Daily Blog Your Health Records Revealed Celebrities on Prozac
Facebook Statistics (December 2013): FB had 1.23bn monthly active users worldwide 757m users log on to FB daily 556m people access FB via smartphone or tablet. Average user has about 200 friends Age 25 to 34, at 29.7% of users, is the most common age demographic 50% of 18-24 year-olds go on FB on waking 35+ demographic growing rapidly
Legal Framework Statute Common Law/Equity Contract/Agreements/policies & procedures Personal decision making
The Privacy Act 1993 Promotes and protects individual privacy Data protection rather than physical intrusions into privacy 12 privacy principles Industry specific codes of practice Understanding Privacy Privacy Act 1993
Privacy v Confidentiality Privacy –Principles to guide the amount of control which an individual can exercise over his or her personal data –Collection, storage, use and disclosure of personal information and the right of access and correction Confidentiality –Information which is confidential or secret –Given and received in confidence –Authorisation or emergency situation which will allow it to be disclosed
Privacy v Confidentiality “ Teachers will strive to … protect the confidentiality of information about learners obtained in the course of professional service, consistent with legal requirements.” “In relation to parents/guardians, and the family/whānau of learners, teachers will strive to … respect their privacy” “In fulfillment of their obligations to the teaching profession, teachers will strive to respect confidential information on colleagues unless disclosure is required by the law or serves a compelling professional purpose.” NZTC Code of Ethics for Registered Teachers
Understanding Privacy Privacy is not secrecy or confidentiality Privacy is wider than security Privacy is about controlling one’s personal information
Personal Information privacy is about people any information about an identifiable, living, human being (not companies). it does not have to be ‘sensitive’. Even if information is widely known, it is still personal information.. Understanding Privacy
Every agency must appoint a Privacy Officer: To ensure agency complies with the Act To deal with requests made to the agency about personal information To work with the Privacy Commissioner’s Office Privacy Act Act of Parliament Regulation ********* >
Privacy Framework 1.Only collect personal information if you really need it. 2.Get it straight from the people concerned. 3.Tell them what you’re going to do with it. 4.Be considerate when you’re getting it. 5.Take care of it once you’ve got it. 6.People can see their personal information if they want to.
7.They can correct it if it’s wrong. 8.Make sure personal information is correct before you use it. 9.Get rid of it when you’re done with it. 10.Use it for the purpose you got it. 11.Only disclose it if you have a good reason. 12.Only assign unique identifiers where permitted. Privacy Framework
Collection principles 1 - 4 Purposes: lawful and necessary From person concerned: unless an exception applies Transparency: fact of collection, purposes, who sees the information, where it is held, compulsory/optional questions, right to access and request correction Lawful and fair collection
enabling discipline/behaviour management programmes reporting/disclosing information to government bodies etc for funding providing accurate information for proper and safe student transfer maintaining alumni records marketing/public relations maintaining school websites administration & planning of human resources
An agency that holds personal information must take reasonable security safeguards to protect against: loss unauthorised access, use, modification, disclosure other misuse what is reasonable?
If information is readily retrievable people have a right to: confirmation whether the agency holds information about them; AND have access to the information.
Form of request – written or oral Individuals can appoint agents Precautions to be taken by agency Properly authorised written authority Satisfactory identification of individual Note request from a parent/guardian is: 3 rd party request: can the information be released under IPP 11? Respond within time limits: as soon as practicable 20 working days
Good reasons to withhold information from an individual: ss 27-29 of the Privacy Act 27(1)(c) – prejudice maintenance of law 27(1)(d) – endanger safety 29(1)(a) – unwarranted disclosure of 3 rd party’s affairs 29(1)(b) – evaluative material, defined in s29(3) 29(1)(d) – contrary to interests of person under 16 29(2) – not readily retrievable / cannot be found / does not exist
Individuals have a right to request correction; or have a statement of correction added. Agency must either: make the changeattach statement inform the individual and any recipients of the information
Before using personal information, an agency must take reasonable steps* to ensure it is accurate, up to date, complete, relevant, not misleading *what is reasonable will depend on the proposed use Retention principle 9 Personal information must not be retained for longer than is required for the purposes for which it may lawfully be used.
Personal information obtained for one purpose must not be used for another purpose unless the agency believes, on reasonable grounds (for example): Other use authorised by individual Other purpose is directly related purpose for which information was collected initially *many exceptions mirror principle 11
What is it? A code or number that is assigned to a person by an agency which uniquely identifies the person in relation to the agency. An agency may only assign one if: Necessary to carry out its functions Person’s identity is clearly established *Must not use identifier assigned by another agency.
Disciplinary investigations Reporting to parents/guardians Lawyer for child Transfer of records Counsellors and health information Classroom activities Volunteers IT CCTV Police
Increased use of BYODs in schools Compulsory or voluntary? Impliedly accepted in Education Act (search and surveillance) Cost of curriculum related material Discuss Ombudsman enquiry into workbooks Risk in making it compulsory Can the student learn the course/master the course without it? “Take home” argument
Does BYOD integrate with existing systems? Is there any cost to integration? Should only certain devices be used? When/how should staff use a BYOD to access data? Any restriction of use? (NB: note Health & safety) What security do you expect for the BYOD? Can third parties access data on the BYOD? What are the privacy settings and security protocols (including encryption, passwords) in play? Any training needs around use of BYOD?
Who pays for data use? How is this measured between school & home? Are there any limits to wi-fi access? Do students understand search & surveillance? Can you search teacher BYODs? What do staff/pupils need to do in the case of a lost/stolen/hacked BYOD? Must they be capable of remote wiping/locking? What is the policy for exiting staff/pupils and wiping data as well as removing access to data?
Battison v Melloy Lucan Battison was suspended from St John’s College for failing to comply with requests to cut his hair from the school’s principal, Paul Melloy. School rule: school’s uniform includes “hair that is short, tidy and of natural colour. Hair must be off the collar and out of the eyes. (Extremes, including plaits, dreads and mohawks are not acceptable)”. Lucan’s hair was collar-length and was tied back. Education Act penalties: match offending, minimise disruption to a student’s attendance at school natural justice decision is objectively reasonable.
In this case: No other options were considered red other than suspension Offence not serious enough for suspension (which is last resort): avoid disruption Lack of certainty round rule inconsistent with the St John’s School Charter, which states that “every student is unique, is made in the image of God and is treated with reverence”. Note: Need clear, certain rules as to what is, and what is not, permitted and the process which will be followed when suspension is being contemplated or undertaken Note: Failure to engage in mediation