+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 33
Network and Classroom Management Thread, Monitoring staff screens, legality etc...? in Technical; Originally Posted by shadowx I see your point but going back to CCTV, a shopping center can't legally put CCTV ...
  1. #16

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,093
    Thank Post
    592
    Thanked 1,953 Times in 1,351 Posts
    Blog Entries
    19
    Rep Power
    814
    Quote Originally Posted by shadowx View Post
    I see your point but going back to CCTV, a shopping center can't legally put CCTV up and watch you without first telling you clearly. That gives you the decision that if you go inside you give consent to be watched, if you don't give consent then you can go elsewhere. I would expect that the same applies to computer monitoring. While the hardware and software does indeed belong to the employer they are still watching YOUR actions.
    Logic like that winds me up.

    Everywhere has that, "by entering you consent". No, I [derp]ing don't. And as EVERYWHERE has it, I have no choice in the matter.

    Lots of companies with phone support are doing this as well. "We're going to record you. If you don't like it, go away."

    Eh, no. I paid for support [or it's under warranty] you can't get out of it like that. It's breach of contract. [I'm still not a lawyer.]


    Quote Originally Posted by shadowx View Post
    Who? Leadership? Give me a break...
    I'd be careful what you say. You've already said they're monitoring people.

  2. #17

    Join Date
    Mar 2010
    Location
    shadowx@AllEvil:/
    Posts
    222
    Thank Post
    12
    Thanked 28 Times in 25 Posts
    Rep Power
    14
    Quote Originally Posted by X-13 View Post
    Logic like that winds me up.

    Everywhere has that, "by entering you consent". No, I [derp]ing don't. And as EVERYWHERE has it, I have no choice in the matter.

    Lots of companies with phone support are doing this as well. "We're going to record you. If you don't like it, go away."

    Eh, no. I paid for support [or it's under warranty] you can't get out of it like that. It's breach of contract. [I'm still not a lawyer.]




    I'd be careful what you say. You've already said they're monitoring people.
    This is true, but there's no AUP in place to stop me saying it, and it's non-identifiable etc... I will consider an edit though

    The old "by doing x you consent to y" is a bit grey, but in some places it's the only real option but in a situation with paid support etc... I guess unless it's stated in the contract at the time of purchase it's a bit dodgy
    Last edited by shadowx; 11th October 2012 at 02:35 PM.

  3. #18


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,638
    Thank Post
    275
    Thanked 778 Times in 605 Posts
    Rep Power
    223
    Data protection and monitoring at work
    An introduction to monitoring staff

    And a cautionary tale: Monitoring of employee breached human rights, says European court

    And from ICO: Guidance and Information for Employers about the Data Protection Act - ICO Look at the employment practises code.

    In short, your employer is setting themselves (and you, if you're facilitating their activities) up for an interesting time ahead. At best, you'll have higher staff turnover. At worst, you'll be taken to court either by staff or ICO.

    You're not monitoring for defined reasons
    You haven't assessed the impact of said monitoring
    You haven't informed or discussed it with staff
    Your SLT have no clue as to the legality of what they're doing, nor do they appear to have asked the "what effect on morale will this have?" question
    You don't even have an AUP (so even if you find Jeff doing unnatural things to toasters, you've no recourse).

    Your plan of action should be to tell them to Stop Right Now, and read the employment practises code's section on monitoring staff. And clip them round the ear from me too.

    We monitor staff email, Internet and general network activity but we:

    a) informed them in writing what we're doing and why
    b) discussed and modified policies at staff meetings
    c) don't have a human monitoring them (automated triggers and "can we prove if X happened?" requests, plus "grab 48hrs of traffic, quickly flick through" snapshots)
    d) keep tight control on where that data is stored, processed and who it's released to.

  4. #19

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    Let's set out some key principles here ...

    Staff are employed to do a variety of things within their contract of employment and the school has a right to ensure that they are meeting this contract. This can be done via a variety of means including visiting the classroom, observing lessons, auditing lesson plans, book scrutinies, looking at logs to see if staff are accessing non-work related websites when they are meant to be working, etc

    And yes, this does include looking at staff laptops ... but there are some massive, and I do mean deal-breaker, caveats on this.

    1 - The staff may also be using the devices outside of designated work periods to look at personal and private things. This can range from personal banking, booking holidays, pictures of their children, etc ... Unless your school has a clearly agreed policy (which is backed up by the contract of employment) to say the devices can *only* ever be used for employment-related activities then you cannot guarantee that you are looking at a device to check on work and so you risking seeing things you are not entitled to see.

    2 - Even if you do get agreement that this can go ahead and staff are happy to take the risk that you might see something personal then the school is risking allegations of harassment and bullying. To some extent you can help this with policies ... and there is already precedent for this. CCTV can be used in the classroom but if you go back to how CCTV should be used in schools anyway, each time someone accesses it to view something it should be logged with a reason why, authorised by a relevant person, etc. This is a lot of paperwork, but designed to prevent abuse of CCTV systems and the same principles can be applied to other tools / services.

    3 - A key feature is about automatic monitoring. This is why tools such as Securus / Policy Central which email a designated contact about key words, etc are a good option. It is not about someone watching it permanently but more about observing breaches in agreed practice / policies. This is the same principle of email logging / monitoring at work.

    All of this forgets that these tools are there to support classroom management and learning, not to be a police-like tool. It does, however, allow for a lot of beneficial things to take place, including remote support (not just tech support but peer mentoring between staff), group training, evidence of activities to support performance management ...

    So, AUP and backup from the contracts of employment are a must. Good policies about who can access and watch things, supported by logs (paper or otherwise) and working to teh same principles as something like CCTV. IF the key thing SLT are looking at is inappropriate use then a more automated service might be more in line with being acceptable.

  5. #20

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Our LEA, when we were an LEA school, sent round an edict to all schools that there must be a clickthrough box before login to all PCs, stating that under RIPA, all communications are monitored by both them, and the SWGfL (being the upstream provider), and by accessing the machine, you agree to this. This was altered to include the school itself, as we also do monitoring.

    The only monitoring that goes on here though is at the proxy for internet, and ABTutor for students. I've also used VNC to remotely connect to laptops etc... but don't think I've ever connected to a teacher computer without notifying them first.

    The issue I think is *how* monitoring occurs - if it is fully automated logging, then no individual is being targeted Combining that with policies about how that data would then be used (eg. if accusations of porn viewing came up, etc...) should cover any possible allegation of harassment or bullying.

    The issue of home or work use is, to me, irrelevant so long as all of the above is in place - the location is never mentioned in our policies, just that our equipment is covered by our policies.

    However, we also get staff to sign a form saying they won't use issued laptops for personal use, so are covered both ways there.

  6. Thanks to localzuk from:

    GrumbleDook (11th October 2012)

  7. #21

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by localzuk View Post
    The issue of home or work use is, to me, irrelevant so long as all of the above is in place - the location is never mentioned in our policies, just that our equipment is covered by our policies.
    There is a difference between work / home as a location for doing employment-related activities and personal / work use. If an unsuspecting member of staff is using it for internet banking (which is obviously within a secure webpage and presuming no interception is taking place) then the person viewing could be looking at personal data that they have no right to view. This is also an issue for those working in multiple schools who might be accessing services in other schools from that device ... so the person viewing could see information about a student not in their school. It is worth saying these are not hypothetical concerns and have caused issues in schools previously.

  8. #22

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    Quote Originally Posted by GrumbleDook View Post
    There is a difference between work / home as a location for doing employment-related activities and personal / work use. If an unsuspecting member of staff is using it for internet banking (which is obviously within a secure webpage and presuming no interception is taking place) then the person viewing could be looking at personal data that they have no right to view. This is also an issue for those working in multiple schools who might be accessing services in other schools from that device ... so the person viewing could see information about a student not in their school. It is worth saying these are not hypothetical concerns and have caused issues in schools previously.
    I still don't see it. Our policy covers use of the school equipment (ignoring the signing a sheet saying work use only), that equipment is still ours if it is in school or out of school, and therefore the AUP covers its use wherever it is in use - if other places have their own policies regarding devices in use in multiple schools then the person working there would also need to deal with that (we have a few of these in our school - but they are part of our federation, and all schools in the federation have the same AUP). However, if the laptop is issued by us and the person has a second job somewhere, then using that computer for that other job would itself be against our AUP (much like taking it outside the UK would be too).

    So, with our policy, there is no difference between home and work locations. If the policy covered use of IT in the school (and not 'equipment owned by the school') I'd agree with you though.
    Last edited by localzuk; 11th October 2012 at 03:24 PM.

  9. #23

    Join Date
    Mar 2010
    Location
    shadowx@AllEvil:/
    Posts
    222
    Thank Post
    12
    Thanked 28 Times in 25 Posts
    Rep Power
    14
    Quote Originally Posted by pete View Post
    Data protection and monitoring at work
    An introduction to monitoring staff

    And a cautionary tale: Monitoring of employee breached human rights, says European court

    And from ICO: Guidance and Information for Employers about the Data Protection Act - ICO Look at the employment practises code.

    In short, your employer is setting themselves (and you, if you're facilitating their activities) up for an interesting time ahead. At best, you'll have higher staff turnover. At worst, you'll be taken to court either by staff or ICO.

    You're not monitoring for defined reasons
    You haven't assessed the impact of said monitoring
    You haven't informed or discussed it with staff
    Your SLT have no clue as to the legality of what they're doing, nor do they appear to have asked the "what effect on morale will this have?" question
    You don't even have an AUP (so even if you find Jeff doing unnatural things to toasters, you've no recourse).

    Your plan of action should be to tell them to Stop Right Now, and read the employment practises code's section on monitoring staff. And clip them round the ear from me too.

    We monitor staff email, Internet and general network activity but we:

    a) informed them in writing what we're doing and why
    b) discussed and modified policies at staff meetings
    c) don't have a human monitoring them (automated triggers and "can we prove if X happened?" requests, plus "grab 48hrs of traffic, quickly flick through" snapshots)
    d) keep tight control on where that data is stored, processed and who it's released to.
    Excellent links, thanks for those!

    We already have filtering and internet/email logging in place which purely logs the pages accessed by all users and the external email routing system we use keeps a log of messages sent/received but not their content. I am now wondering... would this level of logging need to be announced to staff?...It's not actually kept to purposely log staff it's just a side effect of the way the systems work really.

    CCTV can be used in the classroom but if you go back to how CCTV should be used in schools anyway, each time someone accesses it to view something it should be logged with a reason why, authorised by a relevant person
    This also rings alarm bells... At the moment the CCTV is hosted in our office, when a member of staff asks to look back at recordings we just click the buttons and what not and let them see it.... Students are never permitted to watch it unless they are supervised by an appropriate member of staff but any member of staff can, and do, come in here and watch the recordings...

  10. #24


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,638
    Thank Post
    275
    Thanked 778 Times in 605 Posts
    Rep Power
    223
    Quote Originally Posted by shadowx View Post
    Excellent links, thanks for those!

    We already have filtering and internet/email logging in place which purely logs the pages accessed by all users and the external email routing system we use keeps a log of messages sent/received but not their content. I am now wondering... would this level of logging need to be announced to staff?...It's not actually kept to purposely log staff it's just a side effect of the way the systems work really.
    Yes, it does need to be announced, particularly the Internet logging.

    Completely disregarding the legal side of things, it's good user relations for the IT Dept. Part of being a sysadmin (and all the access & responsibility that entails) is not just being honest, but being seen to be honest and above-board.

    "Hey, we do this, we do it in this way and we do it for X, Y and Z reasons" is waaaaaaaaaaaaaay better than "Shadowx secretly looks at what we're doing on the Internet" gossip in the staff room.

    That's a major reason for an AUP - it sets out rights and expectations for all parties.

  11. Thanks to pete from:

    shadowx (11th October 2012)

  12. #25

    Join Date
    Mar 2010
    Location
    shadowx@AllEvil:/
    Posts
    222
    Thank Post
    12
    Thanked 28 Times in 25 Posts
    Rep Power
    14
    Interesting... I will write an AUP pretty soon and I will put that kinda thing in there, 99% of staff are aware of it but like you said, it needs to be above board and officially set out in an AUP.

    Luckily we get on with most of our staff here which helps!

  13. #26

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by localzuk View Post
    I still don't see it. Our policy covers use of the school equipment (ignoring the signing a sheet saying work use only), that equipment is still ours if it is in school or out of school, and therefore the AUP covers its use wherever it is in use - if other places have their own policies regarding devices in use in multiple schools then the person working there would also need to deal with that (we have a few of these in our school - but they are part of our federation, and all schools in the federation have the same AUP). However, if the laptop is issued by us and the person has a second job somewhere, then using that computer for that other job would itself be against our AUP (much like taking it outside the UK would be too).

    So, with our policy, there is no difference between home and work locations. If the policy covered use of IT in the school (and not 'equipment owned by the school') I'd agree with you though.
    You have a well-considered AUP ... not everyone is in this position or would be able to have all staff meet it. Does your AUP clearly state that any personal information on or viewed using the devices might be accessed by authorised members of staff within the schools? What if you see confidential information that you have no right to? This would be a data breach by that individual and so should be reported to someone ... do you have a policy or procedure which covers this and ensures that it is done?

  14. #27

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by shadowx View Post
    This also rings alarm bells... At the moment the CCTV is hosted in our office, when a member of staff asks to look back at recordings we just click the buttons and what not and let them see it.... Students are never permitted to watch it unless they are supervised by an appropriate member of staff but any member of staff can, and do, come in here and watch the recordings...
    The Wiki has some sample policies around CCTV School Policies - Wiki ... in need of an update now (when I get round to it!). The ICO has a very good section on CCTV too.
    CCTV - Guidance for Organisations - ICO

  15. Thanks to GrumbleDook from:

    shadowx (11th October 2012)

  16. #28

    Join Date
    Mar 2010
    Location
    shadowx@AllEvil:/
    Posts
    222
    Thank Post
    12
    Thanked 28 Times in 25 Posts
    Rep Power
    14
    Quote Originally Posted by GrumbleDook View Post
    The Wiki has some sample policies around CCTV School Policies - Wiki ... in need of an update now (when I get round to it!). The ICO has a very good section on CCTV too.
    CCTV - Guidance for Organisations - ICO
    Thanks for the links, about to head off home now but will have a read tomorrow. Draft version of the AUP is made too so it's been a fairly productive afternoon

  17. #29

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,286
    Thank Post
    225
    Thanked 405 Times in 302 Posts
    Rep Power
    162
    A union would have a field day if something were to come about from a member of SMT monitoring staff with no policy, AUP, forewarning or knowledge!!

  18. #30

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,922
    Thank Post
    709
    Thanked 551 Times in 366 Posts
    Blog Entries
    3
    Rep Power
    204
    Hi

    First I am no fancy city lawyer so won't go into legal side. However....

    Impero has solved this if want to get approval from person you are monitoring. Create a staff user group in Impero and then under group properties you can under action on remote control choose a number of options disable, ask and auto deny and ask and auto allow.

    Secondly under group properties can make Impero workstation disable itself and again can be done for just certain users by using user groups.

  19. 4 Thanks to russdev:

    Griff (4th March 2014), GrumbleDook (12th October 2012), shadowx (12th October 2012), speckytecky (11th October 2012)

SHARE:
+ Post New Thread
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Monitoring Staff after Training/INSET
    By TonyR in forum Courses and Training
    Replies: 2
    Last Post: 18th April 2011, 12:39 PM
  2. Network Monitoring Display Screen
    By mitchell1981 in forum Wireless Networks
    Replies: 12
    Last Post: 18th August 2010, 08:48 PM
  3. Ranks and staff etc ?
    By mac_shinobi in forum How do you do....it?
    Replies: 12
    Last Post: 19th January 2006, 08:33 AM
  4. Monitoring of Staff and Student files and emails
    By mark in forum School ICT Policies
    Replies: 12
    Last Post: 12th July 2005, 12:01 PM
  5. Use of domain password (& staff AUP, etc.) ;)
    By mark in forum School ICT Policies
    Replies: 22
    Last Post: 29th June 2005, 02:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •