The Australian Competition and Consumer Commission has just released its 600-page Digital Platforms Inquiry, which is intended to make the digital landscape for consumers in Australia safer and fairer.

The government is currently reviewing the ACCC’s 23 recommendations, and will decide whether to adopt or reject them by the end of this year. But what you might not realise is that contained within the same report are new digital privacy rules that will have a big impact on schools that take and share pictures of students.


Strengthening the Privacy Act

The report recommends that consumer protections in the Privacy Act be strengthened, meaning schools will have to go to extra effort to clarify how they intend to collect, use and disclose personal information. Individuals in Australia will be granted new protections to ensure that their digital privacy is maintained and upheld, and these powers will be extended to minors too.

Unsurprisingly, schools are one of the biggest publishers of minor personal data and photos.

If the government does decide to adopt the ACCC’s recommendations, schools will have to work much harder to ensure photos of pupils are not hosted on unsecured media, unless clear consent has been given in advance.

In order for this to happen, a whole range of processes, protocols and technology will need to be put in place to keep up with the new rules.


How schools should be responding

So what steps should schools be taking to avoid falling foul of the ACCC’s recommendations? First of all, they must understand that the data they have at their fingertips contains the potential for a serious privacy breach. For instance, basic details such as a child’s name or class name, when combined with the metadata associated with a photo, such as date, time and location information can result in a breach that impacts the safety of a pupil or their family where a domestic violence order is in place.

The first step to avoiding such breaches is to ensure that the data you collect is done so in a secure manner. Not all data breaches occur in high-tech environments: paper notes or information stored on easy-to-lose removable storage devices such as USB sticks or CDs is a data breach waiting to happen. Instead, ensure information is stored in a secure, private online system.


The social media conundrum

Social media has made it easy for schools to share and communicate with the wider school community, but despite being free, it actually comes at a cost: information about your students is being collected by these platforms.

The ACCC’s inquiry could soon mean that social media platforms are considered ‘publishers’, and all posts uploaded to their sites will be considered under the same scrutiny as a publisher would.

To avoid falling foul of the recommendations, ensure your social media consent process clearly defines what might happen when images and other personal information are shared on social media, so that everyone involved has clearly agreed to have their data shared.


Test your setup

One of the best ways to test your current data privacy setup is to investigate what happens to images at all stages of their life-cycle.

Among some of the many questions both schools and their photographers need to ask are: where and how are the images are being captured? Where are they being stored? What kind of devices are they being captured on? Who owns those devices? Who can access those images? How is consent being captured? How are we controlling where the images are shared and published?

It’s surprising how many businesses don’t ask these questions when the answers have the power to reveal areas of significant privacy risk.

All contracts between schools and photographers should be prepared with these questions in mind, and include, at a minimum, important clauses about who is responsible for ensuring the students’ data is secure, where and how it will be stored, and what other parties are permitted to do with that data.


Best practice is the only practice

It’s essential that both schools and their photographers champion the image privacy cause and demonstrate robust privacy practices. They should work together to ensure all photo and video permission forms are created according to best practice, and that image privacy processes and procedures are sound.

Don’t be afraid to invest in technology, expertise and resources, including those that help manage image consent across large, diverse and growing media collections. And it’s really important that you educate your staff on image privacy processes and procedures.

The end of the year will be here before we know it. If the ACCC’s recommendations are accepted, there won’t be much time for schools and photographers to make the necessary improvements. Don’t assume that you can retrofit privacy at the last minute, or you will join the long list of schools sleepwalking into image-sharing danger.


Find out more about Colin's work in child image protection at pixevety.  In 2012, he saw an opportunity to create a unique business within his area of passion, photography. He witnessed first-hand the potential risks and harm the mismanagement of photos can have on children. And he became an advocate for protecting every parent’s right to determine how their child’s photo is used, and protecting every child’s right to safety and digital privacy. After learning of the minefield of privacy laws and the daily stress for schools in managing and sharing the photos of every single student, Colin decided to do something about it. And pixevety was born.