1. Policy Statement
At Little Flower Online School, we are committed to protecting the privacy and security of all digital data and information related to our students, parents, staff, and stakeholders. This Digital Privacy Policy outlines how the school collects, uses, stores, and protects digital information in compliance with applicable data protection regulations. Our goal is to create a secure and trustworthy online environment that respects individual privacy while enabling efficient educational and administrative practices.
2. Purpose of the Policy
- Establish clear guidelines for handling digital data, including personal, academic, and administrative information.
- Protect the privacy of all individuals associated with the school.
- Ensure compliance with relevant legal and ethical standards for digital privacy and data security.
- Promote awareness among stakeholders regarding their rights and responsibilities related to digital privacy.
3. Scope
This policy applies to:
- All digital data collected, processed, or stored by the school, including personal information, academic records, and communications.
- All stakeholders, including students, parents, teachers, administrative staff, and external service providers.
- All digital platforms, tools, and technologies used for academic, administrative, and communication purposes.
4. Principles of Digital Privacy
- Transparency: The school provides clear information about the purpose and use of data collected from stakeholders.
- Data Minimization: Only essential information is collected, stored, and processed, ensuring no unnecessary or excessive data handling.
- Security: Robust measures are implemented to protect digital data from unauthorized access, loss, or misuse.
- Accountability: The school ensures that all staff and service providers adhere to this policy and take responsibility for protecting digital privacy.
- Rights of Individuals: Stakeholders have the right to access, update, or delete their personal data as per applicable regulations.
5. Data Collection and Usage
Types of Data Collected
- Personal Information: Name, date of birth, contact details, and other demographic information.
- Academic Records: Grades, attendance, assignments, and examination results.
- Digital Interactions: Communication logs, online activity on the school’s platforms, and recorded sessions for academic purposes.
- Device and Network Data: IP addresses, device identifiers, and usage statistics collected to monitor and optimize digital services.
Purpose of Data Usage
- To facilitate academic and administrative functions, including admissions, learning, assessments, and communication.
- To provide personalized learning experiences and support.
- To ensure the safety and security of online interactions.
- To comply with legal and regulatory requirements.
6. Data Storage and Security
Storage Practices:
- All digital data is stored on secure servers, protected by encryption and access controls.
- Sensitive data is stored separately with additional layers of protection.
Security Measures:
- Regular audits and monitoring of systems to prevent unauthorized access.
- Use of firewalls, anti-virus software, and secure access protocols.
- Password-protected access to all systems, with periodic password updates required.
7. Rights and Responsibilities
Stakeholder Rights:
- Access: Individuals can request access to their personal data stored by the school.
- Correction: Stakeholders can request updates or corrections to inaccurate or outdated data.
- Deletion: Upon request and where legally permissible, individuals may request the deletion of their data.
- Consent Withdrawal: Consent for data collection and usage can be withdrawn at any time, subject to legal and operational considerations.
Stakeholder Responsibilities:
- Use the school’s digital platforms responsibly, adhering to security guidelines.
- Protect personal login credentials and avoid sharing them with others.
- Report any suspected data breaches or misuse immediately.
8. Third-Party Service Providers
- The school engages trusted third-party vendors for specific services, such as Learning Management Systems (LMS), virtual classrooms, and data storage.
- All third-party providers must comply with the school’s digital privacy standards and sign a Data Protection Agreement (DPA).
9. Monitoring and Auditing
The school regularly audits its digital systems and practices to ensure compliance with this policy. Any detected vulnerabilities or breaches are addressed immediately.
10. Data Breach Protocol
- Notification: Affected individuals and relevant authorities are notified within 72 hours of the breach detection.
- Containment: Immediate steps are taken to mitigate the impact and prevent further breaches.
- Investigation: A thorough investigation is conducted to identify the cause and implement corrective actions.
- Review: Policies and practices are reviewed and updated to prevent future breaches.
11. Compliance with Legal and Regulatory Standards
The school adheres to international and national laws governing data protection and privacy, including but not limited to:
- General Data Protection Regulation (GDPR).
- Children’s Online Privacy Protection Act (COPPA).
- Other relevant regional and local privacy laws.
12. Training and Awareness
- Staff and stakeholders receive regular training on digital privacy and data protection.
- Guidelines for secure digital practices are provided to all users of the school’s platforms.