New access controls and permissions for Users in ParentPaperwork

Data security and access are extremely important in environments such as schools, which often are managing significant volumes of personal information spanning across staff, parents and students. Increasingly, schools are using ParentPaperwork to capture, manage and report this data, and we have implemented a range of ways you can control access to data and functionality in ParentPaperwork.

This blog post outlines the types of permissions and configuration you can implement with ParentPaperwork in your school. You can also check out our Knowledge Base for further information.

A school may have as many Users accessing ParentPaperwork as they like. Note we have single sign-on for both Office 365 and Google, making it really easy to enable access for large groups of school staff. We can also synchronise a list of your staff each night as part of our overall data import schedule for your school.

User Roles

There are two User Roles:

  1. Administrator – complete access to all of ParentPaperwork’s features and configuration. We’d recommend you limit the number people with this ‘Access All Areas’ permission.
  2. User – a standard User. They cannot alter ParentPaperwork’s configuration (including managing Users) nor can they edit the Form Templates and Workflows. User Permissions can be applied to ‘Users’.

By default, a User has access to all information, and you can use various permissions settings to control and define their access.

Individual User Permissions

User can have their access restricted in multiple ways:

  1. They can be configured to only have View access. They’ll be able to log into ParentPaperwork and see all the information but will not be able to add new data or edit existing data – for example, they cannot create a new Slip nor edit a Student or Contact.
  2. They can have their access restricted to only Slips they created or those on which they appear on the workflow. In a busy school, with many Slips being sent, this is a great option to reduce the ‘noise’ for a particular user so they only see the information relevant to them.
  3. They can have their access restricted to specific Student Lists. By default, this also means their access is restricted to only the Slips they create or those on which they appear on the workflow, as per option 2 above. This is perfect for parent class reps and others who should only have access to very specific groups of students and parents
  4. Users can be assigned to User Groups, and the above permissions will be controlled via the Group.

Screen Shot 2017-08-08 at 4.07.31 pm

User Groups

User Groups can be used to control permissions for groups of Users. You can set the same permissions as for individual Users, and these will apply to Users assigned to the Group instead of the individual permissions.

The User Groups list page summarises the permissions assigned to each Group.

Editing a User Group allows you to control the permissions.

Users Groups and Form Template Categories

User Groups can be used to control access to sets of Form Templates via the Template Categories.

A Form Template can be assigned to one or more Form Template Categories. A Category may be assigned to one or more User Groups.

If a Category is assigned to a User Group, only Users assigned to the Group can:

  • Create a new Slip/Form from the Templates in that Category
  • Access an existing Slip/Form that was created from the Templates in that Category

By using a combination of User permissions, User Groups and Form Template Categories, you can restrict access to information in ParentPaperwork to selected Users and groups of Users.

For example, perhaps staff within school departments can be given view only access to Slips/Forms relevant to their department, while the heads of department can edit and manage forms across one or more departments. Or only school leaders are given access to Forms relating to human resources or staffing issues.

The Private Lives of Students – Data Security and Privacy in Schools

How did you celebrate Data Privacy Day this year? Did you change all of your passwords? Or did you enact two-step verification on your login data?

Chances are you’re not even aware of what day it falls on (it’s 28th January for those playing along at home).

Despite being around for almost a decade, Data Privacy Day doesn’t get much news coverage. Like a lot of our personal data that we give out freely online, we don’t give it a lot of attention, even with fresh headlines each week of social media hacks, stolen personal images of the rich and famous, and whole corporations being held to ransom.

All of us would readily say we have concerns about what happens to our data and who has access to it. But very few of us, if any, will read a privacy policy before hitting the ‘Accept’ button and handing over our information to companies we know very little about.

Whether it’s convenience, laziness or lack of education, our willingness to trust companies to not mine our data is at its peak.

Recent experiments that have raised awareness of the dangers of using free Wi-Fi networks from unknown providers include:

These examples highlight the dangers inherent in systems we use every day, albeit, extreme ones. Luckily, the six people who signed over their firstborn were given a reprieve.

What about student data?

It has taken a while for us to realise the importance of protecting the data and privacy of students.

Schools have long kept records on their students that included personal information, health issues, grades, suspensions, absentee and truancy records, etc. But, as school administration systems have moved to digital, storing this information on databases and in the cloud, the issue of how secure this information is and what should actually be recorded and retained has become of greater concern.

It’s not just school records in the spotlight either. Teachers using apps to monitor behaviour, school cafeterias using palm scanning technology to purchase meals, and social media sites being used to trade information on classes and school sports are all causes for concern when it comes to privacy.

Alarmingly, a recent survey in the US by Common Sense Media showed that only 13% of respondents knew “a great deal” about how their schools collected, used, stored and destroyed student data. Their results can be seen in the infographic below.

CSM-school_privacy-infographic_FEB14

The backlash and response

The good news is that data security and privacy for students is an issue that is starting to garner more awareness in the media and with parents.

Recent cases around the world that have made the news include:

  • Concerns about a new primary school database that keeps students’ personal details, including religion and ethnicity, on file until their 30th birthday; and
  • A $100 million database used to store “test scores, learning disabilities, discipline records – even teacher assessments of a child’s character” being scrapped after an outcry from parents and civil liberties groups.

In response to growing fears of student data being sold to third parties, identity theft and personal information finding its way into the public domain, governments are finally taking action.

Last week in the US, President Barack Obama unveiled the Student Digital Privacy Act to ensure that data collected by schools is used solely for educational purposes and cannot be sold on. It’s legislation based on a recently introduced Californian law “prohibiting educational sites, apps and cloud services used by schools from selling or disclosing personal information about students from kindergarten through high school; from using the children’s data to market to them; and from compiling dossiers on them.”

Australia also updated its privacy laws last year to regulate the collection, storage, use and disclosure of personal information by independent schools.

What can parents do?

For anyone concerned about student privacy and data, there are a number of things you can do to help keep sensitive information safe.

  1. Educate and get educated

The number one thing parents can do is to learn about the data collection practices and student privacy issues at their child’s school. Find out what systems are currently used, and read up on the company’s services and policies.

Keep abreast of any new technologies or systems being used by the school.

You should find out what data is collected, for what purpose it is used and with whom it is shared. Look into your rights to access the information or to opt-out of such services and ask about what policies are in place if these systems are breached.

It is also important to teach your child about keeping their information safe and the dangers of sharing it with others.

  1. Know your rights

A quick search online will help you understand your rights when it comes to data collection and storage. Ensure the school and third party vendors are adhering to them. Schools should be transparent when it comes to your child’s information. If they’re not, question why. 

  1. Watch the news and be vocal

Follow any story about changes to laws and new legislations that may affect student privacy. Let your school know of any concerns you may have with new laws or with new and current systems being used. The closure of the aforementioned $100 million database shows the power that parents and lobby groups can wield.

It doesn’t have to be Data Privacy Day for us to keep the issues of data privacy and security in our sights. Being aware and raising awareness of the safety of you and your child’s personal information should be an everyday concern not only for you but also for your child’s school. Technology can make a teacher’s job much easier, giving them more time to spend with students.

It’s our responsibility collectively to ensure the products that make our lives easier are also safe for us to use.

ParentPaperwork takes privacy seriously. For more information on how we handle data, please read our privacy policy