School ICT Policies Thread, Legal Position on this situation in School Administration; What is the exact legal position in the following situation;
member of teaching staff alows pupil to log in as ...
4th June 2008, 11:09 AM #1
Legal Position on this situation
What is the exact legal position in the following situation;
member of teaching staff alows pupil to log in as them so that they can use the internet (the pupil is banned from playing games)
BTW the school as yet dosn't have a policy about this thats why i would like to know if/what the legal position is i.e. data protection etc..
From this i will be able to create a policy for the SLT to decide upon.
4th June 2008, 11:25 AM #2
Aside from the legal position, this pupil (I assume he's been banned from playing games because he ignored instructions to stop) will have access to all that teacher's work and possibly sensitive material, with all the consequences that follow, such as being able to delete files and folders.
I'm not sure how the Data Protection Act (DPA) will work here, but my assumption is that the teacher will be responsible to some extent for giving him access to his area.
I know similar incidents happen here, despite staff being told not to do it.
Of 109 AUP's being handed out last September to all staff with laptops, 35 haven't been signed and returned yet.
4th June 2008, 11:32 AM #3
- Rep Power
Shouldn't be done. If you search hard enough on here you will find people deal with it in different ways depending on the authority they have. The pupil has not been given permission to access the network as a member of staff. Ok the actual member of staff has given the pupil permission, but if like most networks, this also provides information that is restricted to staff members only. A pupil logging on will be able to see everything that a teacher can see(potentially private information about pupils which should be available for all staff only) I'm sure you could make a case for breaking the computer misuse act (if you search for this on here you will find many similar questions) and both parties are probably at fault
Others will probably be able to give you a better answer than I can give, but personally I think that both parties should have their accounts temporarly banned(at least internet access) to make the point that this is a serious offence. Unfortunately I am not in a position to ban staff members(even though I really want to) this would be up to senior management to decide depending on the offence.
If you haven't got any policies in place there is probably not a lot you can do. But are you saying that no one signs an acceptable use policy when they join the school? If so you need to get one ASAP to cover for such actions. Or are you asking for a policy which specifically covers pupils using staff accounts?
Last edited by pallen; 4th June 2008 at 11:36 AM.
4th June 2008, 11:33 AM #4
You need an AUP and fast. I suspect that unless it is written down that users may not share their logon with anyone, you have no case against the staff member concerned.
Only yesterday I was training new staff members and pointing out that using somebody else's logon was a disciplinary offence. They looked shocked, but it's in the AUP.
Hopefully someone like Grumbledook will be along soon who knows a lot of the legal side.
4th June 2008, 11:41 AM #5
Thats why i need a "legal" definitian so that i can create an AUP for Staff. The legal bit is the frightner so to speak.
Originally Posted by elsiegee40
4th June 2008, 11:43 AM #6
In the absence of a policy the Head Teacher is legally responsible for the member of Staffs action. This includes a large fine when prosecuted for a DPA violation.
4th June 2008, 11:44 AM #7
Some of our teachers do this as well and we can't stop them as they say it makes their job easier...
Originally Posted by e_g_r
4th June 2008, 11:46 AM #8
Lock their accounts until they do return them.
Originally Posted by beeswax
4th June 2008, 11:48 AM #9
Thats where the problem lies. Kids have a legit ban but other staff need them to have access.
Originally Posted by Grommit
4th June 2008, 11:55 AM #10
Remember under the Data Protection Act the school has to make sure all reasonable measures are put in place to prevent the missuse of data stored on its servers. Because this member of staff is letting students use their login, which creates the opportunity for data missuse and the school is now aware of it, I think you'd be well within your rights to restrict down their rights on the system to ensure the school is complying with the act.
That's just one angle you might like to take, but I'd get your SLT to authrise any such action as well as making them fully aware of the potential repercussions of things like this.
4th June 2008, 12:01 PM #11
- Rep Power
If you are allowing people to access your network, they should abide by your rules. If you state that there should be no sharing of accounts then it should not happen. As elsiegee40 has said if you have it in your AUP everyone will know about it and breaking your rules means they should get whatever your SMT has deemed an appropriate punishment.
If it is in black and white, no one can argue. Get an AUP and fast, even if it means you have to put a provisional one on your intranet while SMT finalise it.
4th June 2008, 12:24 PM #12
Also be aware that if you have no AUP, the LEA security policy usually clicks in as being the rule of law. So you might want to get a copy of that and see what it says.
4th June 2008, 02:43 PM #13
The AUP should be part of the whole school policy, in the same way that your school's pay policy, behaviour policy, etc are. Get an AUP properly written out and accepted by the board of governors, and then get the school to inform all staff that it has become part of their contract (although if their contract already says they have to follow all school policies, which it probably does, then you just need to publish the new policy to the staff). That way there'll be no need to get anyone to sign anything (unless they disagree with it).
As far as I know, under UK law you don't have to sign a new employment contract for it to become legally binding - if you don't disagree with it in writing (within 3 months) it becomes your new contract.
4th June 2008, 03:40 PM #14
Bit OTT but if you want hit them with the good old Computer Misuse Act. Unauthorised use of a network. Yes the student has been authorised by the member of staff but they don't have the authority to grant that access.
4th June 2008, 05:12 PM #15
Just been doing a bit of reading on this and apparently my previous posting is not quite correct: you should make the AUP part of the whole school policy but NOT make it part of the staff contract of employment. Apparently then you can amend it without the employees needing to agree to it (see http://www.infosec.co.uk/ExhibitorLi...our_AUP_20.pdf for more info). You shouldn't need to get staff to sign it however since they've already agreed to abide by the whole school policy by taking the job in the first place.
Last Post: 15th March 2008, 01:37 AM
By crazy in forum EduGeek Joomla 1.0 Package
Last Post: 11th January 2008, 06:28 PM
By sqdge in forum Web Development
Last Post: 5th December 2007, 02:46 PM
By budgester in forum Educational IT Jobs
Last Post: 10th October 2007, 03:37 PM
By openhgs in forum Educational IT Jobs
Last Post: 20th March 2006, 10:33 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)