copiers) are used and when access is from a non-school environment
  • only download personal data from systems if they are expressly authorised to do so by the Head Teacher
  • keep their screen display out of direct view of any third parties when they are accessing personal, sensitive, confidential or classified information
  1. Safe use of images

 Taking of images and film

 Digital images are easy to capture, reproduce and publish and thus, misuse.  Everyone must remember it is not always appropriate to take or store images of a member of the school community or a member of the public without first seeking consent and considering the appropriateness of such an action.

 With the written consent of parents/carers (on behalf of all children) and staff members, the school permits the appropriate taking of images by staff members and children using school equipment.

Staff are permitted to use personal digital equipment such as smart and mobile phones or cameras to record images of children and other members of the school community. This includes when on field trips if they have the express permission of the Head Teacher and the images are transferred within 48 hours and solely to the school’s network.  The images must then be deleted immediately after transfer from the staff member’s device.

Children and staff members must have permission from the Head Teacher or lead designated person for safeguarding before any image may be uploaded. Please refer to the sample Image Consent Form below.

 The Cedars School

Image Consent Form

We believe that the responsible use of images of children can make a valuable contribution to the life of the school and in today’s world where photography and film are an integral part of day-to-day life, our policy needs to harness the benefits whilst protecting the children.  Therefore, our policies and procedures must be robust to protect the interests of the children and our staff.  All procedures take account of Keeping Safe in Education (KSIE) September 2020 and the Data Protection Act 2018.

We take photographs of the children at school, during school field trips and during other activities that are carried out offsite.  We may use these images in our school prospectus or in other printed publications that we produce as well as in displays or on our website or other relevant social media channels.  We may also take video or webcam recordings which may be used on our website or shared with other parents e.g. school performances.

On occasions we send images to news media or our school may be visited by the media who will take their own photographs or film footage i.e. of a visiting dignitary and our children may appear in these images.  The news media may use the images in printed publications, on televised news programmes or on their website.  The media are bound by the Data Protection Act 2018.  When we submit images and information to the media we have no control over when or where they will be used.  On such occasions we may give names and ages of the children.

It is usual that parents/carers and family members take images of their child during school functions and these may well also contain images of other children. Where images contain children other than your own these images must not be used on any form of social media. 

To comply with the Data Protection Action 2018, we need your permission before we can use images of your child.

Conditions of use:

  1. This form is valid for the period of time your child attends The Cedars School. Please write to us if you wish to withdraw consent at any time.
  2. The images we take will be of activities that show the school and the children in a positive light.
  3. Embarrassing or distressing images will not be used.
  4. We may use group or class photographs or footage.
  5. We will only use images of children that the Head or designated person for safeguarding children deem appropriate.
  6. No image would be used which would be considered to put a child ‘at risk’.
  7. We will make every effort to ensure that we do not allow images to be taken of children for whom we do not have permission.
  8. We will take all reasonable measures to ensure the images are used solely for the purposes for which they are intended. However, we cannot guarantee this and take no responsibility for the way images are used by other websites or publishers.

 To give your consent to images being used in print and electronic form, please complete the information below and return the form to school.

 I give permission for my child’s image to be taken and used in publicity material for the school, including printed and electronic publications, video, on the website and that they can be used by the media.

 Yes/No*

*Please delete as appropriate

I understand the need to act responsibly when using images that include children outside my own family.

I have read and understood the information overleaf.

 Where applicable, please ensure that BOTH parents sign below.

 Name of child: __________________________________________

 Parent 1 Signature: ______________________________________

 Parent 2 Signature: ______________________________________

 Storage of images

 Images/films of children are stored in the school’s Cloud.

Children and staff are not permitted to use portable personal media for the storage of images e.g. USB sticks, without the express permission of the Head Teacher.

Rights of access to this material are restricted to the teaching staff and children within the confines of the school network or other school resource.

 Webcams and CCTV

 We do not use publicly accessible webcams or CCTV in school.

Video Conferencing

Permission is sought from parents and carers if their child/children are involved in video conferences with end-points outside of the school.

All children are supervised by a member of staff is video conferencing takes place.

The school will keep a record of video conferences, including date, time and participants.

Approval from the Head Teacher will be sought prior to all video conferences.

No part of any video conference is recorded in any medium without the written consent of those taking part.

Additional points to consider:

  • Participants in conferences offered by 3rd party organisations may not be DBS (previously CRB) checked.
  • Conference supervisors need to be familiar with how to use the video conferencing equipment, particularly how to end a call if any point any person taking part becomes unhappy with the content of the conference.
  1. Social Media Policy

The school acknowledges that social media has become a regular part of everyday life and that many people enjoy blogs, media sharing services, social networking sites and forums and holding membership of sites such as Facebook, MySpace or Twitter.

It is very important to note however, that the use of social media and networking websites has implications for:

  1. our duty to safeguard children;
  2. your reputation and that of the school;
  3. data protection;
  4. confidentiality; and
  5. our relationship with pupils parents, each other and the wider community.

This policy is intended to give you clear guidelines as to what the school expects from you and to help you make appropriate decisions about the use of social media to ensure that students are kept safe, that the school is not exposed to legal risk and that the reputation of the school is not adversely affected.

Misuse of social media websites can in certain circumstances constitute a criminal offence or otherwise give rise to legal liability against you and the school.  It may also cause embarrassment to us and to our students and parents and so you must only use social media with caution.

We have set out various standards below which we will expect you to observe.  It is incumbent upon all of us to ensure the proper implementation of this policy to protect the school, each other and our pupils.

  1. This policy should be read in conjunction with the:-
  • Acceptable Internet Use Statement
  • Staff User Agreement for iPads
  • E-Safety acceptable use agreement for Staff & Visitors
  • Discipline and Grievance Procedure
  • Equality Statement
  1. General

2.1. All members of the school are expected to comply with this policy at all times to protect the privacy, confidentiality and interests of the school, our staff, partners, parents and pupils.

2.2. Breach of this policy will be dealt with under the Disciplinary Procedure and in serious cases may be treated as gross misconduct leading to summary dismissal.

  1. Professional use of social media

3.1. Only staff with permission are permitted to post material on a social media websites or other online forums in the school’s name or on behalf of the school. Any breach of this restriction will amount to gross misconduct.

  1. Your personal use of social media

You are personally responsible for content you publish into social media tools; be aware that what you publish will be public for many years.

4.1.You will not:

4.1.1  use social media during school hours

4.1.2. access social media on any school IT equipment at any time, whether during school hours or otherwise

4.1.3. upload, post, forward or post a link to any abusive, obscene, discriminatory, harassing, derogatory or defamatory content.

4.1.4. upload, post or forward any content belonging to a third party unless you have that third party’s consent

4.1.5. discuss colleagues, students, the school, other schools or suppliers without their prior approval and the approval of the Head Teacher

4.2. Your use of social media must not:

4.2.1. breach the school’s misconduct, equal opportunities or bullying and harassment policies

4.2.2. be used to discuss or advise any matters relating to school, staff pupils or parents

4.3. You must:

4.3.1. be mindful of the impact your contribution might make to people’s perceptions of you and the school.

4.3.2. always consider others’ privacy and avoid discussing topics that may be inflammatory

4.3.3. avoid publishing your contact details where they can be accessed and used widely by people you did not intend to see them

4.3.4. ensure that personal blogs have clear disclaimers that the views expressed by the author are yours alone and do not represent the views of any third party

4.3.5. ensure any information you publish on the Internet complies with the school’s equal opportunities, confidentiality and data protection policies

4.4. If you feel slightly uneasy about something you are about to publish, then you shouldn’t do it.  If in doubt, always discuss it with The Head Teacher.

  1. Contact with Pupils

5.1 You will not establish or seek to establish contact with pupils via social media or any other form of information communication technologies.

5.2. You will not have a pupil or former pupil under the age of 18 as a ‘friend’ to share information with.

5.3. You will not interact with any pupil or former pupil (under the age of 18) on social networking sites.

  • Should a pupil attempt to join your area on a social networking site you must inform the Head Teachers. Parents will be informed if this happens.
  1. Personal Data

6.1. Never disclose sensitive, private or confidential information regarding the school including but not limited to any student, parent or member of staff.

6.2. Make sure that others cannot access any content, media or information from your profile that would undermine your position as a professional, trusted and responsible person.

6.3. You should consider:

6.3.1.  reviewing the privacy settings on your profile so that only people you have accepted as friends can see your content

6.3.2. regularly reviewing who is on your ‘friends list’ on your personal profile

  1. Notifications

7.1. Breaches of this policy should be notified to the Head Teacher and action will be taken in respect of any such breaches.

7.2. Any member of staff who feels that have been harassed or bullied, or are offended by material posted or uploaded by a colleague onto a social media website should inform the Head Teacher.

7.3. The terms and conditions of most social media and networking sites do not allow members under the age of 13.  If you become aware of any of the pupils using or accessing social media sites, then please inform the Head Teacher immediately.

7.4. If you notice any content posted on social media about the school (whether complimentary or critical) please report it to the Head Teacher.

  1. Evidence of Misuse:

8.1. Where evidence of misuse is suggested we will undertake a more detailed investigation in accordance with our disciplinary procedure.

8.2. If necessary, such information may be handed to the police or other bodies including but not limited to LADO.

Remember at all times, in or out of working hours, in social media or otherwise, you are an ambassador for the school.

  1. Writing and reviewing this policy

 Review Procedure

 There will be on-going opportunities for staff to discuss with the e-safety co-ordinator any e-safety issue that concerns them.

This policy will be reviewed annually and consideration will be given to the implications for future whole school development planning.

The policy will be amended if new technologies are adopted.

 Further help and support

 The school has a legal obligation to protect sensitive information under the Data Protection Act 2018.  For more information, visit the website of the Information Commissioner’s Office – https://ico.org.uk

 Data Protection Team email: data.protection@hertfordshire.gov.uk

 Information Commissioner’s office:  www.ico.org.uk

 https://www.gov.uk/government/publications/cloud-software-services-and-the-data-protection-act

 20. Risk Assessment for e-safety

Assessment carried out_______________ Signed: ________________  Assessment Date:

 

Activity Hazards Risk H/M/L Who might be harmed? Risk is controlled by: Tick if in place
Using computers, smartboards, PCs, iPads Physical issues e.g. repetitive strain injury, eye strain. Theft. L Pupils

Staff

Take regular breaks from the computer, have appropriate furniture e.g. chairs at correct height.

Follow school procedures for looking after assets e.g. lock away iPads at night.

Don’t leave valuables lying around.

Online searching. Downloading photos and information Viewing unsuitable material. Downloading inappropriate material. Illegal downloads/ copyright infringement. L Pupils, staff, volunteers,  

· New equipment is set up with appropriate security settings.

· Follow school acceptable usage of IT policy. Make sure everyone aware of these.

· New staff have to sign the Code of Practice for employees.

·  Inform parents of Internet use. Set up an Internet agreement for parents and pupils to read and sign. Inform parents of possible dangers through the newsletter.

· Curriculum covers e-safety e.g. teaching pupils what to do if they find material they think is unsuitable, worrying.

· Teach pupils to have an awareness of ownership of their own work and not to plagiarise.

· Teach pupils to cross-check websites to check the validity of information.

Internet safety to prevent access to unsuitable material.

· Reporting incidents to staff and recording in the incident book on site. Reporting searches that throw up indecent images. Keep in log book.

Using mobile phones/ tablets/ iPads/Smart watches As online searches. L Pupils, staff, volunteers, · Curriculum covers e-safety e.g. teaching pupils what to do if they find material they think is unsuitable, worrying.

· Assemblies on contact with people we don’t know and the possible dangers and what to do i.e. tell a trusted adult.

 

· Staff follow acceptable IT use policy i.e. don’t use own phone/equipment with pupils. Don’t take photos of children on own phone.

· Staff have phones on trips for keeping in touch with school, volunteers and emergencies. Volunteers need to be reminded not to use their devices on trips unless for approved use.

· Record in incident books on site. Report to other agencies as necessary.

Social networking and emailing. Gaming, Xboxes, Moshi Monsters, Snapchat etc. Contact with inappropriate people and material. L Pupils, staff, volunteers, · Follow safeguarding policies and procedures.

· Curriculum covers e-safety e.g. teaching pupils what to do if they find material they think is unsuitable, worrying. Teaching pupils how to keep safe e.g. not giving out phone numbers and addresses. Teaching pupils to realise the person they are talking to may not be the person they think they are e.g. adults posing as children.

· Inform parents of possible dangers by highlighting in newsletters.

· Make parents aware of cyberbullying and sexting (and new technologies as they arise).

· Record in incident books on site. Report to other agencies as necessary.

· Teaching pupils that what they put out online can affect others. Links to PSHEE and computing curriculum.

Data protection. Misuse of data L Pupils, staff, volunteers, · Follow the school’s data protection policy as shown on school website.

·Changing passwords regularly.

· Not taking sensitive data home unprotected.

· Loss/sharing of confidential data. Staff to follow confidentiality procedures (GDPR); not sharing confidential material on social networking sites.

School website School emails Publishing inappropriate material. Data protection. Use of images. Hacking L Pupils, staff, volunteers · Follow school’s social media policy including not naming children and getting parent/carer permission to include images of children.

· Don’t include any data covered by data protection rules.

· Check website and if hacking is suspected, report and close/suspend site.

· Use IT that protects as far as possible against hacking.

· Limited staff have enhanced access rights to certain areas of data.

Staff have their own work email address for school use.

·

Policy adopted by Jane O’Halloran in January 2016

Updated:   January 2020 by Emma Tipper

Review Date: January 2021

 

APPENDIX 1

The Cedars School

 

Remote Teaching and Learning policy

 

 

Background:

This policy is to ensure the ongoing education of pupils at The Cedars School pupils under unusual circumstances. This policy will provide information about possible school closures that could happen at any time: due to school closure from illness, epidemic, extreme weather, power-loss, etc. It also covers the ongoing education of pupils who cannot be in school due to Covid-19 enforced isolation, but are able to continue with their education when the school remains fully open. This policy does not relate to individual pupils who are unable to attend school due to other illnesses.

 

Remote Learning Lead:

The Head Teacher is responsible for formulating and overseeing the school’s Remote Teaching and   Learning Policy.

 

Related Documents:

  • Safeguarding Policy
  • Covid-19 -Arrangements for Safeguarding and Child protection
  • Staff Code of Conduct
  • Behaviour Policy
  • Data Protection Policy, and Data Protection Notices
  • Acceptable Use of IT Policies (Pupils, and Staff and Parents)

 

The purposes of this policy are threefold:

  • To outline procedures and practice for pupils in a Covid instructed self-isolation, who are otherwise fit and healthy enough to continue with their academic learning.
  • To outline procedures and practice for staff in self-isolation, who are otherwise fit and healthy enough, to continue with teaching, setting, marking and feeding back on pupil work as part of a normal academic
  • To outline procedures and practice for staff, pupils and their parents to continue with the academic program if the whole School or an individual ‘bubble’ has to close due to advice from the Government and/or Public Health England or similar

 

Remote teaching and learning in case of enforced whole school or ‘bubble’ closure

 

The school will continue to deliver timetabled academic lessons, pastoral support to pupils remotely, using a number of secure online platforms and delivery methods. Video and audio communication will be made via a school phone or through secure school systems such as Teams.

 

If the school undergoes enforced temporary closure due to government and/or public health guidelines, Microsoft Teams will be the single hub for all Remote Learning interactions. The following will apply:

 

Pupil expectations:

  • Pupils will retain structure to their working day starting with their logging-in to Microsoft Teams at 8.50am.
  • The class teacher and teaching assistants will lead
  • In line with their expected timetable, pupils should visit their appropriate class Microsoft Teams throughout the day.
  • Pupils should complete all set work and, if requested, hand in work as instructed by their teacher.
  • Deadlines must be met
  • Unless otherwise directed, pupils should use their Microsoft Teams to access assignments and instructions.
  • Use the designated Microsoft Teams chat channel to communicate with their teachers and ask questions if they do not understand/require help.
  • Pupils should not record any online lesson content. Any pupil found to be capturing personal information in this way will be sanctioned according to the school behaviour
  • Pupils should comply with the school IT Acceptable Use

 

Expectations of teaching staff:

  • It is recognised that where possible teachers will cover their normal timetabled lessons and will be available via Teams between 8.45am and 3.30pm. Lessons will follow an in-school timetable as closely as possible.
  • Any electronic resources used in the lesson, including work sheets, links to website and video clips or PowerPoints used, should be saved within Microsoft Teams.
  • Teachers will endeavour to set work equivalent in length to the lessons on their usual timetable and be available during scheduled lessons to answer any questions pupils may have via ‘Microsoft Teams Chat’.
  • Teachers will mark and feedback pupil work with the same regularity they would have done if in Pupils can continue to receive the feedback they need through Teams.
  • At the start of each lesson the teacher should set a clear behaviour expectation . A ‘classroom standard’ of behaviour is expected from all
  • As much as possible, staff will follow the school’s usual rewards and sanctions guidelines as in school. Parents will be contacted by email or phone if there are ongoing
  • Full instructions for Staff on the use of Microsoft 365 and Teams are available.
  • Teaching staff should comply with the school IT Acceptable Use

 

Parents expectations:

  • Encourage and support their children’s work, including finding an appropriate place for their child to work, checking that set work is completed and ensuring there is structure to the working day: start and finish times and appropriate
  • Provide an appropriate place for their child to work – ideally not a bedroom – making sure that an adult is available nearby whilst their child is online.
  • Parents are reminded that pupils should not record any online lesson content unless requested to do so by a teacher. They should remind pupils of this.
  • We are mindful that if remote working/learning is happening nationally then there may be bandwidth restrictions across the UK internet backbone effecting participation in live lessons and the timing of assignment submissions
  • Where pupils or family members are ill, parents should inform the Head/Deputy Head so that teachers can be informed,
  • If there are any concerns, in the first instance parents should contact the pupil’s teacher

 

 ‘Live’ online teaching sessions

Teachers will deliver some content in a ‘live’ manner.

 

Microsoft Teams allows for resources to be shared, and pupils to ask questions in ‘real-time’. Pupils will be provided with details of sessions, and will be expected to participate in them if they are asked and able to.

Live sessions can be particularly helpful as they can facilitate communication, with pupils able to respond to teachers’ questions (and ask them) via the conversation functionality in teams.

 

Parental involvement during sessions: Should a parent wish to speak to a member of staff they should make the request by email or via the Teams platform, rather than during a class lesson.

When using the live audio/video functions, teachers must follow school safeguarding protocols, all such sessions will be clearly marked on the timetables. Teachers should have the option to record a live class so that if any issues were to arise, the video or audio could be reviewed; in this case, pupils, parents and The Head must be informed in advance.

 

Remote learning for pupils who are in self isolation

Pupils are required to self-isolate if they have been in an affected area and are displaying flu like symptoms, or if they have been to one of the designated affected areas according to Public Health England even, if they are not displaying symptoms.

 

If they are fit and well enough to continue with their learning at home during their quarantine period, the school will provide appropriate support. If the school remains open during the period the child is absent, it will not be possible to provide a full timetable of live teaching. However, the class teacher will set work which will either be sent home electronically or, where needed, hard copies of resources may be delivered by a member of staff. Work will follow as closely as possible, the lessons being taught in school. Daily support will be provided via the Teams platform and the pupil will be supported on their return to school to catch up with any learning missed during their absence.

 

Safeguarding

 

This guidance document is supported by a number of school policies.

  • Safeguarding Policy
  • Covid-19 -Arrangements for Safeguarding and Child protection
  • Staff Code of Conduct
  • Acceptable Use of IT Policies (Pupils, and Staff and Parents)

 

Size of groups for home learning

 

As in school, teaching groups may vary; including whole class, small group and where helpful and appropriate one-to one meetings with pupils.

 

We are aware of the increased level of risk around one-to-one meetings with pupils, however, there are many reasons why they would be helpful and appropriate. One-to-one sessions between teachers and pupils should follow the same guidance as one-to- one conversations in school (e.g. appropriate standards and behaviour by both the member of staff and the pupils) Teachers should never suddenly ask pupils to change to another communication platform without contacting parents first. Teachers will never ask pupils to share their passwords. Any IT issues should be forwarded to school.

Summary

The  primary  purpose  of  this  policy  is  the  continuity  of  education  for   pupils   at   The Cedars School, Aldermaston. By using existing secure school systems (Microsoft Office 365 and, specifically, Teams), this provision can be put into place quickly and pupils only need their existing login details of school email and password.

 

If there are any concerns regarding the learning content being distributed, in the first instance parents should contact the pupil’s teacher, or the Head or her Deputy for any specific safeguarding concern (please see the school’s Safeguarding Policy – available on the school website – for all contact details, internal and external).

https://www.thecedarsschool.co.uk/policies-child-protection/

 

 

The school will continue to deliver timetabled academic lessons, pastoral support to pupils remotely, using a number of secure online platforms and delivery methods. Video and audio communication will be made via a school phone or through secure school systems such as Teams.