This document is available in the following formats:
The shortened URL for this document is: http://jiscleg.al/ICTVulnerableLearners
1. What's In This Guidance
3. Data Protection
5. Interception and Monitoring
7. Freedom of Information
8. Hosting Liability and e-Security
9. In Summary
A college has a duty of care to all its learners as is reasonable in the circumstances to avoid injury or harm to them
Assessing the risks to the vulnerable learner in a particular activity is essential
Striking a balance between protection and independence for the vulnerable learner will present challenges
Clear policies and support procedures should be in place for both staff and learners in the appropriate use of ICT including mobile devices and social networking tools
Training of staff should include security and privacy aspects of ICT tools
Where using these tools with learners, staff should make sure that learners are aware of potential risks to security and privacy
Having procedures in place to deal promptly with incidents is essential to minimise both liability and loss of reputation for the college
This guidance is intended for staff in further education colleges that provide education or training for vulnerable learners with varying learning needs. Vulnerable learners may include both adult and younger learners. You will find summaries of the key legal issues involved in the development and use of information and communications technology (ICT) within a college.
Do any of the following activities arise in your college? If so, then the information in this guidance is of relevance to you:
- Staff using images downloaded from websites in their learning materials
- Staff using online tools including photo sharing and social networks, in their teaching
- Students using their own mobile devices to access websites, including social networks
- The use of mobile learning tools for students with differing support requirements
- Staff working at home using laptops, memory sticks and other mobile technologies
- Comments, sometimes inappropriate, made by staff or students online, in blogs or on social networks
Staff in your college will be familiar with the need to provide their learners with tools and resources which are accessible to them. This is, in fact, a legal requirement under the Equality Act 2010, where an education provider is obliged not to discriminate against disabled learners in its provision (including resources and delivery of teaching) and you should have a plan in place for ensuring inclusion which adapts approaches and tools to different learners’ needs.
Your college has a social network policy that bans all access to social network websites, including Facebook. The intention behind the ban is to protect vulnerable learners from the risk of bullying, grooming etc. Parents say other colleges permit access. The ban is purely a policy decision by the college as technical controls are in place. If the college would not have a policy banning access to social networks if the learners were not physically disabled, then the policy may be open to the allegation that it is discriminatory in terms of the Equality Act 2010. The college should consider looking at how access could be managed for the benefit of the students.
Your college allows learners online on-demand access to its resources wherever possible. The college must take steps (as are reasonable in the circumstances) to ensure that e-learning environments and materials are accessible to disabled learners with differing levels of support requirements. You should evaluate tools for accessibility or adaptability, look at possible adaptations and consider whether there are other ways for a learner with particular support needs to participate without being put at a substantial disadvantage. JISC Techdis has practical tools and resources to help ensure your learners have a positive learning experience using ICT and which also aid compliance with equality law.
For further information and resources on accessibility law please visit the accessibility law area on our website http://www.jisclegal.ac.uk/AccessibilityLaw
What’s the Issue?
All colleges collect, process, and use information about individuals such as learners and staff for various purposes. Your college has obligations under the Data Protection Act 1998 (DPA) to ensure the accuracy, relevancy and security of such information. Some of this data will be sensitive personal data, for example data relating to the health of individual learners.
Your college wants to include photographs of its learners in promotional material on the college website. If the image is of an identifiable individual, that use will be subject to the DPA, and the consent of the learner should be obtained before inclusion (or the consent of a responsible parent or guardian in the event that the learner is considered not capable of giving consent). The college should ensure the consent covers the proposed use on the website as well as any other future use, such as hard copy promotional material.
Your college has learners with a wide range of cognitive impairments, and wants to use a website to enable learners to create an e-portfolio. The information contained in the e-folio will be stored off-site with password protected access. The e-folios may contain sensitive personal information as defined in the DPA. The college should therefore seek the consent of individual learners (or parents/guardians where the learners are considered unable to provide consent), allowing them to opt out of the project if they so wish. The college should ensure the individual learners, parents/guardians are informed of the purpose of collecting and storing this personal data, what type of information will be stored, how long it will be stored for and to whom it may be disclosed.
A staff member is working at home and transfers to a memory stick relevant sensitive personal data of students, including family dynamics and medical information to aid him in the preparation of reports. As he gets out of his car at the supermarket on the way home, the memory stick falls out of his pocket. The college has a responsibility to keep data safe and secure and encryption technologies should be used as standard to protect information in these circumstances. All staff need training and support in data protection awareness and in use of encryption where personal data is being stored on mobile devices.
For further information regarding data protection please visit the data protection area on our website: http://www.jisclegal.ac.uk/DataProtection
All colleges have obligations in both common law and statute to safeguard the welfare of all learners when making use of ICT. There are a variety of legal issues to consider within the e-safety context, including cyberbullying, harassment, defamation, hosting liability and data protection. It is recognised that the management of these risks in order to both safeguard vulnerable learners whilst at the same time encouraging and promoting independence is difficult with no definitive solutions.
Your college wants to use Facebook as a teaching and learning platform. The college has a duty of care to ensure that the environment is safe for learners and staff. The college should perform an appropriate risk assessment which includes whether it is appropriate in the particular circumstances, e.g. Facebook probably should not be used where confidential or sensitive information is likely to be disclosed. The college should ensure that any use of Facebook is in line with all existing relevant policies e.g. e-Safety, Disciplinary, and Acceptable Use policies, and should ensure that all staff and learners are aware of what is acceptable and unacceptable conduct when using Facebook. The college may consider that its learners need particular training, supervision or support in order to be safe in an environment such as Facebook.
Your college is encouraging and assisting vulnerable learners to use a location aware app to plan and plot their routes. The aim is to help and encourage vulnerable students toward independence in getting to and from the college. Other students get a hold of a student’s mobile, take details and send several texts saying “We know ur now on the bus at …..We h8 u. We r going 2 gt u l8r. We know where ur.” The learner is upset and draws this to your attention. There should be an anti-bullying (or similar) policy in place. The college has a duty of care to provide a safe learning environment and to protect vulnerable adults from abuse, harm and exploitation including abuse using ICT. There should be an anti-bullying (or similar) policy in place and robust procedures in place to deal with an incident of this type and a designated individual with responsibilities. If not dealt with this could result in liability for the college. The college should also have in place appropriate support, guidance and training for the learner.
A student has an iPad which he uses at home and in the college. He shows his tutor the gambling site he was accessing last night which offered three free games. He said he really enjoyed the three games and had then provided his bank details in order to continue playing. Whilst this did not take place in the college setting, but in a home setting, the college has been made aware and needs to consider what it should do in these circumstances. The risks need to be assessed and appropriate training and guidance for both staff and students put in place as to how the situation is approached. This is a difficult situation to manage and the risk is unlikely to be eliminated. It may be that consultation with all the stakeholders including bank officials, parents, and carers may provide some indicators as to how the risk may be reduced or the financial loss minimised and also as to what role the college would play if made aware of behaviour which poses a risk to their vulnerable learners.
Further guidance on e-safety can be found in our webcast: Safeguarding – meeting your e-Safety Duties at http://www.jisclegal.ac.uk/MeetingESafetyDuties
All colleges may, subject to certain requirements, monitor the use of their network and their facilities to prevent abuse of the systems. Remote monitoring is covered by the Regulation of Investigatory Powers Act 2000 (RIPA). Any interception must be carried out within the limits set by legislation, and learners likely to be subjected to interception should be made aware that such interception may take place, as far as is reasonably possible.
Your college wants to carry out monitoring of learner emails. The stated aim is to ensure that learners are not receiving inappropriate emails or emails which the learner might find distressing. Learners have a right to privacy of personal communications under Human Rights law but colleges have the right and power to monitor the use of their network and their facilities for example to prevent abuse and to ensure the security of the system. Any monitoring of systems, even if it is minimal, must be done only after consent has been sought from the persons who are subject to monitoring. This is usually done by colleges through their Acceptable Use Policy (AUP) or interception and monitoring policy document. If the intention is to routinely monitor the content of email, this is a clear invasion of privacy and the college would need to have justification for doing so which may prove more problematic on a blanket basis. The college also needs to be clear as to its policy should the learner refuse to consent. It goes without saying that the policy and procedures need to be understood by the learner and their parents/guardians/helpers (where appropriate) in order for their consent to be given.
With regard to interception where there is suspicion of criminal conduct or use of illicit material, the JISC Legal webcast on Interception and Monitoring Law http://www.jisclegal.ac.uk/InterceptionandMonitoringWebcast provides detailed guidance.
Further information is available from the interception and monitoring area on our website http://www.jisclegal.ac.uk/InterceptionandMonitoring
Staff and learners at your college are likely to make extensive use of materials that belong to others, including books, articles, software, images and multimedia, and the law on copyright applies to this use. The Copyright, Designs and Patents Act 1988 (CDPA) provides certain exclusive rights to copyright owners, including the right to control copying, communication, distribution, performance and adaptation of their works. Your staff can perform these actions where
- The college is the copyright owner (e.g. if college staff have written the materials themselves)
- They have the copyright owner’s permission (e.g. where a blanket Copyright Licensing Agency licence is in place which covers the use of the material)
- The use falls into one of the limited exemptions under the CDPA (for example, fair dealing for criticism or review, copying for purpose of preparing or giving examinations, or copies for the private use of visually impaired learners).
- The work is no longer in copyright
Your college makes provision for learners to watch DVDs during lunch breaks. Showing a DVD on college premises will be considered a ‘public performance’ of a copyright work. Unless viewing of the film is limited to the purposes of instruction or examination then permission from the copyright owner of the work, or a licence from the relevant collective licensing organisation, should be obtained. An umbrella licence is the type of licence required to make films available in lunch breaks for student entertainment. The Motion Picture Licensing Company (MPLC) is one example of an organisation which operates an umbrella licensing scheme. Filmbank, which operates the Public Video Screening Licence (PVSL), is another. A college should check what films an organisation licenses to ensure they get the correct licence for the films they intend to show.
Your college wishes to make a digital copy of a book or journal article compatible with screen-reading technology to enable access to such material to learners suffering from a visual impairment. It is possible for educational establishments to make accessible copies of commercially published copyright material to supply to visually impaired people under s.31B CDPA provided that the copies will be used only for educational purposes and the original work is inaccessible without adaptation. The format needed must not be already commercially available, the author of the work must be acknowledged, and making the copy must not interfere with legitimate exploitation of the work.
Your college makes provision for learners to listen to music in the college café. Where a college plays recorded music in any public space through any kind of device for purposes other than teaching and learning a PRS and PPL licence will normally be required. However, a licence is not required for use of music which is consistent with normal domestic music use. According to guidance on the PRS website this would include playing music in student bedrooms provided as term time accommodation or in dining/living areas of student accommodation (such as kitchens) where access is limited to students resident in the specific building. It would not include rooms accessible by other students, rooms used for activities such as clubs, meetings, parties or discos or areas where catering is provided, for example the college café.
A student is anxious to see a recent film but unable to get to a cinema. A tutor knows a good website where films are free and helpfully suggests that he downloads it from there. This is a pirated copy and, therefore, copyright infringing. The college is responsible for the actions of its staff (including any agency or temporary staff). Staff should be familiar with the college’s policies and procedures in order to minimise the risk that the college is held liable for their actions.
For further information regarding copyright please visit the copyright area on our website: http://www.jisclegal.ac.uk/CopyrightIPR
The Freedom of Information Act 2000 or the Freedom of Information (Scotland) Act 2002 apply to most UK FE colleges. Colleges to which the legislation applies are required to have a publication scheme in place which details the information it makes available to requestors. The college must also respond to freedom of information requests within 20 working days (subject to certain exceptions). This means that college staff should be aware of the law and their responsibilities, and the college should have appropriate mechanisms in place to deal with requests for information.
For further information regarding freedom of information please visit the freedom of information area on our website http://www.jisclegal.ac.uk/FOI
A college may be liable for illegal material hosted on its computers. This may include music files copied in breach of copyright, pornographic materials or defamatory material.
A learner at your college finds and downloads obscene materials onto your college servers and shares this with friends. Your IT staff are alerted to this but are unsure of the legality of monitoring user accounts. Another learner finds the material and makes a complaint. Your college risks prosecution, investigation into how it runs its IT provision, and serious loss of reputation. As well as technical protections, the college should have an Acceptable Use Policy which has been communicated to learners so that they are aware of good and bad behaviour and communicated in a way which is meaningful and relevant to them. A “Notice and Takedown Policy” in respect of complaints about material and a procedure for monitoring communications and user accounts is also good practice.
Further information is available from the hosting liability area on our website: http://www.jisclegal.ac.uk/HostingLiability
ICT may be a beneficial teaching and learning tool for staff and students, and procedures and practices should be in place in your college to ensure that the legal issues do not become a barrier to the adoption and use of appropriate technologies. This guidance provides a broad outline of some of the issues involved in the use of ICT in your college, and the steps you can take to minimise risk and uncertainty. Further information is available on our website at http://www.jisclegal.ac.uk/.