PRIVACY, BYODS

1
PRIVACY, BYODS LONG HAIR

• Kathryn Dalziel
• Taylor Shaw
• Christchurch

2
Privacy What is the big deal?
Why bother if you have done nothing wrong? ....
3
Privacy What is the big deal?
Daily Blog Your Health Records Revealed
Celebrities on Prozac
4

• Facebook Statistics (December 2013)
• FB had 1.23bn monthly active users worldwide
• 757m users log on to FB daily
• 556m people access FB via smartphone or tablet.
• Average user has about 200 friends
• Age 25 to 34, at 29.7 of users, is the most
  common age demographic
• 50 of 18-24 year-olds go on FB on waking
• 35 demographic growing rapidly

5
Legal Framework

• Statute
• Common Law/Equity
• Contract/Agreements/policies procedures
• Personal decision making
•  

6
Understanding Privacy

• The Privacy Act 1993
• Promotes and protects individual privacy
• Data protection rather than physical intrusions
  into privacy
• 12 privacy principles
• Industry specific codes of practice

7
Privacy v Confidentiality

• Privacy
• Principles to guide the amount of control which
  an individual can exercise over his or her
  personal data
• Collection, storage, use and disclosure of
  personal information and the right of access and
  correction
• Confidentiality
• Information which is confidential or secret
• Given and received in confidence
• Authorisation or emergency situation which will
  allow it to be disclosed

8
Privacy v Confidentiality

• Teachers will strive to protect the
  confidentiality of information about learners
  obtained in the course of professional service,
  consistent with legal requirements.
• In relation to parents/guardians, and the
  family/whanau of learners, teachers will strive
  to respect their privacy
• In fulfillment of their obligations to the
  teaching profession, teachers will strive to
  respect confidential information on colleagues
  unless disclosure is required by the law or
  serves a compelling professional purpose.
• NZTC Code of Ethics for Registered Teachers

9
Understanding Privacy

• Privacy is not secrecy or confidentiality
• Privacy is wider than security
• Privacy is about controlling ones personal
• information

?
10
Understanding Privacy

• Personal Information
• privacy is about people
• any information about an identifiable, living,
  human being (not companies).
• it does not have to be sensitive.
• Even if information is widely known, it is still
  personal information.
• .

11

• Every agency must appoint a Privacy Officer
• To ensure agency complies with the Act
• To deal with requests made to the agency about
  personal information
• To work with the Privacy Commissioners Office

Privacy Act
Act of Parliament Regulation
gt
12
Privacy Framework

1. Only collect personal information if you really
   need it.
2. Get it straight from the people concerned.
3. Tell them what youre going to do with it.
4. Be considerate when youre getting it.
5. Take care of it once youve got it.
6. People can see their personal information if they
   want to.

13
Privacy Framework

1. They can correct it if its wrong.
2. Make sure personal information is correct before
   you use it.
3. Get rid of it when youre done with it.
4. Use it for the purpose you got it.
5. Only disclose it if you have a good reason.
6. Only assign unique identifiers where permitted.

14
Collection principles 1 - 4

• Purposes lawful and necessary
• From person concerned
• unless an exception applies
• Transparency
• fact of collection, purposes, who sees the
  information, where it is held, compulsory/optional
  questions, right to access and request
  correction
• Lawful and fair collection

15
Purposes

• meeting curriculum requirements
• recording maintaining student records
• reporting to parents/guardians
• maintaining the school-home partnership
• celebrating/recording achievement/success
• recording maintaining accounts
• providing services eg health, IT, library
  sports/recreation

16
Purposes

• enabling discipline/behaviour management
  programmes
• reporting/disclosing information to government
  bodies etc for funding
• providing accurate information for proper and
  safe student transfer
• maintaining alumni records
• marketing/public relations
• maintaining school websites
• administration planning of human resources

17
Storage Security principle 5

• An agency that holds personal information must
  take reasonable security safeguards to protect
  against
• loss
• unauthorised access, use, modification,
  disclosure
• other misuse

what is reasonable?
18
Access principle 6

• If information is readily retrievable people have
  a right to
• confirmation whether the agency holds information
  about them
• AND
• have access to the information.

19
Requests principle 6

• Form of request written or oral
• Individuals can appoint agents
• Precautions to be taken by agency
• Properly authorised written authority
• Satisfactory identification of individual
• Note request from a parent/guardian is
• 3rd party request can the information be
  released under IPP 11?
• Respond within time limits
• as soon as practicable
• 20 working days

20
Withholding Grounds principle 6

• Good reasons to withhold information from an
  individual
• ss 27-29 of the Privacy Act

27(1)(c) prejudice maintenance of law 27(1)(d)
endanger safety 29(1)(a) unwarranted
disclosure of 3rd partys affairs 29(1)(b)
evaluative material, defined in s29(3) 29(1)(d)
contrary to interests of person under 16 29(2)
not readily retrievable / cannot be found / does
not exist
21
Correction principle 7

• Individuals have a right to request correction
  or have a statement of correction added.
• Agency must either

make the change
attach statement
inform the individual and any recipients of the
information
22
Accuracy principle 8

• Before using personal information, an agency must
  take reasonable steps to ensure it is accurate,
  up to date, complete , relevant, not misleading
• what is reasonable will depend on the proposed
  use

Retention principle 9
Personal information must not be retained for
longer than is required for the purposes for
which it may lawfully be used.
23
Limits on the use principle 10

• Personal information obtained for one purpose
  must not be used for another purpose unless the
  agency believes, on reasonable grounds (for
  example)
• Other use authorised by individual
• Other purpose is directly related purpose for
  which information was collected initially
• many exceptions mirror principle 11

24
Unique Identifiers principle12

• What is it?
• A code or number that is assigned to a person by
  an agency which uniquely identifies the person in
  relation to the agency.
• An agency may only assign one if
• Necessary to carry out its functions
• Persons identity is clearly established
• Must not use identifier assigned by another
  agency.

25
Common Issues

• Disciplinary investigations
• Reporting to parents/guardians
• Lawyer for child
• Transfer of records
• Counsellors and health information
• Classroom activities
• Volunteers
• IT
• CCTV
• Police

26
BYODs

• Increased use of BYODs in schools
• Compulsory or voluntary?
• Impliedly accepted in Education Act (search and
  surveillance)
• Cost of curriculum related material
• Discuss Ombudsman enquiry into workbooks
• Risk in making it compulsory
• Can the student learn the course/master the
  course without it?
• Take home argument

27
BYODs

• Does BYOD integrate with existing systems?
• Is there any cost to integration?
• Should only certain devices be used?
• When/how should staff use a BYOD to access data?
• Any restriction of use? (NB note Health
  safety)
• What security do you expect for the BYOD?
• Can third parties access data on the BYOD?
• What are the privacy settings and security
  protocols (including encryption, passwords) in
  play?
• Any training needs around use of BYOD?

28
BYODs

• Who pays for data use?
• How is this measured between school home?
• Are there any limits to wi-fi access?
• Do students understand search surveillance?
• Can you search teacher BYODs?
• What do staff/pupils need to do in the case of a
  lost/stolen/hacked BYOD?
• Must they be capable of remote wiping/locking?
• What is the policy for exiting staff/pupils and
  wiping data as well as removing access to data?

29
Long Hair

• Battison v Melloy
• Lucan Battison was suspended from St Johns
  College for failing to comply with requests to
  cut his hair from the schools principal, Paul
  Melloy.
• School rule schools uniform includes hair that
  is short, tidy and of natural colour. Hair must
  be off the collar and out of the eyes. (Extremes,
  including plaits, dreads and mohawks are not
  acceptable).
• Lucans hair was collar-length and was tied back.
  
• Education Act penalties
• match offending,
• minimise disruption to a students attendance at
  school
• natural justice
• decision is objectively reasonable.

30
Long Hair

• In this case
• No other options were considered red other than
  suspension
• Offence not serious enough for suspension (which
  is last resort) avoid disruption
• Lack of certainty round rule
• inconsistent with the St Johns School Charter,
  which states that every student is unique, is
  made in the image of God and is treated with
  reverence.
• Note Need clear, certain rules as to what is,
  and what is not, permitted and the process which
  will be followed when suspension is being
  contemplated or undertaken
• Note Failure to engage in mediation

31

• Enquiries
• Privacy Commissioner
• 0800 803 909
• www.privacy.org.nz
• Kathryn Dalziel
• (Taylor Shaw)
• 379.4114
• kathryn_at_taylorshaw.co.nz

32

• Enquiries
• Privacy Commissioner
• 0800 803 909
• www.privacy.org.nz
• Kathryn Dalziel
• (Taylor Shaw)
• 379.4114
• kathryn_at_taylorshaw.co.nz