Office 365 and e-safety
My head teacher has asked me for advice regarding e-safety in terms of student email, is there any reason why Office 365 emails are not e-safety compliant? I presume being designed for education it would be, but just double checking
Thanks as always,
In what way are you worried about eSafety compliancy?
We use Google Apps, so I am not sure exactly what monitoring tools are available within 365 for checking what is sent by who to whom, including checking content.
However, those controls are there and satisfy a huge number of schools.
Are they any more effective than what you have at present? I don't know. I do know that any system is only compliant if there is effective management of the users through policy and its consistent application!
The bigger issue to my mind is Data Protection law.
I am trying to summon @GrumbleDook who is the legal eagle onhere on such matters.
The term 'e-safety compliant' is a bit of a misnomer here because there is not an accreditation or standard at the moment for emails services in schools.
The best you can say is that it meets your needs against a rigorous risk assessment covering a range of safeguarding requirements.
This, however, means you have to work out what your requirements are as a school and the check O365 meets them.
There are lots of good blog posts on the UK Education cloud blog on Microsoft. Have a search through for those covering IL-2 compliance, segregation of GALs and routing of messages, the use of language filters, etc.
Then also look at the 3 services you get with O365 (ExchangeOnline, LyncOnline, SharePointOnline) and decide which services give you which tools that may have more risks than others. Do you need students to have Lync? How do you feel about students and staff having an online storage space that you have no technical control over?
To some extent there are no obviously right or wrong answers ... and also remember that technology does not have to solve all your problems on its own ... Policy and procedure also cover a lot, but you have to accept that if you provide a service and force learners to use it then you have a large element of responsibility for actions on it, even outside of school premises and hours.
Microsoft UK Education Cloud Blog - Learn About Office 365 Education - handy link! :)
Originally Posted by GrumbleDook
Can I get this tattooed please? I couldn't agree more with you.
Originally Posted by GrumbleDook
I am responding in case US users find this thread in the future. In the US, we have pretty strict laws about accounts for students under 13 years old, called COPPA. Office 365 does follow COPPA very closely, and you can also request HIPAA-BAA certification, which is another law that covers data privacy of student information. So, I am very confident in Office 365's "safety", more so than Live@edu or Google Apps. Google is actually the subject of a federal lawsuit in the US regarding this issue.
Originally Posted by altonPM
In the UK this has sometimes led to some confusion about why there are conditions (cascaded from the EU) about the age of 13. *Here* it is to do with data protection! in the US it is defined by protection laws.
Some areas are illegal in the US, but merely breaches of T&Cs in the EU.
The number of people that mistakenly say it is breaking the law to be under 13 and using FB, etc ...