- Policy Statement
- Strategies for Implementation
- Legislation and Considerations
- Sources and Related Policies
- Attachment 1 – Procedures for use of ICT at Styles Street Children’s Community Long Day Care Centre
- Attachment 2 – Guiding principles for security of information systems
- POLICY STATEMENT
The Information and Communication Technology (ICT) environment is continually changing. Early childhood services now have access to a wide variety of technologies via fixed, wireless and mobile devices. ICT is a cost-effective, timely and efficient tool for research, communication and management of a service and an enriching addition to our teaching resources. ICT, however, also brings with it many legal responsibilities in relation to information privacy, security and the protection of employees, families and children.
State and federal laws, including those governing information privacy, copyright, occupational health and safety, anti-discrimination and sexual harassment, apply to the use of ICT (refer to Legislation and standards). Illegal and inappropriate use of ICT resources includes pornography, fraud, defamation, breach of copyright, unlawful discrimination or vilification, harassment (including sexual harassment, stalking and privacy violations) and illegal activity, including illegal peer-to-peer file sharing.
This policy refers to all aspects of the use of ICT including internet usage; email; electronic bulletins/notice boards; electronic discussion/news groups; blogs; social media networking; file transfer; file storage (including the use of end point data storage devices); file sharing; video conferencing; streaming media; instant messaging; online discussion groups and chat facilities; online learning and development platforms (such as Storypark); subscriptions to list servers, mailing lists or other like services; copying, saving or distributing files; viewing material electronically; printing material; and mobile phones.
Our Centre will:
- Use ICT at the Centre professionally, ethically and responsibly;
- Use ICT at the Centre to support children’s learning, assist communication with families and colleagues and/or support the effective operation of the Centre;
- Provide a safe workplace for management, educators, staff and others using the Centre’s ICT facilities;
- Safeguard the privacy and confidentiality of information received, transmitted or stored electronically;
- Ensure that the use of the Centre’s ICT facilities complies with all Centre policies and relevant government legislation;
- Provide management, educators and staff with information, resources and communication tools about ICT to support the safe and effective operation of the Centre.
- STRATEGIES FOR IMPLEMENTATION
The Approved Provider will:
- Ensure that the use of the Centre’s ICT complies with all relevant state and federal legislation, and all Centre policies (including the Privacy and Confidentiality Policy, and Staff Code of Conduct Policy);
- Provide suitable ICT facilities to enable educators and staff to effectively manage and operate the Centre. These may include: Internet access, computers, lap tops, Tablets, TV, Audio devices and a projector.
- Authorise the access of educators, staff, volunteers and students to the Centre’s ICT facilities, as appropriate;
- Provide clear procedures and protocols that outline the parameters for use of the Centre’s ICT facilities (refer to Attachment 1);
- Embed a culture of awareness and understanding of security issues at the Centre (refer to Attachment 2);
- Ensure that effective financial procedures and security measures are implemented where transactions are made using the Centre’s ICT facilities, e.g. handling fee and invoice payments, and using online banking;
- Ensure that the Centre’s computer software and hardware are purchased from an appropriate and reputable supplier;
- Identify the need for additional password-protected email accounts for management, educators, staff and others at the Centre, and provide these as appropriate;
- Identify the training needs of educators and staff in relation to ICT, and provide recommendations for the inclusion of training in ICT in professional development activities;
- Ensure that procedures are in place for the regular backup of critical data and information at the Centre;
- Ensure secure storage of all information at the Centre, including backup files (refer to the Privacy and Confidentiality Policy);
- Adhere to the requirements of the Privacy and Confidentiality Policy in relation to accessing information on the Centre’s computers, including emails;
- Ensure that reputable anti-virus and firewall software are installed on Centre computers, and that software is kept up to date;
- Develop procedures to minimise unauthorised access, use and disclosure of information and data, which may include limiting access and passwords, and encryption;
- Develop procedures to ensure data and information (e.g. passwords) are kept secure, and only disclosed to individuals where necessary, for example, to new educators, staff or Committee of Management members;
- Develop procedures to ensure that all educators, staff, families, Committee of Management members, volunteers and students are aware of the requirements of this policy;
The Nominated Supervisor will:
- Ensure all staff have access to the provided ICT facilities and organise maintenance with the Centre’s IT support as the need arises;
- Ensure relevant data is being backed up regularly;
- Store passwords securely and only share them with relevant personnel at the Centre;
- Obtain approval from the Approved Provider before purchasing licensed computer software and hardware;
- Ensure all staff are familiar with and follow the ICT Policy and Procedures;
- Review the ICT Policy and Procedures in staff meetings, as needed;
- Ensure, when staff resign from their position that their work emails and membership to the Centre’s social media, such as WhatsApp and Facebook are removed on their last day of employment at the Centre;
- Ensure the appropriate use of endpoint data storage devices by all ICT users at the Centre;
- Ensure that all material stored on endpoint data storage devices is also stored on a backup drive, and that both device and drive are kept in a secure location;
- Ensure compliance with this policy by all users of the Centre’s ICT facilities;
- Provide all families with the ICT policy on enrolment;
- Ensure all families sign relevant permission and waivers for their child’s involvement in the use of ICT at the Centre; and
- Request parents/guardians to sign a ‘Media release’ form during the enrolment process to confirm if they will allow educators to take digital photos, videos and voice recordings of children to:
- Record the child’s individual learning and development using an online learning platform (such as Storypark);
- Use on the Centre’s website, newsletters, marketing advertisements, displays in the Centre or film coverage;
- Use on social media marketing e.g. Facebook and Instagram.
- Display at community events, and in newspapers or other media outlets; and
- Share these photos and recordings with other families via email or the online learning and development platform, when more than one child is photographed in a photo e.g. group experiences.
- Ensure educators are aware of families’ permission and waiver preferences for all enrolled children.
Educators, Staff and all Authorised users of ICT at the Centre will:
- Only use ICT for work related purposes that are legal, ethical and consistent with the aims, values and objectives of the Centre;
- Comply with all relevant legislation and Centre policies, protocols and procedures, including those outlined in Attachments 1 and 2;
- Keep allocated passwords secure, including not sharing passwords and logging off after using a computer;
- Maintain the security of ICT facilities belonging to the Centre;
- Co-operate with other users of the Centre’s ICT to ensure fair and equitable access to resources;
- Obtain approval from the Nominated Supervisor before purchasing licensed computer software and hardware;
- Ensure confidential information is transmitted with password protection or encryption, as required;
- Ensure no illegal material is transmitted at any time via any ICT medium;
- Use the Centre’s email, online learning and development platform, and messaging facilities for Centre-related and lawful activities only;
- Ensure social media networking websites are used for personal use only and are only accessed during breaks;
- Use endpoint data storage devices supplied by the Centre for Centre-related business only, and ensure that this information is protected from unauthorised access and use;
- Notify the Nominated Supervisor of any damage, faults or loss of endpoint data storage devices;
- Restrict the use of personal mobile phones to rostered breaks away from common areas;
- Not access social media networking websites via their mobile phones during their shifts at the Centre (unless during breaks);
- Lock and store all portable ICT devices in a secure place after each use;
- Ensure all portable ICT devices remain onsite except for work related reasons that include excursions and/or professional development sessions;
- Delete all digital photos, videos, voice recordings on tablets and cameras once uploaded to the computers and/or online learning and development platform or once otherwise used to document a child’s learning and development;
- Ensure the rights and the dignity of each child is upheld at all times;
- Ensure electronic correspondence to families does not replace face to face communication, but rather as a tool to assist in understanding each child’s learning and development;
- Ensure the contact procedure set out in the Complaints and Feedback Policy and any other relevant Centre policies are followed if concerns arise;
- Ensure digital photos, videos and voice recordings of children are only taken and used in accordance with the ‘Media release’ form completed by parents/guardians during the annual enrolment process;
- Ensuring materials produced using the Centre’s ICT are in accordance with the Centre’s relevant policies, including the Privacy and Confidentiality Policy and the Curriculum, Programming and Progress Policy; and
- Ensure electronic files containing information about children and families are kept secure at all times (refer to the Privacy and Confidentiality Policy).
- Read and ensure they understand this ICT Policy;
- Comply with this ICT policy and procedures;
- Maintain the privacy of any personal or health information provided to them about other individuals e.g. contact details; and
- Use the methods of electronic communications provided by the Centre, including email and online learning and development platform for general comments and enquiries only and not for raising concerns or other issues.
Note: Volunteers and Students are responsible for following this policy and its procedures while at the Centre.
- LEGISLATION AND CONSIDERATIONS
- Broadcasting Services Act 1992 (Cth)
- Classification (Publications, Films and Computer Games) Act 1995
- Commonwealth Classification (Publication, Films and Computer Games) Act 1995
- Competition and Consumer Act 2010 (Cth)
- Copyright Act 1968 (Cth
- Copyright Amendment Act 2006 (Cth)
- Education and Care Services National Law Act 2010
- Education and Care Services National Regulations 2011
- Freedom of Information Act 1982
- Privacy and Personal Information Act 1998 (NSW)
- National Quality Standard for Education and Care , 2011, Quality Area 7: Leadership and Service Management Standard 7.3: Administrative systems enable the effective management of a quality service
- Work Health and Safety Act 2011 (NSW)
- Privacy Act 1988 (Cth)
- State Records Act 1998 (NSW)
- Sex Discrimination Act 1984 (Cth)
- Spam Act 2003 (Cth)
- Trade Marks Act 1995 (Cth)
- SOURCES AND RELATED POLICIES
- Acceptance Use Policy, DET Information, Communications and Technology (ICT) Resources, March 2011, education.vic.gov.au/about/deptpolicies/acceptableuse.htm
- IT for Kindergartens: kindergarten.vic.gov.au
Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security,
- Organisation for Economic Co-operation and Development (OECD) (2002), oecd.org
- Privacy and Confidentiality Policy
- Governance and Management Policy
- Curriculum, Programming and Progress Policy
- Staff Code of Conduct policy
- Complaints and Feedback Policy
- Acceptance and Refusal of Authorisation Policy
Policy adopted: 28th September 2017
Policy Reviewed June 2019:
For review: November 2019
- ATTACHMENT 1
– Procedures for use of ICT at Styles Street Children’s Community Long Day Care Centre
- Content of emails and email addresses must always be checked before sending.
- When sending emails to multiple recipients, care should be taken to avoid the inappropriate disclosure of email addresses to a whole group of recipients. Blind copying (BCC) should be used where appropriate.
- Always include a subject description in the subject line and write clearly and professionally (See Staff Code of Conduct Policy).
- Malware has the potential to seriously damage the Centre’s ICT. Be cautious about opening files or launching programs that have been received as an attachment via email from the email itself. Instead, save an attachment to disk and scan with anti-virus software before opening, and keep an eye out for unusual filenames.
- Never open emails if unsure of the sender.
- Check email accounts on a regular basis and forward questionable emails to Centre management.
- Remove correspondence that is no longer required from the computer quarterly.
- Respond to emails as soon as is practicable.
- Do not use the work email to subscribe to anything except sites that are related to early childhood education.
CYBER SECURITY – PASSWORDS
- Keep passwords secure and private;
- Do not share passwords with anyone unless needed for conducting a work-related matter, e.g. The 2IC doing some work for the Nominated Supervisor. Approval from the Nominated Supervisor must be received before sharing any passwords.
- Do not save passwords to any computer for any web sites;
- Use a secure encrypted Application for saving passwords when there are many to remember, particularly for the Nominated Supervisor who has to access many web sites for the daily operation of the Centre.
USE OF ICT WITH CHILDREN
- Educators may use the internet on the Centre’s tablets or laptop or their own laptop to access resources, such as pictures, films and sound/music recordings to support children’s learning. They must however follow these steps:
- View the material in its entirety before showing the children;
- Ensure any advertisements are age appropriate and if this can’t be controlled wait until the advertisement has finished before showing the screen to children.
- Do not leave children unattended with the device. Children must be supervised at all times when using a device.
- Limit screen time to 15 minutes for 2-3-year olds and 30 minutes for 3 – 5 year olds.
- Educators may use the TV and DVD player to play age appropriate (G rated) shows on days when the weather does not allow children to go outside. Screen time for this purpose should be limited to 30 minutes.
- Educators may use the projector to project images and videos from lap tops for a group of children to see for learning experiences.
UNACCEPTABLE/INAPPROPRIATE USE OF ICT FACILITIES
Users of the ICT facilities must ensure that Centre’s professional image is upheld at all times. Users of the ICT facilities (and in particular, the internet, email and social media) provided by the Centre must not:
- Create or exchange messages that are offensive, harassing, obscene or threatening;
- Create, copy, transmit or retransmit chain emails, spam or other unauthorised mass communication;
- Use the ICT facilities as a platform to gain unauthorised access to other systems;
- Use the ICT facilities for personal use;
- Carry out activities that are illegal, inappropriate or offensive to fellow employees or the public. Such activities include, but are not limited to, hate speech or material that ridicules or discriminates against others on the basis of race, nationality, creed, religion, ability or disability, gender or sexual orientation;
- Use the ICT facilities for gambling purposes;
- Use the ICT facilities to access, download, create, store or distribute illegal, offensive, obscene or objectionable material (including pornography and sexually explicit material). It will not be a defence to claim that the recipient was a consenting adult;
- Discuss confidential information;
- Publicly criticise the Centre, the Nominated Supervisor, any Certified Supervisor, educators, policies or procedures via social media networking sites;
- Post work related images of the Centre, the Nominated Supervisor, any Certified Supervisor or other educators on social media networking sites;
- Use the ICT facilities to cause embarrassment or loss of reputation to the Centre;
- Use the ICT facilities to make any personal communication that could suggest that such communication was made in that person’s official capacity as an employee or volunteer of the Centre;
- Conduct any outside business or engage in activities related to employment with another organisation;
- Use the ICT facilities to play games;
- Use the ICT facilities for unauthorised profit making or commercial activities;
- Use the ICT facilities to assist any election campaign or lobby any government organisation;
- Exchange any confidential or sensitive information held by the Centre unless authorised as part of their duties;
- Publish the Centre’s email address on a ‘private’ business card;
- Harass, slander, intimidate, embarrass, defame, vilify, seek to offend or make threats against another person or group of people;
- Breach copyright laws through making copies of, downloading or transmitting, material or commercial software; or
- Attempt to repair any ICT facilities unless they are authorised to do so. All faults or suspected faults must be promptly reported to the Nominated Supervisor.
PERSONAL ICT DEVICES
- Educators may use their own laptops and tablets at the centre with children and for typing and research in their programming time, however they must follow the same procedures for use set out in this attachment for the Centre’s ICT facilities.
- Smart phones and all mobile phones are only to be used during break times. Educators must not take their mobile phones or smart phones into the classrooms, unless approved by the director for a particular circumstance.
INFORMATION STORED ON COMPUTERS
- Computer records containing personal, sensitive or health information, or photographs of children must be stored securely so that privacy and confidentiality is maintained. This information must not be removed from the Centre without authorisation, as security of the information could be at risk (refer to the Privacy and Confidentiality Policy).
- Photographs of children on tablets and cameras must be uploaded and saved on the Centre computers. Photographs must be deleted from the tablets and cameras device once they have been uploaded. Photographs of children will be deleted every 6 months after they have been used to document children’s learning and development (through an online learning and development platform or in printed format).
- Computer records containing personal, sensitive or health information, or photographs of children may need to be removed from the Centre from time to time for various reasons, including for:
- Excursions and Centre events; and
- Offsite storage, where there is not enough space at the Centre premises to store the records.
In such circumstances, the Centre will ensure that the information is transported, handled and stored securely so that privacy and confidentiality is maintained at all times.
- Computer users are not to view or interfere with other users’ files or directories, knowingly obtain unauthorised access to information or damage, delete, insert or otherwise alter data without permission.
- Ensure all material stored on an endpoint data storage device is also stored on a backup drive, and that both device and drive are kept in a secure location.
- No photos or data about the Centre, children, staff or families should be stored on staff personal computers.
USE OF THE ONLINE LEARNING AND DEVELOPMENT PLATFORM
- Educators are permitted to use the online learning and development platform during scheduled planning time and in accordance with the Curriculum, Programming and Progress Policy.
- When using the online learning and development platform, users must conduct themselves professionally and appropriately. If in doubt about a post, discuss it first with the Educational Leader or Nominated Supervisor.
SOCIAL MEDIA and INSTANT MESSAGING
- Personal accounts on social media networking sites, such as Facebook, Instagram, Snap Chat, Twitter are not to be accessed using the centre’s ICT, unless for gaining information/research for supporting children’s learning e.g. looking up a resource they may have seen on Facebook to contribute to a learning experience or professional discussion.
- Staff are not to add any current enrolled families as friends or follow them on any social media.
- The Centre’s chosen Instant Messaging system, such as WhatsApp is used for daily communication between educators and staff, replacing the written communication book. All staff are to be added to this and will have the application on their phone, tablet or computer. Staff are to keep this confidential. Staff are excepted to read the WhatsApp messages on their scheduled days of work. Staff who cannot download WhatsApp onto their own device will be messaged the messages via text message or email.
- The Centre’s private Facebook group is for educators to share information about early childhood education and discuss ideas. New staff will be added via email.
- When using social media be respectful towards others and do not post anything which could embarrass someone.
- No social media or online discussion group is to be used to share private information about the Centre, educators, staff, families or children.
- You should assume that everything you post on the internet can be viewed by anyone.
- If you have read, seen or written something inappropriate online relating to the Centre you must promptly inform the Nominated Supervisor.
- No information about what happens at the Centre, should be posted on a social media networking website, nor should any photos of children or staff taken at the Centre, or on an excursion, be posted to a social media networking websites.
- In the case of Facebook advertising, pictures of children and staff may be used ONLY with prior consent from parents and the Approved Provider.
- If an educator or any staff member is found to have published on a social media networking page photos of a child or children at the Centre; comments or published documents about the Centre or its educators and staff; or information about any family of a child in the Centre’s education and care, the educator or staff member will face an enquiry into the situation by the Nominated Supervisor and any involved party, and depending on the severity of the situation face possible termination of employment.
- Should harassment of any kind take place on a social media networking site, such as, but not limited to, sexual or verbal harassment or bullying, educators, staff members will face an enquiry into their actions and depending on the severity of the situation face possible termination of employment.
- Should a family member related to the Centre harass an educator or staff member via a social media networking website, the Nominated Supervisor will conduct an enquiry into their actions and depending on the severity of the situation face possible exclusion from the Centre.
BREACHES OF THIS POLICY
- Individuals who use ICT at the Centre for unlawful purposes may be liable to criminal or civil legal action. This could result in serious consequences, such as a fine, damages and/or costs being awarded against the individual, or imprisonment. The Centre will not defend or support any individual using the Centre’s ICT facilities for an unlawful purpose.
- Should an educator or staff member break the law on a social media networking website, such as, but not limited to, defamation, the Centre will contact the police and other relevant authorities and may commence legal proceedings without further notice. The Centre may block access to internet sites where inappropriate use is identified.
- Employees who fail to adhere to this policy may be liable to counselling, disciplinary action or dismissal.
- Management, educators, staff, volunteers and students who fail to adhere to this policy may have their access to the Centre’s ICT facilities restricted or denied.
- ATTACHMENT 2
– Guiding principles for security of information systems
The Organisation for Economic Co-operation and Development’s (OECD) guidelines encourage an awareness and understanding of security issues and the need for a culture of security.
The OECD describes nine guiding principles that encourage awareness, education, information sharing and training as effective strategies in maintaining security of information systems. The guiding principles are explained in the table below.
|Awareness||Users should be aware of the need for security of information systems and networks and what they can do to enhance security.|
|Responsibility||All users are responsible for the security of information systems and networks.|
|Response||Users should act in a timely and cooperative manner to prevent, detect and respond to security issues.|
|Ethics||Users should respect the legitimate interest of others.|
|Democracy||The security of information systems and networks should be compatible with the essential values of a democratic society.|
|Risk assessment||Users should conduct risk assessments.|
|Security design and implementation||Users should incorporate security as an essential element of information systems and networks.|
|Security management||Users should adopt a comprehensive approach to security management.|
|Reassessment||Users should review and reassess the security of information systems and networks, and make appropriate modifications to security policies, measures and procedures.|
Sourced from Organisation for Economic Co-operation and Development’s (OECD) (2002) Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security.