How to Plan for a Data Breach in Your School Network
A data breach is a very different type of crisis to others that you may encounter in your school and is likely to occur where a security incident...
The spiritual successor to Vine, the short form video creation app TikTok has skyrocketed in popularity in recent years. Arguably most popular with teens, schools have seen an explosion of “challenges”, songs being played on loop, new sayings and dances almost on a daily basis. With phones being more commonplace and accessible, younger and younger children are being exposed, captured and swept along with the TikTok tide.
Why is TikTok a Risk?
TikTok as a platform's primary goal is for people to be recording and uploading footage. Due to the availability of free Wi-Fi and mobile signal, there are very few locations where recording and uploading footage is not possible. This ultimately means that students can now record, upload and even “go live” hosting their own web stream within the school grounds and even during lessons. This poses various challenges to the education sector but furthermore compounds one of the primary issues that TikTok raises to children; there is a lack of understanding on the lifecycle of a video. A student can record their face/ other peoples faces or actions and upload them to what is effectively the cloud. This video is accessible to circa 8.9 million users. TikTok itself does not make it clear on how to remove videos should a 3rd party complain.
A real world example would be a student recording a teacher and the teacher not having the power to remove the video which could cause various levels of harm (emotionally) and in some instances TikTok has been used to incite or promote violence.
This of course brings about numerous Data Privacy issues for the education sector. Not only does social media in general have a turbulent relationship with global regulations (Facebook, $64m) & WhatsApp, $243m) but TikTok has also came under scrutiny in July 2021 by the Dutch Data Protection Authority (DPA) and imposed a fine of $810k for violating children's privacy.
Without the legal jargon; TikTok failed to protect young children by not informing them of their use of data within the app. Furthermore there was a distinct lack of measures to stop digital grooming and online bullying. Something which TikTok has addressed, but still not without its flaws.
Some schools have outlawed TikTok, some openly have accepted that it is inevitable and fighting TikTok will make it harder to manage and observe, possibly increasing the bullying, harassment and other negative impacts of social media.
So where does the education sector and TikTok blur the lines?
Other than the usual “funny” videos, dances and songs, there is an emerging trend of teachers creating accounts and publishing content designed for children. Some teachers use TikTok as a tool for homework. Whilst any creator that designs and publishes content designed for children will be a strong advocate for TikTok (Kolowsky 2019, Civil war), some schools have endorsed TikTok as a tool for promoting Global Climate change awareness. Student activism and breaking down traditional social barriers and norms, even as a viable marketing tactic. Regardless, this does bring into question the concern of promoting children to actively engage in a “risky” platform; especially if the school hasn't taken appropriate steps to mitigate risks.
What is certain is that TikTok is here to stay (at least for the foreseeable future until the next social craze) and schools must take several steps to ensure they are meeting global regulations and following best practice. Some examples of this are as follows:
Risk assessment
It is essential to undertake, understand and document a risk assessment for TikTok within your school. This will ensure that best practice privacy regulations are met and provide a tangible document for managing and mitigating any risks that you have identified.
Incident Management
It is important that your school has a comprehensive and detailed incident management process. Having a clear repeatable process that will allow you to detect, assess, escalate and resolve an incident. Coupled with a list of key contacts, roles and responsibilities and communication strategy. Will support your regulation requirements but also minimise risk to your organisation, help safeguard students and provide a clear guide in how to respond should an incident arise.
Training
Arguably one of the most important aspects when it comes to incident and risk management. Communication and training to staff members to ensure they have the knowledge and tools to identify risks, report risks or near misses and the ability to follow any incident management plans.
The Solution
Undertaking all the above can be overwhelming, especially in an environment where there is a constant demand for time and resources. Not only should there be a system in place to identify, manage and assist the organisation in risk mitigation but it also requires expertise to coordinate and deliver training and a large proportion of time.
Let us help you! The Team at 9ine have a comprehensive incident management app built from the ground up with the education sector in mind, with specific consideration to the pain points often experienced by teachers and school support staff. Our global privacy experts are also on hand to provide guidance and support in Data Privacy, Incident management and Risk assessment. Why not contact us directly to see how 9ine can best support you and your school.
A data breach is a very different type of crisis to others that you may encounter in your school and is likely to occur where a security incident...
With the joys of Brexit behind us the government is preparing to legislate on changes to the UK-GDPR. Their view, the EU-GDPR is too onerous and...
Network hacks have become increasingly frequent in the past few years - especially in schools. The reason being, the less than optimal security...