Further to the previous article on the Use of Generative AI in MATs and Schools from our sponsor SchoolPro TLC, we encourage you to this review this further guidance to ensure you are AI safe in your School and Multi Academy Trust starting with this checklist.
 
General AI Best Practices

• Verify all AI-generated content for accuracy before use.
• Use AI tools to enhance learning and reduce workload, not to replace professional judgment.
• Stick to school-approved AI tools that comply with data protection policies.
• Maintain human oversight—never rely solely on AI for assessments or decisions.
• Be transparent—let students and staff know when AI has been used in content creation.
• Train staff and pupils on AI’s risks, limitations, and ethical considerations.
  
  

Data Protection and Security

• Never input personal, sensitive, or pupil data into AI tools unless explicitly approved.
• Always check whether an AI tool is open or closed before using it.
• If using AI for decision-making (e.g., profiling students), conduct a Data Protection Impact Assessment (DPIA)
• Update policies, privacy notices, and acceptable use agreements (AUA) as needed.
• Consult the SchoolPro TLC Data Protection Officer (DPO) if in doubt.
  
  

Teaching and Pupil Engagement

• Encourage students to use AI as a learning tool (e.g., research, brainstorming) rather than for completing assignments.
• Educate pupils on responsible AI use, plagiarism risks, and fact-checking information.
• Monitor AI’s impact in classrooms — ensure it aligns with safeguarding and educational goals. 

Quick Staff Guide
What is AI and How Can It Be Used in Schools?
Artificial Intelligence (AI) can support teaching, reduce workload, and improve efficiency. When used responsibly, it can:

• Assist with lesson planning, assessment design, and report writing.
• Automate routine admin tasks (e.g., scheduling, summarising data).
• Provide personalised learning support for students, including SEND adaptations.

However, AI must be used with caution to avoid data breaches, bias, misinformation, and over-reliance.

Key Safety Tips

• Check before you trust: AI makes mistakes—fact-check all outputs.
• Protect student data: Never enter personal or sensitive information into AI tools unless specifically approved.
• Understand AI bias: AI models can reinforce biases—review content carefully.
• Use approved tools: Stick to school-approved, closed AI systems whenever possible.
• Update policies: Ensure AI use is reflected in privacy notices, AUAs, and safeguarding policies.

How to Talk to Pupils About AI

• AI is a tool, not a replacement: Students should use AI to support learning, not to do their work for them.
• Plagiarism risks: AI-generated text needs proper citation—copying AI work is academic misconduct.
• Misinformation awareness: AI can make up facts—students must verify sources before using AI-generated content.
• Think critically: Encourage students to question AI responses and improve their digital literacy.

Who to Contact for AI Support
For any AI-related concerns, training needs, or Data Protection questions, contact your School’s IT or Data Protection Lead, Your SchoolPro TLC Data Protection Officer (DPO).

Have you embarked yet on your Artificial Intelligence (AI) journey?

​
The use of AI in schools is rapidly growing, offering numerous benefits, such as enhanced efficiency, personalised learning, and improved decision-making.

​However, AI also presents challenges, including Data Protection risks, ethical considerations, the risk of bias, and concerns over transparency.

Given the rapid advancements in AI and the growing reliance on these technologies in education, it is crucial for MATs and schools to establish clear policies that balance innovation with safeguarding concerns.
 
Our sponsor, SchoolPro TLC provides some helpful guidance here and a framework for the responsible use of AI in schools, ensuring compliance with UK GDPR, recommendations from the Information Commissioner’s Office (ICO), the Department for Education (DfE), and guidance from Ofsted. 

What is Generative AI?
Generative AI refers to AI systems that can create new content, such as text, images, video or audio. Unlike traditional AI, which follows explicit programming to complete specific tasks, generative AI uses machine learning to create original outputs from input data.

The UK Government and the ICO define AI as technology that mimics cognitive functions associated with human intelligence, such as learning and problem-solving. AI is increasingly used in MATs and schools for both educational and administrative purposes, raising questions about responsible implementation, data security and the ethical implications of its use.

Open vs Closed AI Systems
Understanding the distinction between open and closed AI systems is essential when assessing risk and implementing AI within educational settings:

• Open AI Systems | These include publicly available AI models (e.g., ChatGPT, Google Gemini) that continuously learn from user inputs. They may store, share, or learn from the information entered, including personal or sensitive data. Schools should avoid entering identifiable information into these tools to protect personal and special category data.
• Closed AI Systems | These are proprietary AI solutions controlled by an organisation (e.g., school-specific AI tools integrated into a school’s Learning Management System). Closed systems offer greater security and compliance as external parties cannot access the data input. If a school uses closed AI tools to process personal data, this must be included in the school’s Privacy Notice.

Can Open AI Systems Be Configured as Closed?
Some AI tools, such as Google Gemini, Microsoft Copilot, and other cloud-based AI models, are generally considered open AI systems by default. However, it is possible that they can be configured to function as closed systems depending on their settings and the environment in which they are deployed.

For example, within a Google Workspace for Education environment, Google Gemini can be configured to:

• Operate within a restricted school domain, preventing data from being shared externally.
• Be managed through Google Admin Console, where IT teams can disable data collection and adjust privacy settings.
• Restrict AI usage to pre-approved applications, ensuring compliance with school policies.

In such cases, an AI tool that is generally open in a public setting may be functionally closed within a well-managed, restricted environment. Schools should consult their IT lead or Data Protection Officer (DPO) to determine whether an AI tool is configured to meet Data Protection requirements before use.
MATs and schools should assess AI applications before use to determine their suitability based on these classifications and apply appropriate safeguards, such as data minimisation and access controls. 

Scope of AI in MATs and Schools
Pupil Usage
AI has the potential to enhance learning through activities such as:

• Personalised tutoring
• Research support
• Critical thinking development
• Adaptive learning platforms

However, students must be educated on the ethical use of AI, particularly in avoiding over-reliance and plagiarism. Acceptable Use Agreements should explicitly outline permissible and prohibited AI use.

Staff Usage
Teachers and administrators can potentially use AI for activities such as:

• Lesson planning
• Curriculum development
• Report writing (without identifiable student data)
• Student performance analysis
• Administrative tasks such as scheduling and resource management

Staff must verify AI-generated content for accuracy and must not input personal or sensitive data into generative AI tools without prior assessment.

Governors and Leadership
Governors and senior leadership teams play a crucial role in overseeing AI implementation, ensuring compliance with Data Protection laws, and updating policies as AI capabilities evolve.

Core Principles for AI Use
Transparency
MATs and schools must conduct Data Protection Impact Assessments (DPIAs) when AI tools process personal data. DPIAs help identify risks and establish mitigating strategies to protect sensitive student and staff information.
 
Schools should also be transparent about how they use generative AI tools, ensuring that staff, students, Governors, parents, and carers understand how their personal data is processed.

Accountability
Roles and responsibilities for AI use must be clearly defined and schools should:

• Assign AI oversight responsibilities to senior leaders.
• Implement AI governance committees where appropriate.
• Ensure staff are trained in AI risk management and Data Protection.

 
Compliance with Data Protection Legislation
Schools must ensure that AI tools comply with UK GDPR and their Data Protection Policies.
To protect data when using generative AI tools, schools should:

• Seek advice from their Data Protection Officer (DPO) and IT lead before using AI tools.
• Verify whether an AI tool is open or closed before use.
• Ensure no identifiable information is entered into open AI tools.
• Acknowledge or reference AI use in academic work. 
• Fact-check AI-generated results for accuracy before use.

AI and Data Protection in Schools 
AI use must comply with UK GDPR and the Data Protection Act 2018 in order to safeguard personal data. Schools reserve the right to monitor AI usage to prevent misuse and ensure compliance with academic integrity policies.

Data Privacy and Protection
The use of personal data in AI tools must be handled with extreme caution.
Schools and MATs should adopt the following principles:

• Avoid Using Personal Data in AI Tools | It is recommended that personal data is not entered into AI applications unless absolutely necessary.
• Strictly Necessary Use | If personal data must be used within an AI system, the school or MAT must ensure:
  • Full compliance with UK GDPR and school data privacy policies.
  • Appropriate safeguards such as anonymisation or pseudonymisation are in place.
  • Clear documentation of the processing, including a completed DPIA.
• Transparency in Automated Decision-Making | Schools must be open about any use of AI in decision-making or profiling, ensuring pupils, parents, and staff understand how their data is processed.
• Legal Basis for AI Data Processing | If AI tools process personal data, the appropriate legal basis should be identified and any relevant actions implemented as a result before use.
• Security Measures | AI-generated data should be protected using encryption, access controls, and secure storage.

 
Additionally, some generative AI tools collect and store additional data, such as:

• Location
• IP address
• System and browser information

 
Schools must review and disclose how any data collected by generative AI tools is processed and stored in their Privacy Notice.

Ofsted Expectations for AI Use in Education
Ofsted does not directly inspect the quality of AI tools but considers their impact on safeguarding, educational quality, and decision-making within schools.

Schools must ensure:

• Safety, Security, and Robustness: AI solutions used in schools must be secure and protect user data, with mechanisms to identify and rectify bias or errors.
• Transparency: Schools must be clear about how AI is used and ensure that AI-generated suggestions are understood.
• Fairness: AI tools should be ethically appropriate, addressing bias related to small groups and protected characteristics.
• Accountability: Schools must ensure clear roles and responsibilities for monitoring and evaluating AI.
• Contestability and Redress: Staff must be empowered to override AI suggestions, ensuring human decision-making remains central. Complaints regarding AI errors must be appropriately addressed.

Leaders are responsible for ensuring that AI enhances education and care without negatively affecting outcomes.

Integration into Policies and Agreements
To ensure compliance, transparency, and ethical AI use, schools and MATs should update their existing policies to include provisions for AI. We have drafted recommended text to add to key policies and privacy notices in order to support this process. This information for parts of our AI Guidance pack for schools and is included in the following document: 
2 - Generative AI in MATs and Schools - Policy Updates. 

Report by Soton Soleye and Ben Craig, School Pro TLC

Team Achievements
The SchoolPro TLC Teams have their own expertise and are proud to have excelled in various projects with a commitment to deliver exceptional results and ultimately, to strive to exceed client expectations. Special recognition goes to the Data Protection Office Team for their outstanding performance in supporting schools with:
 
892 data breaches
671 Subject Access Requests
181 data decisions
 
The Data Protection Impact Assessors (DPIAs) saw a 74% increase on last year with 73 completed.
PLUS, numerous compliance checks and audits undertaken by the team and this does not even include an attempt to count the number of emails and phone calls responses!
 
The Training Team have supported (through the SchoolPro TLC online training platform) 11,922 school staff course completions across Cyber Security, Data Protection and Safeguarding training courses.
 
They have also run onsite and remote staff training sessions throughout the year and developed a number of new training courses focused on different Data Protection topics, including Subject Access Requests (SAR) management and How To Be A Data Protection Champion.

Finally, the launch of the ‘After School Sessions’ enjoyed a successful first in a sequence of training events on Safeguarding and Data Protection in the SchoolPro TLC Gloucestershire HQ in November.

Community Engagement
School Pro TLC are proud to have strengthened their commitment to corporate social responsibility, and participated in several initiatives that have made a positive impact on our community.
 
They continue with the SME Climate Hub Commitment and hope to carry on reducing emissions  into the new year and beyond with a target to achieve net zero by 2030.
 
Partnering with The Ocean Network in support of Surfers Against Sewage, this is an exciting relationship as they become a voice for the ocean in helping to protect the UK’s unique coastal environment. A cause that is close to the Team’s hearts.

Click on the logos below to find out more!

Looking Ahead | Strategic Goals for Next Year
Planning is in earnest for the launch of the new portal, which will increase team capacity with the intention of best serving schools and Trusts, whilst building on successes, and exploring new opportunities with partnerships to support SchoolPro TLC clients with even more cost-effective and high-quality services.
 
If you have yet to meet SchoolPro Safety, this new brand was launched in September, and offers a range of Health and Safety services; and will be joined by the upcoming SchoolPro Safeguarding, due to launch early this year.

Lisa first discovered the value of Social Stories nearly 25 years ago when she used her son’s special interest in Mr Bean with the aim of helping him to learn the social requirements of lining-up in the playground. This was followed in 2006 when she attended a workshop by Social Stories pioneer, Carol Gray who shared how she invented the concept to “describe a situation, skill or concept in terms of relevant social cues, perspectives and common responses in a specifically defined style and format.”

Back in 1989, Carol began writing stories for her students to share information with them that they seemed to be missing. Information that we so often take for granted and many of these stories resulted in immediate and marked improvement in her students’ responses to daily events and interactions.
 
Social Stories are based on a social understanding approach, which assumes that to teach “appropriate social responses” to a student with an autistic spectrum disorder could hold little meaning if others do not understand the student’s perspective, or the student does not understand what is occurring around them and why.
 
The first step to teaching social skills is to ensure, beyond all assumptions, that the student has accurate and specific social information. A Social Story is not something that tells a child they are doing wrong. But rather, it informs and guides. It is not to be referred to in a punitive way and it may also be seen as a social demand for those young people who experience demand avoidance.
 
Before you commence a Social Story, Gray recommends essential information-gathering via the art of observing, talking and collaborating with the aim of promoting understanding; rather than changing behaviour and the goal of sharing the information.
 
The aim of a Social Story is to share accurate social information in a patient and reassuring manner that is easily understood by its audience. Half of all social stories developed should affirm something that an individual does well. It should never be intended to change the individual’s behaviour, but to improve the individual’s understanding of events and expectations may lead to more effective responses. 

The Ten Defining Criteria and Guidelines for Writing a Social Story
 
1️. Meaningful | A Social Story meaningfully shares social information with a child in a reassuring way and at least half of the story applauds achievements.
 
2️. Structure | The story has an introduction that clearly defines the topic, a body that adds detail and a conclusion which reinforces and summarises information. A beginning, middle and end.
 
3️. Questions | A social story answers the “wh” questions (why, what, where, when and who).
 
4️. Perspective | It should be written from the first or third-person perspective (I, my, and he, she, they) and not second person (you!).
 
5️. Language | Use positive language with descriptive sentences, with the option to include any one or more five remaining sentence types (perspective, cooperative, directive, affirmative and/or control sentences).
 
6️. Perspective Sentences | Consider sentences that refer to, or describe, a person’s internal state, their knowledge, thoughts, feelings, beliefs, opinions, motivation or physical condition and health.
 
7️. Description | Describe more than direct.
 
8️. Format | Consider a format that is tailored to the abilities and interests of the audience that is usually literally accurate.
 
9️. Illustrations | Use individually tailored illustrations to enhance the meaning of the text.
 
10. Title | This should meet all the applicable Social Story criteria and share accurate information.
The topic may pose a wh- question, and is written in the first or third person, uses positive language or announces something the child does well and is easily understood /interesting by/to the audience and contains/ is accompanied by illustration.

Guidelines for Initial Writing of Social Stories
 
1. Observe a targeted situation.
To take Lisa’s example from her own experience, this could be lining-up in the playground.
 
2. Take plenty of notes, ask questions.  Do people line-up differently, say in morning break or to go to assembly? What are the sensory and social demands involved?
 
3. Speak with all adults involved, parents and school staff, Mealtime Assistants, Teaching Assistants, Teachers etc. 

4. What do you feel is the “motivation” for the current response or learned response?
 
5. Consider anxiety responses, transitional difficulties and sensory needs.
What does the child say is happening (their perceptions)?
The child’s perception is key to addressing the issues.
 
6. State what usually occurs, then state what may change. Let children know what they often can expect but what sometimes may happen. It keeps the information honest and realistic and as predictable as can be.
 
7.  Keep the information well within the child’s comprehension level. Use font size and vocabulary within their abilities.
 
8.  Avoid using term such as “always”, “will” or “never.”
Instead try to use words such as “usually,” “often,” “sometimes” and “occasionally.”
 
9. Always use the present tense so that it is relevant to current situations.
Some Social Stories can be used in the future tense if it is a preparation for something that may happen. For example, as an upcoming school holidays, a trip, going to an appointment.
 
10. Illustrations can be helpful a visual reminder to reinforce the written word, but should not distract from the message of the story.
For example, use photographs to demonstrate an area such as a classroom, playground, or toilet.
It can also be illustrated via a theme of a child’s special interest.
 
11. If it is a lengthy Social Story, break it down into steps by using a separate page per “stage.”
 
12. Remember the aim is to use the Social Story as a reminder and in a manner that increases the child’s confidence and skill level and reduces anxiety or unfamiliarity.
 
13. Keep a laminated copy availability once you are able to fade out the Social Story for any reoccurring incidences.

Making Sense of the Sentences
 
Descriptive sentences objectively address the wh- questions: where, the situation takes place, who is involved, what they are doing, and why they may be doing it.
Descriptive Sentences are accurate, assumption-free statements of fact.
 
For example:

• My name is…
• I am attending a discussion on Social Stories.
• The speaker is talking to the audience.

 
Perspective sentences give a glimpse into the minds of those involved in the story and can provide details about the emotions and thoughts of others.
 
This is a type of perspective sentence that may appear in a Social Story.
Most of the time, perspective sentences describe the thoughts and feelings of other people.
 
For example:

• The teacher will like it that I am listening to him.
• It makes me feel happy when I get an email saying thank you for a task I completed.

 
Directive Sentences suggest desired responses tailored to the individual and identify a possible response/solution, and/or gently direct behaviours.
If possible, try to avoid the use of words like “must,” “need” or “should.”
Using the word try opens the space for the student to learn the appropriate behaviours for a social situation.
 
For example:

• I will try to listen to the teacher.
• I will try to sit quietly.

 
Control Sentences are used as a mnemonic device and are often authored by the student himself. It can be a sentence to help remember the story or to deal with the situation. Control sentences may not be used in every story and may be specifically paired with a visual cue to be used as a reminder for the individual of the focus of the story.
 
For example:

• “I changed my mind….”
• When someone says, “I changed my mind,” I can think of an idea, like a caterpillar changing into a butterfly (in the words of a student with ASD).

Using Comic Strip Conversations

Created by Carol Gray, Comic Strip Conversations (CSCs) are simple visual representations of conversation using stick figures and symbols to represent social interactions and abstract aspects of conversation and colour can be used to represent the emotional content of a statement or message.
 
By seeing the different elements of a conversation presented visually, some of the more abstract aspects of social communication (such as recognising the feelings of others) are made more 'concrete' and are therefore easier to understand.
 
Comic strip conversations can also offer an insight into how an autistic person perceives a situation and can show the things that are actually said in a conversation, how people might be feeling and what people's intentions might be.
 
Comic Strip Conversations can help autistic children to understand concepts that they find particularly difficult. By drawing as they talk, CSCs can be used to learn about different social situations. 
In a comic strip conversation, the autistic person takes the lead role, with parents, carers or teachers offering support and guidance.
 
Comic Strip Conversations can be used to plan for a situation in the future that may be causing anxiety or concern. For example, an exam or a social event. However, remember that plans can sometimes change and it is important to present the information in a way that allows for unexpected changes to a situation.
 
How to Create your Own Comic Strip Conversation
 
1. Start with small talk (for example, talking about the weather) to get the person you are supporting familiar with drawing whilst talking and to mimic ordinary social interactions.
 
2. Ask a range of questions about a specific situation or type of social interaction and the autistic person answers by speaking and drawing their response.
 
3. Summarise the event or situation you have discussed by using the drawings as a guide.
 
4. Think about how to address any identified problems or concerns.
 
5. Develop an Action Plan for similar situations in the future; which will be a helpful guide for the autistic person.
 
6. For complex situations, or for people who have difficulty reporting events in sequence, comic strip boxes may be used, or drawings can be numbered in the sequence in which they occur.
 
7. You can use paper, pencils, crayons and markers, and computer word processing applications, or use an app. Ask the person you are supporting to choose what materials they would like to use.
 
8. You can prepare your Comic Strip conversations in a notebook, or save on a smartphone or tablet to refer back to as helpful, and to recall key concepts.

Thank You and More Information
​We thank Lisa for leading this informative workshop session and for the useful notes here. 
For more information, you can click on the links below.

The guidance is relevant for leaders within educational institutions, as it outlines the legal and ethical responsibilities involved and helps you to navigate compliance with Data Protection laws, and provides best practices for implementing biometric technologies in a way that safeguards students and staff members personal information.

What is Biometric Data?
Biometric data is a type of personal information. Article 4(14) of the UK GDPR defines biometric data as:

“Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm someone’s unique identification of that natural person, such as facial images or fingerprint data.”

This means that personal information is only biometric data if it:

• relates to someone’s physical, physiological, or behavioural characteristics (e.g. the way someone types, a person’s voice, fingerprints, or face);
• has been processed using specific technologies (e.g. an audio recording of someone talking is analysed with specific software to detect qualities like tone, pitch, accents, and inflections); and
• can uniquely identify (recognise) the person to whom it relates.

Who Can Consent to Biometric Data
Consent for biometric data needs to be treated differently than other consents and has specific, stringent criteria.

The Data Protection Act gives pupils rights over their own data when they are considered to have adequate capacity to understand. Most pupils will reach this level of understanding at around age 13.
​
However, the Protection of Freedoms Act 2012, which governs the use of biometric data in schools in the UK, has different requirements. Under this Act, the consent of at least one parent is required to process the biometric data of a child under 18. If the child or any parent objects, the school cannot process the child's biometric data.

Schools must notify each parent of a pupil or student under the age of 18 if they wish to take and subsequently use the child’s biometric data as part of an automated biometric recognition system.
As long as the child or a parent does not object, the written consent of only one parent will be required for a school or college to process the child’s biometric information.
​A child does not have to object in writing but a parent’s objection must be written.

What does this mean for MAT’s and Schools?
The decision to implement automated biometric technology is the decision of MATs and schools. However, careful consideration should be taken to assess the purpose of its use, the necessity and proportionality of processing, and consider the potential implications, such as operational requirements, handling of personal information, possible data breaches, and legal obligations.
It is also important for schools to reflect on the ethical considerations around the use of biometric data, including privacy concerns and the potential for future misuse of such data, even when collected in a lawful manner.

Schools should consider whether biometric data is truly necessary and proportional for the task at hand.

Here are some key actions for schools considering or already using biometric data:

1. Conduct a Data Protection Impact Assessment (DPIA)
Before implementing any biometric system, schools should carry out a DPIA to assess risks and determine whether biometric data processing is necessary and proportionate. This should be reviewed regularly to account for any changes in technology or usage.

2. Obtain Proper Consent
Ensure written parental consent is obtained in compliance with the Protection of Freedoms Act 2012. Schools should also have a clear, documented process for managing consent withdrawals or objections from either the student or their parents.

3. Be Transparent with Parents and Students
Provide clear, accessible information explaining how biometric data will be used, stored, and protected. Schools should offer regular opportunities for parents and students to ask questions or raise concerns.

4. Implement Robust Security Measures
Ensure that any biometric data collected is stored securely, with encryption and access controls in place to prevent unauthorised access. Schools should also regularly review their security practices to ensure they remain adequate in light of evolving risks.

5. Choose Vendors Carefully
When selecting a third-party contractor, schools must perform due diligence to ensure that the vendor complies with UK GDPR and has strong Data Protection measures in place. A contract should clearly outline Data Protection responsibilities and require the vendor to carry out DPIAs.

6. Regularly Audit Data Practices
Conduct regular audits of how biometric data is processed, ensuring that all practices remain compliant with relevant legislation. This includes reviewing how data is stored, who has access to it, and how consent is managed.

7. Prepare for Data Breaches
Develop a clear plan for managing data breaches involving biometric data, including informing affected students, parents, and the ICO if necessary. Ensure that all staff members are aware of the procedure for reporting a breach.

By incorporating these steps, schools can ensure they not only comply with legal requirements but also protect the privacy and rights of their students.

For more detailed information, including lawful basis considerations and best practices, please read
​full guidance provided by the ICO.

By Soton Soleye, SchoolPro TLC

In 1949, George Orwell’s dystopian novel introduced the world to the grim spectre of being under constant surveillance by the authorities. The story has since inspired various interpretations of ‘Big Brother,’ which in schooling can be most apparent when considering teacher observations. 

Lesson observations and their current equivalents share the same difficulties of synchronicity, validity, and disruption and increasingly schools seek alternatives to gaining insight into what it is like learning in that classroom. As schools increasingly turn to technology to enhance insights into classroom experiences, one method stands out: introducing cameras for the classroom.  
 
But does the introduction of cameras into classrooms really mean that Big Brother is going to be watching teachers? 

What Breeds the Fear Factor?
In schools, it is likely that the ‘Big Brother’ concern stems from: 

• an unrealistic sense of being the centre of attention i.e. someone wants to watch you;  
• an irrational belief that the school’s leaders have the time or inclination to secretly watch the footage;
• a lack of trust in leaders not to do the above and a perceived lack of trust from leaders in them as teaching professionals; 

• concerns about the misuse of platform that is not designed to safeguard privacy and respect the well-being of its users. 

None of those sources of concern are unreasonable per se, but they can create unreasonable barriers to teacher-centric self-improvement.  

Is This Just a School’s Thing? 
For too long been schools have driven by a desire to prove something that is inherently difficult to prove: causality between teaching and learning (particularly on an individual basis). As such, it is not entirely surprising that some teachers and leaders might make the link between their lived experience and an authoritarian with time on their hands to watch footage.  
 
So much of what we talk about when discussing ONVU Learning with school leaders and teachers boils down to how much trust and confidence exists in and around the school(s). Does the headteacher make it their business to encourage or to interfere? Do teachers get provided the tools to be amazing or simply to do more? Is teacher continuous professional development (CPD), which ONVU Learning is designed to underpin, valued across the board as the most sustainable means to improving students’ outcomes and so encouraged, not just viewed as a tick box exercise? 
 
The challenge is how to balance accountability with the professional autonomy of teachers without fostering a culture of perceived or real mistrust. This issue is particularly in the spotlight when discussing cameras in the classroom because it raises questions about the extent and purpose of them.
 
A New Way to Solve Old Problems? 
In Sam Sims’ recent blog: A proposal for saving five million hours per year (one day per teacher) of workload, without harming pupil achievement he suggests that the sector could save a lot of hours by not performing data drops unnecessarily and so makes a compelling case for leaders to better question how they direct their teachers’ time. 

At ONVU Learning, we echo that call and encourage school leaders to invest that saved time into more meaningful teacher personal professional development and enabling teachers to become more able to influence their own destiny. By giving teachers agency over their CPD and control over how they measure the impact of what they choose to practice, teachers will then adopt into their practice the things that really work for them.  

What Can you Gain from Classroom Video Capture? 
Video lesson capture has been around for a while now – mostly involving teachers setting up ad hoc specific video recording devices (like a smartphone or tablet) for the purpose of recording a specific and pre-planned learning activity or lesson.  
​
At ONVU Learning, we propose and offer the opportunity for teachers to review classroom video recordings made using our fixed-position 360-degree cameras. The specific cameras we use are discreet but not hidden. We promote this style of video classroom capture because it removes the hassle of setting up equipment, makes the learning activity being recorded more natural, and enables a (re)view of teaching and learning rather than focusing in on what you hoped to see all along or only the teacher at whom the camera is pointed. The nature of the technology captures the entire classroom wherever the teacher or students may be. 

Are They Worth It? 
The question remains: does the benefit of using video capture technology in classrooms justify the concerns about surveillance? Whilst the shadow of Orwell’s 1984 looms large, it is crucial to distinguish between using technology for support versus surveillance. Or through a teacher’s eyes, is this a tool that will help or harm me? 

The difficulty is that when a teacher or school leader asks me about whether using ONVU Learning is ‘a bit Big Brother,’ my first thought goes to who is ‘Big Brother’ in that scenario. Is it me? Is it them, their colleagues or their Headteacher sat in their office watching screen upon screen? Is it someone unnamed and unknown?

No, to all the above.
My immediate second thought is more focused in that whoever ‘they’ maybe, our technology does not enable this kind of Orwellian system.

“Our first thought goes to who ‘Big Brother is. Our second thought is whoever ‘they’ maybe, our technology does not enable this kind of Orwellian system.”  

ONVU Learning puts teachers in the driver's seat by giving them control over the video footage they choose to share. It is mostly used for self-reflection, so when it comes to things like coaching or lesson observations, teachers get to pick which parts of their lessons they want to show. This approach helps in making them feel comfortable in the whole observation process and trusted as professionals.  

In the UK and many places around the world we face a shortage of teachers to work in our schools. This has many causes that we will not explore now but amongst the solutions to poor teacher recruitment (as a sector) and retention (again) must involve genuinely empowering teachers to be the best version of themselves. This means encouraging personal professional growth through curiosity from an established, valid base (i.e. teachers are professionally trained university graduates). It also means providing teachers with reliable and trustworthy tools to enable them to do better on their terms, in their context and given the available support that exists to guide (not direct) them.  

ONVU Learning believes that if teachers were treated more like the professional, vocationally-driven experts that they start out as and provided with tools to help them play, practise, self- and co-reflect, and perform, then we like to think that the teacher workforce would be happier, stay longer and become ever more effective at delivering for students the outcomes that they deserve.    

A New Hope? 
I hope that I will have dispelled any 'Big Brother' fears about how ONVU Learning camera technology is introduced and used in classrooms. Teachers are the backbone of our educational systems, and they deserve access to tools that respect their professionalism and genuinely empower them without compromising their privacy or autonomy. 

We at ONVU Learning believe that Leaders need to understand change from their teachers’ perspective to enable sustainable improvements to take root.  

Engage with ONVU Learning at Upcoming Events
Excellent Teachers Create Excellent Memories Webinar | Thursday 11 July 2024 from 0830 - 0900

As we aim to enhance educational experiences, the principles discussed mirror the themes of the upcoming webinar, "Excellent Teachers Create Excellent Memories."

This FREE webinar will delve into how empowering educators through innovative CPD can create enriching and memorable learning experiences. It is an essential session for educators committed to elevating their teaching and fostering impactful educational journeys.

Join us to explore how embracing teacher autonomy can revolutionise educational practices.
​You can also meet the ONVU Learning Team at the SWIFT Summer Conference on Thursday 13 June 2024.

Our sponsor SchoolPro TLC provide some helpful and current advice about confidential references and subject access requests.   

When it comes to subject access requests and exemptions, it is important to understand the various exceptions that apply to certain types of personal data.

One specific exemption relates to confidential references. According to the Information Commissioner’s Office (ICO) and the Data Protection Act 2018, personal data included in a confidential reference is exempt from the right of access in specific circumstances.

The exemption applies to references given or received for the purpose of prospective or actual education, training, employment, volunteer placement, appointment to office, or provision of services by an individual. It is important to note that this exemption only applies to references that are provided in confidence.

To ensure clarity in your documentation, especially for educational references, it is advisable to state explicitly that all references will be treated as confidential. This should be communicated to both the individuals providing the referees and those providing the reference itself.

For example, instead of a simple instruction like “Please provide details of two referees.”
You can modify it to convey that all references will be treated as confidential.
A revised statement could be: “Please provide details of two referees. All references will be treated as confidential.”

If your references are considered confidential, you will need to ensure staff dealing with subject access requests are aware of, and have adequate guidance to follow in order to prevent accidental release of your confidential references.

Understanding these exemptions and clearly communicating the confidentiality of references will help ensure compliance with Data Protection regulations and maintain the privacy and trust of individuals involved in the process.

By Ben Craig for the SchoolPro TLC Team 

If you are interested in this topic and wish to find out more about working in this area, you can find out more about how you could Make a Difference with SchoolPro TLC.   

Our sponsor SchoolPro TLC provides guidance for schools and MATs following the recent infringements ​by a primary school in relation to the Article 5 (1)(f), Article 24 (1) and Article 32 of UK GDPR.

The unfortunate data breach has emphasised the importance of robust Data Protection practices in schools, colleges and MATs. 

The Information Commissioner's Office (ICO) publicly reprimanded Parkside Community Primary School for infringements of the UK General Data Protection Regulation (UK GDPR).

Whilst this is clearly a concern for the school and data subjects involved, it also provides a valuable opportunity for all schools to reassess their Data Protection strategies.

The incident involved the inappropriate disclosure of personal and special category data in a classroom setting, affecting four data subjects including three children. According to the reprimand published, key contributing factors to the breach included insufficient Data Protection policies, inadequate guidance around email security, and a lack of explicit procedures regarding the use of a case management system.

SchoolPro TLC delve here into the key lessons to be learned from this unfortunate event, and provide a checklist to ensure that you are adequately protecting the personal data of your pupils and staff.

Lessons to Learn
The reprimand presents several key lessons that could apply to other schools in the UK:

1. Ensure Adequate Data Protection Policies
The reprimand highlighted that the school lacked detailed Data Protection policies, specifically on the safe handling of personal data over emails and the usage of a specific case management system.

Policies should clearly outline the procedures for maintaining data security and confidentiality, especially when it involves sensitive or special category data.

Schools should have policies specific to high risk software and platforms they use, created in conjunction with risk assessments or Data Protection Impact Assessments (DPIAs).

2. Provide Clear Procedures and Guidance
The lack of written guidance for employees was a significant issue.
Clear instructions need to be in place for using security and confidentiality classifications on emails, and for the usage of any case management system or software.

Guidelines regarding when and where to open sensitive emails, and how to operate electronic devices securely (like electronic whiteboards), should also be clearly provided.

3. Staff Training
Regular and thorough training for staff is necessary to ensure compliance with Data Protection regulations.

This should include training on the operation of specific software or systems, data breach reporting procedures, operation of electronic devices, and general Data Protection principles.

4. Incident Reporting Mechanisms
In this case, staff failed to report the data breach internally.

An effective incident reporting mechanism should be in place, and staff should be well aware of the process to follow if a data breach is suspected or has occurred.

5. Sensitive Data Handling
Emails or alerts containing sensitive information should be appropriately labelled and only accessed under safe conditions (e.g., not in the presence of children or during teaching hours).

Controls should be in place on who can access highly sensitive information and when.

6. Policy Enforcement and Review
All staff and stakeholders should be familiar with the school's Data Protection policies.

Policies should be reviewed and updated regularly, especially in response to incidents, and staff should be required to affirm their understanding and acceptance of these policies.

7. Testing and Audit of New Processes
Any new processes or procedures introduced in response to a data breach should be tested to ensure they are effective and embedded within the organisation.

Action Plan / Checklist
Taking those lessons into consideration, what key actions can a school, college or MAT take to reduce their data breach risk and improve practice?

Policies and Procedures
Review your Data Protection policies and procedures, ensuring they cover all aspects of data handling, including specific written guidelines for using software and systems that process sensitive data.

Training and Awareness
Develop a regular training schedule on Data Protection for all staff.
Emphasise what constitutes a data breach, the importance of reporting breaches promptly, and the consequences of failing to do so. 

As a guide, staff should receive Data Protection training as part of their induction to the organisation, and refresher training should be completed at least biennially if not more frequently.
Annual refresher training would be best practice.

Email Security
Implement security measures for emails that contain sensitive data, such as security classifications or labels. Provide clear guidelines on when and where such emails can be safely opened.

Where possible, use alternative methods of communicating sensitive data such as access-controlled, secure, shared folders, or internal secure data transfer systems if available to your school.

Software and System Security
Review the security measures for all software and systems that process sensitive data.
Ensure staff are trained on how to use these systems securely such as the use of strong passwords and multi-factor authentication.

Also, include procedures, guidance and training for those systems that could be used to view sensitive data such as electronic whiteboards and screen-sharing from staff members' electronic devices.

Monitoring and Review
Regularly monitor and review your Data Protection measures to ensure their effectiveness and make improvements where necessary.

By following this checklist along with your existing practices, and continually investing in data protection, you can better protect the personal data of your pupils and staff, and ensure compliance with the UK GDPR.

The incident highlighted by this ICO reprimand serves as a stark reminder of the potential repercussions of insufficient Data Protection, and the importance of making it a priority in your school, college or MAT.

Stay safe and healthy.
Report by the SchoolPro TLC Team

Paragraph 221 of "Keeping Children Safe in Education (2022) states that: 
“schools and colleges should consider carrying out an online search as part of their due diligence on the shortlisted candidates. This may help identify any incidents or issues that have happened, and are publicly available online, which the school or college might want to explore with the applicant at interview.”

Our sponsor, SchoolPro TLC works with schools to provide specialist expertise and explains what this means for schools.

Consider the Purpose of this Processing
In this case, it is part of your recruitment process so any data that you collect or process as part of this, should only be used for that purpose.

Lawful Basis
Make sure you know what lawful basis you are using for this processing.
As this is being proposed within statutory legislation (i.e. KCSIE 2022), the lawful bases that apply are likely to be Article 6(c) legal obligation or Article 6(e) public task. In this case, Article 6(e) would seem to be the most appropriate if you are a state school. If you are a private school, Article 6(c) would be relevant here.

Actual Data 
Consider what actual data you are going to be processing.
Are you going to be keeping any results from these online searches? If so, what? And for how long? And how are you going to keep the data secure?
This essentially covers a number of the principles of the UK GDPR such as data minimisation, storage limitation, and integrity and confidentiality.

Retention
In terms of retention, use your retention schedule (refer to the IRMS Toolkit or similar) to identify how long you might consider keeping any relevant data from the searches. Make sure this is proportionate to the purpose.
For most checks, you might record in your SCR that the check was conducted.
For others, you may want to keep the evidence in case of a challenge before securely destroying it.

Consider Transparency
Your job applicant privacy notice should make it clear that this data is going to be processed and explain some of the points above. You should also consider a statement on your application form. 

Job Applicant Privacy Notice Template 
An updated job applicant privacy notice template is available on the SchoolPro portal (in Global Documents).

Contact
For more information or if you have any questions, you can contact SchoolPro TLC.

The Met Office has warned that temperatures could hit 43C over the coming week, which would make it the hottest day ever recorded in the UK. 

Our sponsor, Wolferstans Solicitors, provides some guidance for employers as summer temperatures soar.

If it’s too hot to work, can employee’s leave?
Under UK law there is currently only a minimum working temperature set, which is 16C. However, if the employee’s work involves rigorous physical effort, the temperature should be at least 13C. 

There is unfortunately, no meaningful figure that can be placed on high temperatures, to indicate if it is in fact too hot to work. That said, employers are responsible to ensure their employees and workers are comfortable and in their working environment. This extends to helping them keep cool. Health and safety should also factor into an employer’s consideration as to whether it is too hot to work.  

Can employee’s legally ask for air conditioning in their workplace?
Employers are obliged to keep employees comfortable, which falls within them needing to ensure the working environment is of a reasonable temperature for those using it. From this, the concept known as "thermal comfort" has been established. By managing the thermal comfort within the workplace employers are more likely to improve morale, productivity and health and safety.

The Health and Safety Executive note the six basic factors to cause temperature discomfort are:

1. Air temperature;
2. Radiant temperature;
3. Air velocity;
4. Humidity;
5. Clothing insulation and 
6. Metabolic heat.

A way in which they suggest you can control the thermal comfort of these factors is by using air conditioning units or air dehumidifiers. If you want further advice on whether you should be installing air conditioning, as you feel are having employee complaints about the temperature in the workplace, then please get in contact via the below contact details.

Do employees have to wear their usual work attire in sweltering heat?
This very much depends on the organisation.

For example, if you are employing tree surgeons you would not be complying with the health and safety laws and organisational policies if you allowed you employees to not wear their personal protective equipment, such as the thick heavy chainsaw trousers which they most likely do not wish to be wearing on an extremely hot day.

In circumstances where it is reasonable for there to be a flexible dress code, such as in an office environment, employers should be doing this to help with employee’s thermal comfort and productivity.

If in doubt whether this applies to you, the Health and Safety Executive provide further information on this.

How else can employers ensure that "thermal comfort" is managed well?
Hybrid working is becoming increasingly popular and making the most of this on an extremely hot day could benefit employers and employees. Employers need to consider whether the building they have is equipped for a heatwave. In doing this they should factor in whether there is a lot of glass, if it is an older building, whether there is good ventilation, and whether or not they already have air conditioning installed.

Employee productivity could be higher, should they be allowed to work from home in a cooler environment. If this is not possible then employers need to control the thermal comfort of their employees in the workplace as best as they can, given their circumstances. Ways to do this is by providing fans, if safe to do so, in the event they do not have aircon.

If you have any concerns over your workplace, or employees refusing to attend work during the heatwave, please make contact via our new enquiries section of the website.
​
By Rachel Lee, Wolferstans Solicitors