Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Some direction on school directories Sam Grover
18 April 2016

School blog image

If you’re not familiar with school directories, here’s how they work: at the beginning of a school year, some schools publish directories with contact details for each student and his/her parents. That directory is then distributed to each parent. Parents who need to contact one another how have a directory to aid them in doing so. Easy.

Except, perhaps not so easy, as this brings up a few privacy issues. Let’s work through them.

The law

Legally speaking, these directories are in the clear, as long as the schools tell parents that they are going to be in the directory when they collect their personal information.  

However, the minimum legal requirement may not be enough to protect the vulnerable, or to maintain good relations in the community. At the very least, we’d recommend that parents be given the opportunity to opt out.

Opt-in or opt-out?

The opt-out approach is telling parents that their information will be published unless they explicitly say they don’t want it to be published. The other approach is to decline to publish information unless parents opt in – that is, they explicitly say that they’d like to have their details published.

We might expect that opt-in approaches would result in very thin directories, not because of heightened privacy awareness, but rather because it’s easy to forget to send the opt-in form back.

Real privacy risks

An opt-out approach is likely to lead to the most comprehensive directory. However, that approach increases the risk of publishing someone’s details against their wishes. This isn’t just a matter of minor annoyance, either. There are real safety issues at play when it comes to some peoples’ contact details. For example, if someone has escaped from a domestic violence situation, publishing their contact details can put them in danger of serious physical harm.

Managing the process

To manage these risks, schools need to examine the process behind their directories. For example, we’ve heard anecdotes about schools sending opt-out forms to parents through their children – a less-than foolproof approach. How heavily should we be relying on children keeping forms in their bags, getting opt-out forms to their parents, then repeating that process in reverse to get the forms back to the teachers?

Imagine that in the above scenario, a half-dozen or so children managed to get opt-out forms back to their teachers. What happens next? Does an administrative staff member make a mental note? Or are they marked more clearly?

These are the questions that schools need to ask because they flush out points in the process where a mistake is most likely. Once you identify these points, you can put in processes to mitigate them. Simply collecting a stack of opt-out forms confident in the knowledge that “it’ll work itself out” is not quite enough.

A few tips

With all this in mind, there are a few practical steps schools can take to publish directories without compromising peoples’ privacy:

1) Consider whether you need a directory in the first place. Are parents able to just get contact details from one another when they need them?  

2) If you do choose to publish a directory, have a conversation with the community about whether to use an opt in or opt out approach.

3) If you do use an opt-out approach, don’t solely rely on children as couriers. Contact parents directly as well, in order to ensure that they get the forms and are aware of their ability to opt out.

4) Create a clear, step-by-step process for managing opt-outs.

5) Perform a “mini audit” before you publish the directory. This is someone who hasn’t seen the directory checking the opt-outs against the draft directory, to ensure that none of the opt-outs have snuck in.

Do you have any tips we haven’t thought of?  

Image credit: WeCometoLearn via Flickr

1 comments

,

Back

Comments

  • Directories like this are a godsend for parents who don't know the other families at school, and need to organise playdates, want to check on where/when events are happening and have a sense of who their kids wider social networks are. In a crisis, they are invaluable for arranging last-minute pickups, or alerting other parents to an issue (it's mufti day tomorrow!!). With working parents, it's harder and harder to meet people at the school gate and get to know other parents. But chools plead they are underfunded and under-resourced, and they are certainly being expected to do more with less, and items like this which are primarily to support the parent community are becoming more of struggle for schools to rpoduce. So then, if the value and benefit of having a parent directly primarily lies with the parents, (as the schools can use the contact details already), it would seem to make sense to transfer this repetitive and thankless task to the parents themselves. But then the problem arises - should parents be requesting personal information from other parents to compile a directory, and who holds it and how is it kept current? A simple solution would be for the school to operate an electronic directory in a password protected part of its school site. School parents are encouraged to enter details in the electronic directory themselves, update them and if necessary set permissions for them (view by all, view only by year 5 families) etc. The school helps create the initiative and space by establishing the database, and then the parents take it from there - making all the choices about opting in, and managing their personal information in a direct way.

    Posted by Nicci Coffey, 28/04/2016 8:07pm (16 months ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries