+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
School ICT Policies Thread, IT Support Privacy & Confidentiality in School Administration; We have produced a policy which is agreed to by myself and my colleagues entitled "IT Support Privacy and Confidentiality ...
  1. #1

    Join Date
    Sep 2007
    Posts
    181
    Thank Post
    4
    Thanked 2 Times in 2 Posts
    Rep Power
    15

    IT Support Privacy & Confidentiality

    We have produced a policy which is agreed to by myself and my colleagues entitled "IT Support Privacy and Confidentiality Policy".

    Basically it states that we don't look at their stuff, and if we see it accidentally, we ignore anything we read and don't act upon it in any way.

    If we NEED to open someone's home directory or mailbox, we only do it with their permission and record it in a log book stating who provided permission.

    Does anyone else have a policy and procedures simnilar to this?
    Last edited by AnnDroyd; 11th May 2008 at 09:22 PM.

  2. #2
    skunk's Avatar
    Join Date
    Mar 2006
    Location
    North West
    Posts
    311
    Thank Post
    88
    Thanked 40 Times in 33 Posts
    Rep Power
    30

    Re: IT Support Privacy & Confidentiality

    The staff at your school should be aware that the school owns all electronic communications made from the school and that the Head and their appointed repesentatives (you) have access to their electronic communications.

    It is nice that you log it, but not strictly necessary. The other staff should assume you behave in a professional manner just as you assume they do. Or to put it another way, just because they behave in an unprofessional fasion does not mean everyone else does.

    You should have an ICT Acceptable Use Policy, agreed by the governors, SMT and Unions, within the school which covers all of this. If not suggest the school contacts their LA for a recommended one.

    Skunk

  3. #3

    Join Date
    Mar 2007
    Posts
    307
    Thank Post
    3
    Thanked 9 Times in 8 Posts
    Rep Power
    17

    Re: IT Support Privacy & Confidentiality

    Why do you need this document? I dont see why you need to reassure people. We are all professionals and as such our job concerns what is stored on the network. As a professional I would only look at someones files if i thought there was a reason too and not just because I could. If you want a policy written to cover you for any reason then that is a different matter. Our acceptable use policy states that the network is provided by the school for school work. As such anything stored on it can be checked for content.

    I'm sure this subject has been covered somewhere on here before and I'm sure someone will point it out?

  4. #4

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454

    Re: IT Support Privacy & Confidentiality

    Quote Originally Posted by jwood
    We have a policy which is agreed to by myself and my colleagues entitled "IT Support Privacy and Confidentiality Policy".

    It's written by ourselves to try to reassure people that we don't sit in front of a server reading their emails and documents all day!

    Basically it states that we don't look at their stuff, and if we see it accidentally, we ignore anything we read and don't act upon it in any way.

    If we NEED to open someone's home directory or mailbox, we record it in a log book stating why it was necessary and which member or SMT or owner gave us permission.

    Is this an appropriate way to provide assurance that we act in a professional manner as far as other peoples privacy is concerned?
    What about the students do you not check what is in there areas?

  5. #5

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,885
    Thank Post
    518
    Thanked 2,489 Times in 1,930 Posts
    Blog Entries
    24
    Rep Power
    839

    Re: IT Support Privacy & Confidentiality

    I'm afraid, that on our systems staff and pupils do not have 'privacy' - the servers are there for one purpose and one purpose alone - to be used in teaching and learning, and to aid that process. Anything stored on them is accessible by the SMT on demand and by myself whenever I see fit - for example to cull mp3 files that shouldn't be there.

    The concept of saying that they have privacy simply doesn't come into it as far as I'm concerned. However, this does not mean I simply go reading people's files. I act professionally and only do what I need to do for my job.

  6. #6

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,952
    Thank Post
    1,346
    Thanked 1,800 Times in 1,118 Posts
    Blog Entries
    19
    Rep Power
    597

    Re: IT Support Privacy & Confidentiality

    We say to staff ... the laptops, the servers, the internet connection, the printers and consumables ... they are all paid for by the college. If we do not ave reason to believe you are taking the mickey we will not start being the thought police. (We previously had to lock down 'Net access for admin staff as they were truly taking the mickey by using the online music stations ... all day long ... about 10 different ones! ... not including some nice little money earners buying and selling on ebay!)

    To Students we say ... all school equipment is there for the benefit of your education. Abuse it and you lose it.

    We tell all what we have the ability to do to ensure that we are happy that noone does take the mickey ... and students know that when their 1.7GB collection of Manga pdf files goes ... it is because we are not happy with them abusing things. It is usually followed up by a friendly warning ... then a not so friendly removal of email and lock down of net access ... and finally a locked down login that only gives them access to run word, excel and powerpoint.

    We have the power but we only used it when seriously required.

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: IT Support Privacy & Confidentiality

    Be aware that if you do stumble across some types of content (ranging from bullying to child porn and everything in between) you have a duty to report it to the SMT/Police/etc.

  8. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454

    Re: IT Support Privacy & Confidentiality

    Quote Originally Posted by jwood
    Surely your servers are also used for administrative purposes, and therefore may contain medical, personal, personnel and disciplinary details which are none of your business to be reading? That's why I think it's important to install confidence that IT staff do not read files in other people's folders.

    As far as kids are concerned, we need to control what they are downloading, saving and sending to their friends to a point, but there's no reason to be trawling through their emails just because we can.
    Course you should check them, it is possible that one of the children could be a potential victim of paedophilia via the internet what unfortunately seems to be a common recurrence. When you work at a school you have a duty to look after the children who attend.

  9. #9
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: IT Support Privacy & Confidentiality

    All of this is covered under the Data Protection Act & RIPA Act which your school is subject to.

    We have an acceptable use policy at our school that runs into 65 pages for both staff and students and basically says the we reserve the right to monitor, intercept, and access any electronic communication or file that passes over the network.

    But as GrumbleDook says as long as they don't take the mickey they have nothing to worry about.

    In 3 years I have never had a member of staff or student question the AUP and it is also revised on an annual basis.

  10. #10

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,952
    Thank Post
    1,346
    Thanked 1,800 Times in 1,118 Posts
    Blog Entries
    19
    Rep Power
    597

    Re: IT Support Privacy & Confidentiality

    Quote Originally Posted by FN-Greatermanchester
    Quote Originally Posted by jwood
    Surely your servers are also used for administrative purposes, and therefore may contain medical, personal, personnel and disciplinary details which are none of your business to be reading? That's why I think it's important to install confidence that IT staff do not read files in other people's folders.

    As far as kids are concerned, we need to control what they are downloading, saving and sending to their friends to a point, but there's no reason to be trawling through their emails just because we can.
    Course you should check them, it is possible that one of the children could be a potential victim of paedophilia via the internet what unfortunately seems to be a common recurrence. When you work at a school you have a duty to look after the children who attend.
    That almost sounds as if you are saying we should look at every single file and read every single email just in case ...

    This is neither practical or reasonable. That is what filters were created for and that is why most schools employ someone as Child Protection Officer. If you want to do your best for duty of care for the student make sure you work in concert with the CPO as they have been on a heap more courses than you or I are liely to have been on, and will be able to say what is reasonable on the grounds of eSafety.

  11. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,885
    Thank Post
    518
    Thanked 2,489 Times in 1,930 Posts
    Blog Entries
    24
    Rep Power
    839

    Re: IT Support Privacy & Confidentiality

    Quote Originally Posted by jwood
    Surely your servers are also used for administrative purposes, and therefore may contain medical, personal, personnel and disciplinary details which are none of your business to be reading? That's why I think it's important to install confidence that IT staff do not read files in other people's folders.

    As far as kids are concerned, we need to control what they are downloading, saving and sending to their friends to a point, but there's no reason to be trawling through their emails just because we can.
    We are all covered by the Data Protection Act, and as such we legally have to follow it. You don't need a policy to cover something that is already covered by the law.

  12. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,058
    Thank Post
    888
    Thanked 1,731 Times in 1,494 Posts
    Blog Entries
    12
    Rep Power
    454

    Re: IT Support Privacy & Confidentiality

    Well obviously you can't check everyone’s E-mail, but it does help if you check suspicious E-mails.

  13. #13

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,952
    Thank Post
    1,346
    Thanked 1,800 Times in 1,118 Posts
    Blog Entries
    19
    Rep Power
    597

    Re: IT Support Privacy & Confidentiality

    The policy is not just there for your piece of mind but to also inform staff of your duties in accordance to the DPA, FoIA and other such pieces of legislation.

    However, the DPA does not cover the reading of all emails, something which when you do it for a student or group of students you could be accused of gaining information prior to grooming (there are cases about this!).

    If you take Jonathon's view he wants to make sure that staff and students are aware that they, and the school, are taking reasonable steps to make sure that information is only accessed when appropriate (something that is covered in the DPA) and that they log it (good working practices).

    There are many laws that apply to schools but we still sign pieced of paper to say that we agree with what the school is commenting on or rules it has set out.

    IMHO this seems no different to signing to say you agree to abide by H&S rules of the school ... something that is embedded in most job contracts.

  14. #14
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76

    Re: IT Support Privacy & Confidentiality

    IMHO, if you need your department to sign a specific piece of paper to re-assure staff that you're working and not just sitting there reading their emails, then you have a wider trust/confidence issue (and in that situation, the presence of that bit of paper probably does nothing to reassure them).

    Our users (staff and students) know that we can see everything in their area, plus their Internet activity (and putting the occasional sacrificial lamb in detention helps to re-iterate this!), however they also trust that we don't go looking unless we need to. Our AUP (plus the DPA) states, as many others already listed, that the resources belong to the school and will be used how we see fit.

    For staff, this includes checking the contents of areas / Internet activity if we believe that resources are being misused or that something inappropriate is happening (either child protection related, or simply time wasting) but does not include looking at their holiday snaps because we think their daughter is cute. With students, we will always check their areas before granting extra space and we run monthly web-activity reports on all the students.

    (do I over-use brackets, by the way?)

  15. #15
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76

    Re: IT Support Privacy & Confidentiality

    I agree, however does it really need another policy document? How about an AUP line which reads "IT Staff, the SMT and others at their discretion can view files and Internet activity in accordance with the requirements of their job" or something similar...

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. IT Support
    By tatty14 in forum How do you do....it?
    Replies: 5
    Last Post: 7th November 2007, 08:54 AM
  2. Support
    By tonto in forum MIS Systems
    Replies: 3
    Last Post: 2nd April 2007, 02:49 PM
  3. Projectors and Privacy
    By TechMonkey in forum How do you do....it?
    Replies: 8
    Last Post: 11th July 2006, 09:34 PM
  4. x64 Support?
    By indie in forum Learning Network Manager
    Replies: 6
    Last Post: 16th January 2006, 02:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •