The Problem with Data Privacy Day

The Problem with Data Privacy Day

Data Privacy Day/Data Protection Day really bugs me. It has done for years and years, and I am not talking about when Data Protection Day got hijacked to be Data Privacy Day. Yes, I know that it has only been going since 2007, but the problem goes back a bit further than that. Within the education sector, and with other organisations who work with children, we have Safer Internet Day, which gets the same sort of attention.

Ok, you can use both to raise awareness and get some training done, often with a peck of fun and a bushel of fear thrown in. A big, flashy, loud statement that is telling people what to do!!! Yeah, because we always need that, don’t we?

My problem is this…

Do something for one day and, just like when an auditor comes in, everything is focused on just that day. All the budget, all the prep, all the resources … one day! What happens for the other 364? Often, very little and so we have vast inequality as a result.

I often get asked what people should do for safer Internet day or for data privacy day. Personally, I think there are two options. Do nothing or use it as a celebration. Nothing? Why? Well, I’ll get to that later.

Why celebrate?

Celebrations are always a positive thing, even when covering mistakes that have happened. This one day should be the culmination of everything that has gone over the last year. This can include a review of the training, highlighting projects or areas of work that have been successful, awards and recognition of effort and expertise, and a general, congratulatory pat on the back to one and all. It doesn’t matter if you have had significant disasters during the year. This is a chance to show how the organisation has changed and how those within have grown.

Schools that have a mature understanding of online safety will take this approach and will probably also show you how online safety crosses over into wellbeing and mental health, off-line bullying, positive strategies to counter racism, sexism and homophobia, and all tied in within Digital Citizenship skills.

Make no mistake; this takes a lot of effort throughout the year and involves cross-curricular working. It won’t happen overnight, but is a target to aim for, and one that will continuously need reviewing and updating.

But what about the other option? Doing nothing?

Well, if you have been doing the above throughout the year, do you really need to celebrate just on one day? Suppose you bring the focus to a single day again. In that case, you reintroduce the risk that people will think that the work is done, project closed, let’s move on to something else… instead of thinking we are starting a new cycle of work, looking where we can improve, setting out our expectations and how we will judge them throughout the year.

We know that there are mountains of resources available for Safer Internet Day, but what about Data Privacy Day?

First, let us think about what you have internally. When you look at your compliance with data protection and privacy legislation, we can see that we can already highlight areas. We have frequent reports to the Governing Body / Board of Trustees. We have an established training program that even covers specific roles. We have regular advice and guidance that is shared with the staff. We have information about what data processing and systems have been reviewed. We know how many breaches we have had. We understand how many subject requests we have had.

Next, we can look at what external resources and guidance we have taken. We know how which items from ICO and NCSC have been shared. We have the materials that were recommended by the Data Protection Officer. We have references from within Keeping Children Safe in Education. We have references in Education for a Connected World from UKCIS. We have lesson plans and resources from Project Evolve by South West Grid for Learning.

There will always be a significant focus on Safer Internet Day, and as it comes a week and a half after Data Privacy Day, you are unlikely to get people to focus on it. So why don’t you look at where Data Privacy Day and Safer Internet Day cross-over? Use Data Privacy Day as a preview of what will happen on Safer Internet Day? And that way, you also start spreading the activities over more than one day.

What can EdTech vendors do to support this?

They can do the same. Many companies will also be working on Safer Internet Day resources and projects. They can also quickly look at Data Privacy Day as a preview of Safer Internet Day. This can be where they highlight the good things they have done and share it with schools.

This year, we are presented with a real chance to tie the two areas together

This year, we know that remote teaching and online learning has a principle focus for schools and EdTech in general. Let us use this as an opportunity to start that year of work that can be celebrated the end of it.

About the author

Tony Sheppard CIPP/E is the founder and principle consultant at My Data Protection World. Tony is a leading Educational Technologist with a background in senior leadership in schools, Local Authority advice, project management within national education programmes and a vocal advocate of the roles of data protection and privacy within education.