Rethinking Privacy

Policy Questions

How do adults model consent and give students a voice when taking and sharing photos of them?
What happens to images after we post them? Do they remain online indefinitely? What risks does this pose? How can we mitigate them?
Can guardians and students revoke consent for their images to be shared? If so, what does this look like and how is it enforced? If not, how do we ensure they understand they are giving consent in perpetuity?
Do guardians and students need to provide a reason to request images be removed? If so, who decides whether a reason is valid? Does this change if images feature multiple people? How is this communicated when people decide whether to consent to sharing?
How do we ensure the district retains administrative control over social media accounts created by individual students or employees who graduate or leave the district?
How could the information and pictures we post be used to harm students’ physical or mental wellbeing by people they know? What safeguards can we include to reduce harm?
How could the information and pictures we post be ingested, consolidated, and searched en masse to harm students, families and staff? How do we account for technologies that don’t yet exist (or aren’t publicly known) that are already scraping the web and archiving this data prior to public release?

Policy Considerations

How long do public photos remain posted by default?

Solution	Strengths	Weaknesses
Indefinitely	No ongoing maintenance	Creates a large backlog of photos to search if someone requests blanket removals Increases the chances of being locked out of forgotten platforms (e.g. old club or team Instagram accounts) Maximizes photos available to cause potential harm
For a set period of time (e.g. all photos are removed three semesters after they are posted)	Deletion schedule only relies on the date a photo was posted Can be built to ensure we still have content to celebrate recent accomplishments	Requires a systematic approach to reviewing photos on an ongoing basis
Until the subjects of the photo leave their current school	Allows the maximum number of relevant photos to remain posted	Requires a systematic approach to reviewing photos on an ongoing basis Complicated for photos with students who leave the school at different times Leaves photos up for a relatively long time (especially in elementary school)

How can we share celebrations of students and our community?

Solution	Strengths	Weaknesses
Post on public channels District website, social media accounts, etc.	Maximum sharing and engagement No additional setup, logistics, or communications	No control over who sees content Content can be scraped and saved by third party aggregation services Content can be ingested and searched by individuals Content can be used to train or create technology we don’t currently know about Need to keep track of and maintain control over social media accounts Needs a policy for content removal
Post on password-protected web pages	Data is unlikely to be scraped by bots even if the password is shared with other individuals No need to create and communicate individual login credentials No need for community members to create accounts or install apps	Password must be communicated to community members No way to track who the password has been shared with and whether they’re meant to have it Needs a policy for changing passwords A shared password is more secure than no password but less secure than individual passwords. Without proper communication about the rationale behind this decision, it could create the appearance of poor security practices
Direct message platforms (e.g. messaging app, text messages, emails)	Messaging is targeted directly to people who need it Information can’t be scraped by bots	Ongoing costs Requires setup, troubleshooting, and maintenance Information can be individually shared with others
Restricted online communities (e.g private Facebook group)	Built in two-way engagement Maintains a list of who has access to information	Community members need an account with this service Subject to third party rules, data practices, and availability Requires ongoing community maintenance (approving members, removing old members, moderation, etc.)
Paper-based communications	Requires the most effort to share beyond the original recipient	Expensive Not environmentally friendly Less convenient for recipients to keep track of