iTnews

Victorian primary schools neglect privacy in software choices

By Justin Hendry on Aug 19, 2020 6:22PM
Victorian primary schools neglect privacy in software choices

App cost and functionality given priority.

Victorian government primary schools are overlooking privacy considerations when selecting classroom apps not covered by central licensing arrangements, the state’s privacy watchdog has found.

The Office of the Victorian Information Commission (OVIC) this week released its examination [pdf] into the use of app and web-based learning tools in schools, focusing on four primary schools.

The report, which sought to uncover potential privacy risks, found the majority of the schools assessed were unaware of the need to perform privacy impact assessments (PIAs) for software.

While the Department of Education and Training (DET) completes PIAs for apps provided through a central ‘DET licence’ such as G Suite for Education, schools are free to use other apps.

Schools that choose apps for which there is no central licence are required to complete their own PIAs using a template and examples provided by the department.

Some of the apps not covered by the DET licence include Seesaw, a digital tool that allows students and teachers to share work with parents, and Compass, which is used to record attendance.

But OVIC said three of the four schools assessed “were not aware it was a requirement to complete a PIA for all apps and web-based learning tools implemented by the school”.

“OVIC asked the schools if they were aware of any direction from DET to complete PIAs for all apps … the schools choose to implement,” the report states.

“One of the four schools who OVIC met with said they were aware of this requirement from DET, and said they knew how to complete a PIA if required.

“Three of the four schools informed OVIC that they had a basic understanding of PIAs and why they were performed, however did not know where to locate the template PIA form or how to complete it.”

Schools are also “rarely” sending parents information notices and opt-out forms for all apps, in part due to the lack of PIAs, which are used to develop the materials.

Three of the four schools were “not aware that DET expected them to do so for all apps and web-based learning tools that collected personal information”.

OVIC said that all the schools confessed to being more “focused on curriculum and budgeting requirements” than privacy considerations when selecting apps for the classroom.

It noted that approximately 90 percent of apps or web-based learning tools used by the four schools were free.

“Consideration is given mostly to the cost of the app and how it will fit in with teaching in each classroom,” the report states.

“School personnel said that some high-level privacy issues were considered (such as what information each student would be inputting into the app … when setting up a profile), but that teachers and principles were not delving much deeper into privacy consideration.”

By focusing mainly on the financial aspect and selecting free or ‘lite versions of apps, schools “may not properly consider risks associated with information being collected to be on-sold or used for targeted marketing”, OVIC said.

“In light of the issues identified in the examination, we consider that schools are at risk of branching the IPPs [state information privacy principles] when using apps ... that handle student personal information,” it concluded.

The watchdog acknowledged, however, that “it may not be feasible for schools to assess these risks themselves for the wide variety of apps and tools that they use”.

“As such, DET may wish to consider providing schools with additional specific information, support, and training on the topic of free apps and web-based learning tools,” OVIC suggested.

“The guidance that DET provides to schools at present is of high quality but could be better communicated to schools and expanded to cover a wider variety of apps and web‐based learning tools."

In response, the department said it planned to "review its current support model and investigate ways to streamline its approach and strengthen guidance".

DET has also recently updated the PIA template used by schools, bolstered its privacy team and allocated additional resources to better respond to privacy enquiries.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
department of educationeducationitgovernmentitoffice of the victorian information commissionerovicprocurementsecuritysoftwarevictoria

Partner Content

Security through visibility: supporting Essential Eight cyber mitigation strategies
Promoted Content Security through visibility: supporting Essential Eight cyber mitigation strategies
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
How a 'micro data centre' enables your business, your way
Promoted Content How a 'micro data centre' enables your business, your way

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Justin Hendry
Aug 19 2020
6:22PM
0 Comments

Related Articles

  • Victorian government begins search for future myki operator
  • Melton City Council contractor handed own company over $1m of IT work
  • Victorian gov agencies still in talks over digital driver's licences
  • Clean Energy Regulator swaps Fujitsu for Digital61
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers

Macquarie Bank creates a broker portal on Salesforce

Macquarie Bank creates a broker portal on Salesforce

Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability

Digital Nation

The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.