Appropriate permissions for blog posts?

[Pastor Tim]

I am getting involved in a project at a Christian school where they want all of the teachers to maintain a class blog to post assignments, news, announcements, etc. It has fallen my lot to establish policy for this.

The school has a blanket permission form that students and parents sign (or not) giving permission for their pictures to be used in school promotions and publications. I am wondering if this is sufficient for pictures posted on the blogs. My main concern, as I understand it, would be pictures of individual students (as opposed to group shots) because of the whole "model release" business. I am more than a bit over my head on this, but need to come up with standards that will keep the school out of trouble.

Thanks to any who can help.

Pastor Tim

[Sysmom]

I would be EXTREMELY hesitant, release or not, of publishing a minor's name on the web, ESPECIALLY with a photograph.

So now a potential predator knows the school he/she goes to, what they look like, their first and last name, and probably what grade and teacher/s they have.

I am NOT familiar with what the laws surrounding disclosure of that much individual information about minors are these days - but I'd say legal trouble is the least of the problem.

deb

[Lucas]

See here

[Pastor Tim]

Lucas: That's pretty scary.

Deb: The policy at this point is that we will only use first names, never full names. The blogs will also be restricted access, only accessible by subscription so that we will control a list of the e-mail addresses of those able to read the blogs. At this point the decision is pretty much made outside of my control, I'm just trying to impose adequate restrictions so that parents and students can get the information but they are protected. We are having some of the same issues with the on-line access to grades and other academic records - although those are via passwords and rather limited access.

There are issues, but I guess we are forging ahead.

Pastor Tim

[prochlea]

Tim -

I would check with a lawyer on this before putting anything on the web. With all the problems in our world today and privacy issues, you're opening yourself up to serious potential legal issues - even if it is password protected. Society has gotten so litigious that you have to have all your ducks in a row...

[Sysmom]

Well, then ... if you have a release for promotional purposes, I suppose it would extend to any official publication of the organization, whether electronic or on paper.

deb

[Pastor Tim]

I think we may be in somewhat nebulous territory here. The more I think about it the more I am inclined to send it to the school lawyer for comment. This type of thing is becoming very common nowadays, but there are obviously a lot more questions than I have answers.

The major purpose of the blogs will be communicating assignments so that parents can see what their kids are supposed to be doing and so kids who "forget" to write down the assignment are without excuse. I'm going to be doing a preliminary discussion on this with the faculty tomorrow, so I think I'll encourage them to, at least for the time being, keep the focus on assignments and the like and avoid anything that gives out personal information.

Pastor Tim

[mom2jaar]

When I taught at a Christian school a couple of years ago, we had an account on classbuilder(dot)com. As a teacher, I used that for recording all my grades, posting assignments, and sending messages to parents. Students and their parents could access their own records (by password) to see what work was missing and what grade they got on each assignment. The site computed grades (the teacher entered weights for various elements, e.g., homework, classwork, tests, quizzes, projects) and printed out reports. It was very helpful! (There was also a blog feature, but I didn't really use it. I don't recall any ability to upload photos.)

[brenthomer]

http://freerangekids.wordpress.com/2...-subway-alone/
food for thought.

[voyager529]

Level Six Rant Warning:

I saw this thread yesterday and felt the urge to respond to it, but I was on my iPhone and didn't feel sufficiently urged enough to write out this long rant via the iPhone keyboard (those are level eight and above). This is largely in response to Lucas' link to an article where people are hitting the fan over personal databases stored on a computer as opposed to a filing cabinet.....

First off, half of these kids have myspace/facebook, so plenty of their personal info is already online VOLUNTARILY, accessible to anyone who does nothing more than sign up for an account or hit up bugmenot. This system employs VERY heavy encryption, as well as severely limiting outside access to start with. If the parents are really that worried, tell them to look at their kids' facebook profiles before giving grief to the schoolboard.

Second, EVERY computer system comes under fire. It is the nature of the beast. My FTP server gets hack attempts from around the world. I have it set up so the only thing that they do is generate a footnote and an IP address in my Filezilla server log file. Nobody has EVER gotten into my FTP server that I didn't expressly approve. Hollywood makes it look like hacking is a trivial matter that takes only a minute or two, but that is so rare that anyone who sets up a proper security system should see plenty of attempts, but no entries. Plus, there are plenty of easier means to do this. I'll reference point #1, and segue to point #3...

At my church, anyone who works in the youth ministry, children's ministry, or nursery must undergo a background check and attend a don't-be-a-ped0phile workshop.. In that don't-be-a-ped0phile workshop, they brought up an interesting point that's quite relevant here. In about 20% of documented cases, predators targeted a specific child and spent between months and years "grooming" them. The other 80%? they took advantage of an opportunity that presented itself. So someone who's ultimate goal of harming a child would have to be someone sick enough to do it, have the computer skills to hack the computer systems to gain information they probably already know or can easily obtain, then cover their tracks, all in a sufficiently perceivable radius - it's incredibly unlikely that an American would be able to do this because he would have to fly internationally in order to "groom" his target. That's very expensive and unlikely to succeed. People with the motive, mindset, skills, and regionally localized must be a highly irregular exception and an incredibly special case.

Point #4: Some parents would argue that the database would be most valuable to people that would desire to manipulate the images it contains to produce an explicit image for illicit means. Well, given several factors, I doubt that that is a realistic possibility. Between the purpose of the photos (to give a teacher a visual link between the child and the data) and the storage/bandwidth limitations, It's highly unlikely that more than a low-res image (high-compression 320x240 or lower) would be necessary. This isn't a portrait session, this is a school record. Even if they were high res, most school photos I've seen have been tight head-shots and aren't enough to be turned into anything explicit. Even if someone were to fabricate an image from nothing, what's the point of using a child's face from a school record when all you have to do is just fabricate the face with the rest of the body? Let's say that a facial shot was necessary - all it takes is a quick trip to Google Images to get one that doesn't require the Olympic-sized hurdle jumping that they're talking about.

Point #5: Most of these kids are headed to uni/college. Are parents going to organize picketing, protesting, boycotting, and cow-having sessions when their records are going into college databases?!? My college has a record of every class I've taken, grade I've gotten, e-mail I've sent, dime I've given, meeting I've had, and enough personally identifiable information to make the college database a one-stop shop for stealing my identity. Even if there are paper references, they're printouts of computer records. If parents don't want records going into computers, then they better hop a one-way rowboat to Lancaster PA to become Amish, because higher education keeps electronic records. Period.

Final point: What makes having paper records so much more secure? Give me a few paper clips, mirrors, or the direct approach - sledgehammer and bolt cutters, and voila I've stolen the paper records. Heck, I'm sure there's an office employee dishonest enough to give me copies of some records in exchange for a C-note or two. But somehow they can sleep at night with that, but the concept of having a secured database has them gathering international press coverage?

Personally, if I had the power and means, I would tell them, "Okay, I'll tell you what. I'll have my network engineers whip up a second largely identical system that uses the same security measures as the database with the records. If any parent with a student enrolled at this school can hack this second system, tell me its contents, and provide duplicatable prodecures for how they did it, I'll have all the records printed out, the system taken down, and provide their child with a free-ride scholarship to the uni of their choice, down to the gas it takes to haul their stuff home on graduation day." Then make a database of the names of every episode of Hannah Montana. Now, I've given the parents motivation to take some time and DO SOME RESEARCH instead of jumping to ridiculous conclusions like a panic stricken herd of monkeys.

Every parent tells me the same thing: when you're a parent, you'll understand. Maybe you're right. Maybe it's just the fact that I'm 22 and am savvy enough to know that a well-secured SQL server is a tough nut to crack, but I am wondering how many parents are hitting the fan over preconceived notions of insecurity based on Hollywood, and how many did some research and found some kind of flaw in the system. Maybe I missed it, maybe it was considered to boring to document, but I didn't see a single instance in that article where a parent provided any evidence to back up their claim. If being a parent means making claims without evidence, then the Famiglietti line stops here.

Okay, so maybe that was a level seven rant. As for the original post, as was suggested beforehand, check with an attorney, and perhaps a good old fashioned e-mail blast may be better because you can more readily control (AND PROVE) who the intended recipients are.

Joey

[Lucas]

Joey, I 100% agree with you.

My Smoothwall logs are chocka block with hack/ intrusion attempts.

What could they possibly get from me?

Yet, like you, i have a webserver up, a FTP server up, a UT2004 server up.
I've never had a problem

[Pastor Tim]

Thanks, Joey ... I think

After a week of messing with this I think we are pretty much going to use the blogs for posting assignments (to cut down on student excuses) and homework reminders to the entire class. None of that is particularly sensitive information and no names or pictures will be part of that data. Some of the teachers will be using their blogs for class newsletters, but they have been given pretty tight guidelines. The general rule, even though we are setting the blogs up as subscription only, is that they shouldn't post anything they wouldn't be comfortable putting in the newspaper. (odd that newspaper photos of kids are perfectly acceptable but web photos create panic... )

The gradebook system is password protected and behind a pretty good firewall. The external exposure on that is pretty much only grades and attendance records, and that is by password protected accounts created for the parents. Nothing is cracker-proof, but I'm comfortable with this, and I have data from 4 kids on it.

I appreciate the input and responses. I'm still waiting to hear from the school attorney, but the initial response seemed to be a distinct lack of interest.

Pastor Tim