Why Schools Need DPIAs: Claire Archibald on Protecting Student Privacy
In this episode, Jacob Høedt Larsen, talks to Claire Archibald about:
Claire's Background: Claire Archibald, a legal director at Browne Jacobson, specializes in data protection and information governance in education, with a strong passion for children’s and staff privacy in schools.
Path into Data Protection: Claire’s career began in regulatory law, notably environmental law, which had parallels with data protection, especially regarding compliance and regulatory pressures. Her diverse experiences, including mediation and working in education, naturally led her into data protection.
Challenges in Data Protection for Education: Claire highlights that many schools in the UK lack proactive privacy programs, often reacting to data breaches without thorough root-cause analysis or strategic planning.
Safeguarding and Privacy: She stresses that privacy and safeguarding are not mutually exclusive; instead, strong data protection measures can support safeguarding efforts within schools.
Role of DPIAs: Claire is a strong advocate for Data Protection Impact Assessments (DPIAs) as a valuable tool for schools to understand the "why" behind their data processing activities, which helps mitigate risks and improve decision-making around digital tools.
Vendor Influence and Digital Strategy: Schools often rely on EdTech vendors' sales pitches without sufficient critical analysis. This has led to a lack of strategic oversight, with schools frequently adopting new technologies without clear justifications or understanding of their impacts.
Operational and Strategic Gaps: Schools often struggle with operational confidence in data protection, and trustees, who may lack time or resources, aren’t fully aware of strategic risks, resulting in a reactive rather than proactive approach to data protection.
Personal Stories and the Importance of Privacy: Claire shares experiences showing the real-life impact of privacy issues, particularly on vulnerable groups like children and individuals with specific needs, emphasizing the nuanced harms that can arise from data misuse.
Future Concerns in Data Protection: Claire is concerned about the accumulation of unnecessary data (“haystacks”), as this approach complicates data management, increases potential harm, and has environmental costs.
Children’s Technology Use and Privacy: She highlights society’s cognitive dissonance around children’s use of technology—on one hand, technology is encouraged for educational use, while on the other, it poses risks to children's mental health and data privacy through tracking and recommender systems.
Follow Claire on LinkedIN: https://www.linkedin.com/in/claire-archibald-dpo/
Your host: Jacob Høedt Larsen, follow me on Linkedin for more news and views on compliance and privacy: https://www.linkedin.com/in/jacobhoedtlarsen/
Sustainable Compliance is brought to you by Wired Relations - read more about it here: https://www.wiredrelations.com
Wired Relations is a GRC solution - tailored for privacy and information security.
We help organisations turn fragile privacy and information security into sustainable GRC programmes.
We focus on four things:
- Ease-of-use: You don’t need consultants to implement Wired Relations and you don’t need training to use it.
- Collaboration: Privacy and infosec is a team sport. We make it easy to collaborate.
- Overview: Privacy and infosec is complicated enough as it is. Wired Relations makes it easier to get an overview - not harder.
- Organising for GRC: The trick is to organise your processes and workflows so that you can sustain your programme.
