These are among the guidelines contained in Advisory No. 2020-1 that the Data Privacy Council Education Sector issued recently to help students, parents, and teachers, administrators and other school personnel safely navigate digital spaces, as classes have shifted to online platforms to curb the spread of Covid-19.
In addition, the presence of the parent or guardian during these recorded sessions must also be considered, said the group, which likewise advised that the use of webcams in synchronous online classes be optional.
These guidelines were crafted with encouragement from the National Privacy Commission (NPC) for data protection officers of a number of universities and colleges in the wake of a surge in security breaches of data systems of schools in the country in the first half of the year.
The security breaches stemmed from hacked portals and databases, phishing, stolen laptops, system glitches and human error, according to a report of NPC’s Data Security and Compliance Office.
Privacy Commissioner Raymund E. Liboro said the NPC also commended the education sector for coming up with an online learning guidance with data privacy at its core. Adopting technologies and online tools is a new progression of education as the pandemic continues to inhibit our movements.”
Like everything else, online learning must adhere to the data privacy law for the safekeeping of personal data, he said.
“Educational institutions must choose an online learning platform with the best security features and one that is most capable of protecting students’ privacy. Consider if the platform meets the requirements of the Data Privacy Act before letting students use them,” Liboro added.
For the conduct of personal data processing activities deemed necessary or related to online learning, the advisory emphasized accountability, information about education as sensitive personal information, legitimate interest, legitimate purpose, proportionality and transparency.
The listed areas of concern covered by the guidance include the use of a Learning Management System (LMS) and Online Productivity Platforms (OPP); other available unofficial supporting tools for online learning; use of social media; publication of information or files via other means or platforms; storage of personal data; use of webcams and the recording of videos of online discussions; online proctoring; and data security.
The advisory, among other things, said announcement or posting involving personal data, such as grades and results of assignments, must be viewable only by its intended recipient/s.
Also downloading of personal data stored in the LMS or OPP should be kept to a minimum and/or limited to that which is necessary for online learning. Mechanisms must be in place so that submissions, such as assignments and projects, may be carried out in a safe and secure manner.
Submissions via social media platforms are discouraged. Posting or sharing of personal data, such as photos and videos, on social media, must have a legitimate purpose and be done using authorized social media accounts of the school.
Explicit consent of the student (or parent or legal guardian, in the case of minors) should be obtained before the conduct of online proctoring and the use of related tools or technologies.
The advisory also asked schools to practice limited use of supporting tools or technologies that they have not officially adopted, as there is no formal relationship between them and the developer of the tools.
The guidance is meant to be a set of recommendations and shall not be treated as some type of policy since schools retain the prerogative to decide on the measures, they deem appropriate.
The advisory also said that the document covered different areas relevant to online learning, but it was not intended to be an exhaustive list of such concerns.
“Neither does it include issues which, while related to online learning, do not involve the processing of personal data,’’ it read.