We filter staff through the same proxy when they're using networked workstations, but their laptops just get filtered by the ISP.
It's useful for them to know what the students can and can't access, and that way they can ask for something to be unblocked if it is a real resource!
^^^ I won't say i told you so.... but when it comes to policy..... ;-P
everybody knows Tony's nickname is 'the policy-badger'
We have just moved over at county (yesterday actually), from a sytem where staff were completely unfiltered to a system where they are filtered just as much as the kids. This has gone down very well indeed as you can imagine!
The reason was one highlighted above, if nobody can access anything that they are not supposed to then nobody can moan about being accused of anything. Apparantly we have had several members of staff on several sites already moaning about not being able to access facebook
Our staff have always had the same access as the kids, this is done via RM filtering and our own ISA server, for one thing it saves the hassle of teachers planning a lesson around a web site only to find that the kids can't access it. We've recently had a few teachers wanting us to get them videos from youtube though so we're now using a two tier approach on the ISA server - there's now a staff only 'allowed' list of sites that are blocked for the kids, at the moment there's only youtube on it but it may grow in the future (but it won't be including bebo, facebook etc)
After a quick exchange with a very helpful person at Becta (Thanks Jon) I have the following.
Similar to the way we have spoken about packet / traffic filtering within your own school network the key to this is the AUP and making sure that all staff are aware of what is going on and being both consistent and transparent. An important factor to remember that in the eyes of a service provider staff members are 'users', admittedly they may have different requirements to other users such as students, but in the same way that students may require different levels of filtering (KS1-KS2-KS3-KS4-KS5-Adult Learners) we may also have to tailor appropriate filtering and access.
If we first take the Safeguarding children in a digital world: Developing an LSCB e-safety strategy document (Local Safeguarding Children Boards) in particular section 3 (developing an e-safe infrastructure) as well as looking at AUPs and dealing specific incidents.
If we look at dealing specific incidents the biggest one I can point to within this document is dealing with allegations. The section of 'Responding to allegations made online' demonstrates the need for all adult communication and access within a school to be monitored, filtered and logged. This is for the protection of staff against allegations and to allow for legal investigations into such allegations. If you look no further this is an important arguement for staff monitoring and logging. We should have monitoring and logging even if we allow them unfiltered access ... and remember that unfiltered may only be the lowest available level depending on your connection to an ISP / RBC. We also have to remember that RIPA applies to some extent. We talked about this today within the EMBC and we should remember that the monitoring and checking of files and traffic is perfectly ok when it is your job to do so! The issue comes when giving *anyone* access to information. Should the local scout master want to check what one of his troop has been up to, then it is not appropriate to release this information ... the same way if a Union wants information then RIPA applies. The police and council (if it is not the section that already has rights to this information) want to see things then RIPA comes into force.
Then we go on to E-safety (revised). Whilst this document as been around a bit Jon has pointed out the handy checklist in Appendix 3 ... pages 48 and 49 have details specific for staff. Again, brilliant information for those needing staff to sign AUPs.
Jon also highlighted areas from the ICO that are relevant to monitoring as well.
Pages 53 - 72 of the employment practices code that Jon mentions above has a number of good references to automated, electronic monitoring. From page 55 ...Employers and the Data Protection Act - Organisations - ICO
See section 5, pages 11-14 of the quick guide available at the above link. More detailed advice is provided on pages 53-72 of the full data protection employment practices code, also available here.
shows that the DPA does cover monitoring employees but it has to be targeted for a particular reason. As with all data it has to be used for a specific purpose and only authorised controllers should be accessing this information and soley for the purpose stated. The recent additions to the wiki about CCTV are another example of recording information electronically has to be controlled, for a specified purpose and accessed by authorised people.
- using automated checking software to collect information about workers, for example to find out whether particular workers are sending or receiving inappropriate e-mails
In the event of staff filtering of emails and internet this means that the automated systems will remove a large element of this, the software is doing this for you and you are solely looking at the exceptions ... the areas that are automatically flagged up as in breach of a set of rules (those in the AUP). This is a reasonable use of the information under the AUP.
I am still reading (well ... re-reading actually) the docs Jon pointed me at and comparing them against the recent AUP stuff on the wiki. If there are any changes I will let people know.
Another thing to remember is that there has been a large push on eSafety in most LAs (across all RBCs and LAs really) so it may be that your local AUP has been updated. Please check this for information about AUPs for users other than children and young people ... ie staff, adult learners, etc. Most LAs have updated there AUPs due to the push of ThinkUKnow from CEOPs too ...
So, actions ...
- Create an AUP that covers all users, either as a whole body or by splitting references to students, staff, other adults (eg governors, adult learners, etc) and other agencies that may use your facilities
- Publish your AUPs and make sure that you get signatures from *all* people who use your facilities.
- Publish those who have access to the information and procedures involved in dealing with information found.
- Ensure that you have all your procedures tied in together, as they should all be tied in together ... disciplinary, grievance, data protection, etc.
I hope this covers most things ... if there is anything else let me know. I have passed the thread on to a few others to have a look too.
TronXP (20th June 2008)
There are currently 1 users browsing this thread. (0 members and 1 guests)