There’s Regulations & Then There’s Best Practices

Image of hand extended holding a light bulb with text: Pondering Best Practices

Image adapted from niekverlaan, 2014, lamp-432247_640.jpg, CC0, https://pixabay.com/en/users/niekverlaan-80788/

(BTW, the ex-high school English teacher in me is making me say: I know, strictly speaking that title is not grammatically correct, but it sounded better. 🙂 )

In this blog, I’ve previously delved (in some detail here) into the nature of BC educators’ compliance (or lack thereof) with BC’s Freedom of Information and Protection of Privacy Act (FIPPA, or as some people may remember it, FOIPPA) . I have also mentioned that practically speaking, I don’t think we’ll reach “full compliance” on the Compliance Continuum due to the rate of technological change and our ability to keep pace (access to resources, time, and professional development aside, though clearly important factors 😦 ). What I haven’t really differentiated between is what might be considered “strict compliance” (following the letter of the law) and best practices from an educational perspective with regard to privacy legislation and the use of web-based tools by BC educators. I believe technology savvy educators should reach higher than strict compliance to address students’ & educators’ best interests. In honour of Safer Internet Day 2016’s (2/9/16) theme, “Play Your Part For a Better Internet”, I’m going to share some personal examples of this difference. It’s my way to ‘get involved, inspire, and empower’. I encourage you to share something in honour this year’s Safer Internet Day theme too!

When working with a school staff or faculty, there is what I’ll call a “strict compliance necessity” to make sure that people know their legal obligations like “knowledge, notice, informed consent” when using cloud computing or social media tools–especially those with data stored or accessed outside Canada, or those where the location of data storage is unknown; however, knowledge of such strict compliance requirements is information without context. In my opinion, de-contextualized knowledge doesn’t stick very well–and prevents people understanding why things are the way they are and what makes the specifics important in a particular context. It’s like learning the formula for the Pythagorean Theorem by heart (i.e. a² + b² =c²) without understanding the context of a right triangle. In fact, during school math, I had difficulty with that entire formula until I finally realized that it dealt strictly with right triangles and always referred to the relationship of 2 sides of a triangle to its hypotenuse: while the sides might change, the hypotenuse never did. (A little math lesson, too? 🙂 ) This is one of the reasons I now like to give some sense of the historical context that ‘grew’ FIPPA, its amendments & regulations when I present the topic to BC educators–not only the global context but also regional, as pertains to our particular province. Ensuring educators have some understanding of the context in which FIPPA legislation was written, has been amended, etc., is a best practice.

(Note: If you’re interested in approaches to privacy legislation, you should be following the current developments in the European Union since the “Safe Harbor Ruling” was struck down in 10/15. If you are following the current EU situation, and are familiar with the BC context, there are clear parallels between  the circumstances under which the EU’s new privacy legislation is unfolding and BC’s current FIPPA laws and regulations; BC was just a bit earlier.)

Now for an in-the-field example of strict compliance necessity vs. best practice with students… In strict compliance with FIPPA and FIPPA Regulations, nowhere does it direct educators to specifically provide students (and their parents/guardians where applicable) with the steps to delete accounts after a class or course–though Section 11 of the FIPPA Regulations speaks to providing “the date on which the consent is effective and, if applicable, the date on which the consent expires” (See BC’s Freedom of Information and Protection of Privacy Regulation, Section 11, http://www.bclaws.ca/civix/document/id/complete/statreg/155_2012 ). It does, however, fit under the legally interpreted aspects of “knowledge” and “notice” for mitigating risks that are critical to the concept of “informed consent”. It is also a practice I encourage my graduate students to use in my OLTD 506  course (#OLTD506) here at VIU (#VIUEd).  When a course/class using a specific online tool comes to an end, providing support documentation or tutorials that walk students through the deletion of accounts or data–as is reasonably and practically possible–would be a best practice not only in British Columbia, but anywhere. In fact, teaching students how to manage the lifecycle of their accounts and associated services/products over time teaches good digital hygiene necessary for a digitally literate citizenry.

If you’re wondering what such a document might look like, here is an example I’ve drafted for our VIU Faculty of Education: Controlling the Lifecycle of Google Accounts_shared .

NOTE BENE: A ‘how to delete an account or data’ document such as this does not replace  the documentation required for obtaining informed student consent to use tools like Google Accounts & YouTube in a BC school under FIPPA. In our case, consent documentation was provided separately along with activity alternatives for students. Controlling the Lifecycle of Google Accounts_shared is provided to students as a supplement to consent documentation.

This document was designed for use with university students in classes where the use of Google and YouTube was encouraged. If you created a similar document, you would need to tailor your content to

  • the specific tool(s) you are using & their processes for deletion/ account closure
  • the level of your audience(s) (i.e. for students and caregivers)
  • your specific school policies, and/or regional laws/regulations

and the document should include the names & contacts for the relevant individuals who can lend support.

Let me know what you think of this post & shared document. I hope it inspires you to do your own thing to “Play Your Part For a Better Internet” on Safer Internet Day 2016.

If you would like to adapt this form for your own use, just contact me & I’m happy to extend permission.

(If you’re wondering why I don’t use CC licensing here, the research I’ve seen shows that “attribution” is rarely given as requested. You’ll see I gave attribution above to the CC0 image I used even though it wasn’t strictly necessary; it’s a thanks to the author from me. If you know of research showing the statistics have changed, share it with me and I’ll be happy to revisit my licensing commitments. 🙂 )

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: