pixel

CHILD SERVICES AND EDUCATION

 

Child Services, Education and Data Protection Part 1:

Key Considerations

Data protection is important for any business, regardless of the sector they are in and organisations working with children face unique hurdles and threats in this field. Many data protection regulations and laws have special requirements for handling the personal data of children, however, you need to be aware of how children are defined under these laws and regulations. For example, in terms of data protection a child in the UK is anyone below the age of 13 years, whereas in the Republic of Ireland a child is defined as anyone under the age of 16 years. With all of this in mind, all organisations handling children’s personal data should consider the following to avoid the chances of suffering a breach, or not complying with the law.

  1. How are you using consent? If you are using consent as your basis for using the child’s data, then you will need to get this consent authorised by their parent/guardian and where necessary take appropriate steps to verify this authorisation. Your organisation will also need to provide a way for parents/guardians to withdraw this authorisation. There are exceptions to this, for example, where consent is needed to provide counselling services directly to the child, no authorisation is required.

 

  1. How do you manage your suppliers? It is important that your suppliers understand when they are being passed personal data for children and any additional actions they may need to take when processing this data. These requirements should be included in legally binding agreements, such as contracts and will also need to cover any other requirements under data protection law.

 

  1. What training is needed? As most data breaches are down to user error, training can be an enormous factor in preventing data breaches. The children that you deal with may also require training, as they could be unaware of the threats and dangers they face and may not completely understand the consequences of handing you their data.

  1. Are you using suitable language? Under a lot of data protection legislation people have the right to be informed, which will require you to communicate information to the children. It is therefore very important that all of these communications are clear and you are using plain, easy to understand language that is suitable for the age group that you are dealing with. We recommend that you start by reviewing your privacy notice(s).

 

  1. How do you respect their data rights? Data protection legislation gives people a number of rights, including the right to access, correct and erase their data. These rights are particularly important for children, who may not understand the consequences that the use of their personal data can have. Your organisation will need a procedure in place to handle these requests and you will need to consider what to do if parents/guardians make requests on behalf of the child.

….To be continued in Part 2

If you want to speak to one of our experts about any of the content in this article, you can book a free 30 minute no commitment consultation here.