• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00

Best Practice Update

hand holding a mobile phone with social media icons on it. Litus Digital logo and Data Protection Education logo. Guardians of Privacy: Navigating social media in educational settings in blue text.  A series of articles about social media, privacy and schools in black text.  Coloured pencils at the bottom

Guardians of Privacy: 6. Posting Safely

This article is one of a series written by Data Protection Education in collaboration with Litus Digital, a social media management company.  The articles came about from questions asked by Data Protection Education's customers, our own experience of working in education,  as school governors, parents and data protection professionals.  The articles raise questions about how social media can be used as safely as possible in a school environment,  security considerations, the law and protecting children.  It is not possible to cover every aspect of social media, but the articles aim to provide guidance, raise privacy questions and provide some support for safe posting.

    The sixth article in this series covers some suggestions for 'safe posting' to preserve privacy.

    When thinking about safe posting, it is worth considering the reasons that schools have for wanting to post:

    • Information purposes, i.e. to advertise an up and coming event
    • Information about the school, to advertise for new places
    • Celebration of achievements both academic and sporting events
    • Celebration of work
    • As a another media for sharing with parents

    Taking all of the above in account it might seem very difficult to try and post on behalf of an organisation, especially when the data subjects are children and the posts involve information about the children.

    If good housekeeping around post retention and account management is documented and carried out, then ensuring the posts are safe is the next step. The safest way is not to post identifiable images or information of children directly.  Although seemingly an unhelpful statement, it is the safest way to ensure that their identities are safe and there is not withdrawing of consent or inappropriate images. Buildings, children’s art work (with no names) etc could be posted.  This can work for marketing type posts where the school or an even is being advertised.  Physical security of the school site should be taken into account when posting any photos about the school building or site.  This includes information on walls and desks.

    However, when celebrating achievements this can be a bit trickier as sometimes both the parent/carer and the data subject do want to be identified as part of the achievement and may also wish to re-share or post that information themselves as part of the celebration.  In this instance, the child’s work could be posted or hands holding the work, without any identifiable information such as the child’s name or face.  With a sporting achievement, for example, football, posting feet around a football might be a good alternative.  In these instances, consider whether posting on social media is the appropriate channel and whether it might not be better communicated over parent comms or a virtual learning platform where the recipient has a login.

    • Anonymous posts:
      • Awareness Days: these are national awareness holidays and observances that are special days, weeks or months dedicated to raising awareness about important topics, such as Cancer Awareness. These don’t need to be specific about your organisation but can engage audiences to your pages.
      • Buildings, and rooms. When photos are taken in classrooms or offices for posting, be sure to check what is in the background or on the walls in case private and confidential information is on display.
      • Hands and feet, backs of heads.
      • Art work (not named)/celebration achievements, trophies, footballs.
    • People: When posting a child’s location, such as in front of the school, the organisation should consider that the Children’s Code sets the default privacy setting to high for any online application used by children which includes having the geolocation turned off.
    • Groups: In the case of posting a group of children it can become more complicated, and is often when a data breach might occur, i.e. when a child is posted and there is no permission for it. Whole school assembly videos should be avoided given there is always someone in the school that does not have permission to have their photo taken and likely doesn’t have consent for their photo to be posted – please note, these are two different consents.  Videoing the whole school/class even if the back of children’s heads are filmed, doesn’t mean that children cannot be identified.
    • Secure/confidential posting: If the information is purely for parents, consider if a secure online platform is already available to the staff and parents where confidential information can be shared, such as an online learning program i.e. Seesaw/Tapestry. This way someone requires a login to access the information and it is then only available to those that should have access to it.  This means that links cannot be forwarded to anyone else without access to the platform. If someone takes a screenshot after that event, that is out of the control of the school, but essentially the school has done everything it can to keep that information private. 
    • Public spaces: Public spaces are open for all to take photos and post from. So be wary if you have taken a group of children to a local park, for example for Forest School, members of the public could legitimately take photos and post them on social media. Older students may post these as well.
    • Residentials: Residentials are often posted as a way of informing parents that everything is OK while their child has been away for a few days. Again, this can be done without lots of photos of all the children.  Caution should be taken given other residents are often at the site and may not wish to be posted on social media.  Consider applying Article 5 (1)(c) – Data minimisation to posts. This means  just limiting to what is necessary.  In the example of residentials it might be appropriate to have a generic post to social media to say everyone has arrived safely, and then actual photos posted to a confidential space/messaging service.

    Remember to check your photo/video consent along with any social media consent and that it is clear to all staff that would be posting on any channel or the school website.  Photos can only be used for the purpose that the consent was requested, so ensure you are using the photo for the purpose you requested.

    Data Protection Education provide a Model Photo and Video Policy and a Photo and Video Guidelines Document.

    Remember to use organisation-owned devices for taking the photos and ensure that photos are removed in line with your records management policy.

    Review: ICO: Taking photos in schools

    Guardians of Privacy: Social Media Articles

    Other Articles About Photography:

    Best Practice for Managing Photos and Video
    New Photo and Video Policy - and release form