Protection our children online
Children and schools now more than ever, in the context of remote learning, are more susceptible to social engineering and schools phishing attacks or to put it another way more prone to be victims of child predators. There is also the social media risk where social media is being used by traffickers to recruit victims, to proliferate their trafficking operations, and to control victims through restricting their social media access, impersonating the victim, or spreading lies and rumors online. In the face of this Covid-19 pandemic many schools have transitioned to the delivery of educational instructions online. Having done so it is our position that they are now obliged to ensure the appropriate controls are also put in place to protect the right of privacy of our children. We fear that this is currently being overlooked.
Based on the report of the Minister of Education, schools have done a commendable if not amazing job in rapidly making their educational instructions available on line, moving from the physical classroom to the virtual classroom. While this was done voluntarily by some schools it was also done at the behest of the Ministry of Education. It is impatient of debate that maintaining the consistent delivery of educational instructions is critical for our children and Jamaica both in the short and long term.
We assume that those schools that could afford to have the basic infrastructure in place to be able to offer educational instructions online, literally overnight, would also have in place a robust physical security framework. The security framework could possibly include security fencing with a manned gate, school access protocols during school hours coupled with possibly CCTV among other such security solutions. These security measures all with a view of protecting our children from the vagaries of society.
While having done what is necessary to guarantee the continuation of the delivery of educational instructions to our children, to what extent have we put measures in place to protect our children online and more particularly their personal data? No longer are our children being exposed to the threats that attend a physical school, which threats are limited to the geographical location. Now the threats are those that exist online. The 2018 US Trafficking in persons report stated that “Traffickers increasingly use social media platforms to recruit victims.”
Our is view that the chances of our children being targeted for grooming or for human trafficking or for whatever other nefarious purpose is greater online than in the real world.
If one accepts that premise, it follows that resources and time spent on protecting our children online should exceed the budget and energy spent on physical security. The question that must now be asked is what if controls if any have been put in place to protect the personal data of our children by schools that process their data? In particular, what measures have been put in place by the schools to educate our children about the dangers of using online platforms and what controls have the schools put in place to protect the confidentiality, integrity and accessibility of the personal data of our children of which the schools are fiduciaries.
One need look no further than our Charter of Fundamental Rights and Freedom to understand that schools are not only fiduciaries but along with the Ministry of Education have a duty to protect our children and their informational rights. Article 13(3) (k(1)of our Charter of Fundamental Rights and Freedoms guarantees the right of every child to such measures of protection as are required by virtue of the status of being a minor or as part of the family, society and the State. The UN Convention on the Rights of the Child that was approved by the United Nations General Assembly in 1989 and spells out the human rights to which the world’s children are entitled. In particular, Article 17 refers to access to information by children and protection from “information and material injurious to his or her well‐being” (UN General Assembly, 1989).
In 2016 the Office of the Children’s Advocate under the leadership of the Advocate Diahann Gordon Harrison. published a Be Social Be Smart Social Media Guide for children and parents which is a must read for all parents.I have sought to extract some of the relevant parts:
“. . . the Internet through smart phone applications has also ushered in a new age of risk exposure, especially for that of children. This kind of vulnerability can be further exacerbated if parents are not able to effectively engage with these kinds of ICT’s. If parents lag behind in this regard, it is more difficult for them to access what the potential dangers on the internet may be for their child and ultimately guide them through this space.
The Internet is a space which many child predators often utilize as a means of gaining access to potential child victims by exploiting their innocence. These predators will often spend their time seeking children who they see as vulnerable; children who may exhibit traits of low self-esteem and potentially children who they may access.”
The Children’s Advocate went further and gave several pieces of advice that are worth sharing:
- Inform them that they should refrain from selecting provocative or easily identifiable nicknames.
- Ensure that you instruct your children to be careful about the kinds of files they accept, download and/or share with others, especially if they were received from people they do not know.
- Children need to be reminded in your conversations with them about cyber space that speaking with strangers online can be dangerous.
- Never post or exchange personal photographs.
- Never reveal personal information, such as address, phone number, or school name or location. Use only a screen name. Never agree to meet anyone from a chat room or social media site in person.
- Never respond to a threatening email, message, post, or text.
- Always tell a parent about any communication or conversation that was scary.
- If your child has a new “friend,” insist on being “introduced” online to that friend.
The Children’s. Advocate having done such an excellent job at sensitizing parents and children on the dangers that exist online, in furtherance of their mandate to enforce and protect the rights and best interests of children now ought to pay special attention to the schools that are processing children’s personal data. Given this sudden and large scale move to deliver educational instructions remotely, the threats faced by the personal data of our children and the potential damage or distress that may follow, if there was a data breach, has been multiplied and ought to be contemplated. Having determined what if any vulnerabilities exist in the existing processes and platform, the appropriate controls ought to be put in place to safeguard the confidentiality of the personal data of our children and by extension protect our children from online predators.
Police data reveal that in 2018, 1,512 children were reported missing, with girls (1,164) outnumbering boys (348) three to one. Jamaica remains a Tier 2 country in relation to human trafficking TIER 2 and sexual offences and statutory rape continue to be an ongoing problem.
In light of the foregoing facts and the acknowledgment that online activity is related to or increases the exposure of our children to predatory behavior, entities such as the Ministry of Education, the Children’s Advocate, the the Child Protection and Family Services Agency (CPFSA) and NGO’s such as Hear the Children Cry are obliged to address their mind to the protection of children’s personal data.
This now goes beyond ensuring children and their parents are social media literate. It means holding entities that process personal data of children accountable and if not holding them accountable at least insisting that they implement appropriate technical and organizational methods to safe guard the personal data that they are processing. It is not necessary to wait for the creation of an Information Commissioner to police schools as the above entities in someway or the other already have a mandate to protect our children.
These are the sort of questions we need to start thinking about. What sort of security protocols are in place to protect the databases that host our children personal data in schools and in the Ministry? What sort of controls are in place to protect the medical information about our children that our schools process? Are they protecting their digital assets and by extension our children’s personal data in the same manner they protect the physical school? To what extent has the Ministry of Education put guidelines and policies in place for schools to follow in relation to minimum technical and organizational measures that should be followed by each school to protect the personal data of children.
We appreciate the heavy lift that was and is being done by the Ministry and schools to facilitate remote learning in such a short period of time. Having implemented it however one of the kinks or elephants in the room that needs to be addressed is the protection of our children’s personal data. While we try to adapt to this new online environment let us be sure that we are building out sustainable resilient and secure platforms that can serve us today and in the future without putting our children at any additional risk. Rest assured this moment in time will pass, and as a people we will survive, as such we want to ensure that the infrastructure we build out today is not only appropriate to meet our present needs but also our future needs.
Chukwuemeka Cameron is an Attorney with a Masters in Information Technology and founder of Design Privacy, a consulting firm that helps you comply with privacy laws and build trust with your customers. Feedback can be sent to ccameron@designprivacy.io