CCS Date Security, Governance, & Cyber Safety Policy

    Policy Content

    Cyber safety is the safe and responsible use of Information and Communication Technologies (ICT). It involves being respectful of other people online, using good 'netiquette' (internet etiquette), and above all, is about keeping information safe and secure to protect the privacy of individuals.  Our School is committed to create and maintain a safe online environment with support and collaboration with staff, families and community.   
     

    National Quality Standard (NQS)

    QUALITY AREA 2: Children's Health and Safety
    2.2SafetyEach child is protected.
    2.2.1Supervision At all times, reasonable precautions and adequate supervision ensure children are protected from harm and hazard. 
    2.2.2Incident and emergency management   Plans to effectively manage incidents and emergencies are developed in consultation with relevant authorities, practiced and implemented. 
    2.2.3Child Protection   Management, educators and staff are aware of their roles and responsibilities to identify and respond to every child at risk of abuse or neglect. 

     Related Legislation  

    Child Care Subsidy Secretary's Rule 2017Family Law Act 1975
    A New Tax System (Family Assistance) Act 1999Family Assistance Law - 

    Incorporating all related legislation for Child Care Provider Handbook in Appendix G 

     

    Purpose

    To create and maintain a cyber safe culture that works in conjunction with our School philosophy, and privacy and legislative requirements to ensure the safety of enrolled children, educators and families.  
     

    Scope

    This policy applies to children, families, educators, staff, visitors, approved provider, nominated supervisor and management of the School. 

    Terminology


    TERMINOLOGY
    ICTInformation and Communication Technologies
    Cyber SafetySafe and Responsible use of the internet and equipment/devices, including mobile phones and devices
    NetiquetteThe correct or socially acceptable way of using the internet

    Implementation

    Cyber Safety encompasses the protection of users of technologies that access the internet, and is relevant to devices including computers, iPads and tablet computers, mobile and smart phones and any other wireless technology (including personal wearable devices- smart watches).

    With communication technologies getting better and more affordable, it is important that children and young people know both the benefits and risks of using them. More importantly, there should be safety measures in place to keep young children from accidentally coming across or being exposed to material or content that is not appropriate for them. 
     
    Our School has demanding cyber safety practices and education programs in place, which are inclusive of appropriate use agreements for Educators and Families. Our educational software program EarlyWorks provides families with up-to-date information about their child’s development by way of daily reports, observations, photos, portfolios, and email communications.

    The cyber safety agreement includes information about the software program, the Schools’ obligations and responsibilities, and the nature of possible risks associated with internet use, including privacy and bullying breaches. Upon signing the School’s agreement, families and educators will have access to the educational software program.  
     

    Educational Software Program 

    Our School uses EarlyWorks  which is a password protected private program for children, educators and families to share observations, photos, videos, daily reports, and portfolios.  Families are able to view their child/children’s learning and development and contribute general comments relating to their child or comment on an observation or daily report.  All personnel using the software will have their own log in username and password. 
     
    Educators are alerted via a notification on their dashboard when a family member has added a comment. Likewise, families are notified when a relevant educator has posted a photo/comment about their child.  
     
    Access to a child’s information and development is only granted to a child’s primary guardians.  No personal information is shared with any third party, without permission or agreement.  
     

    CCS Software & Data Integrity

    Our School uses SmartCentral which is a third-party software system to access the Child Care Subsidy System (CCSS).  The software is used to manage the payment and administration of the Child Care Subsidy (CCS).   

    The Fraud Prevention Policy and Fraud Corruption Prevention Procedure outlines that CCS Software will be monitored by the approved provider to ensure data integrity and security is maintained by all staff who process CCS payments to families. Attendances are cross referenced against child booking reports to ensure sessions are correct when submitted to CCS. Sessions which require resubmission are resubmitted to CCS within 14 days.

    Reports generated by the CCS Software will be cross-referenced against records kept at the service each month. Our School implements processes and procedures to ensure the accuracy of data that is submitted through the CCS software. The approved provider will complete the CCS Compliance Checklist/Audit each month to identify any data anomalies within incorrect data submissions that are picked up in a timely manner. The checklist is used as a tool to facilitate fraud prevention and detection within our School in relation to correct data entry for enrolments, attendances, CCS payments, personnel, and record keeping. 
     
    Review of CCS software: The Approved Provider will ensure the CCS software has policies and procedures regarding safe storage of sensitive data before using the software, the Approved Provider will review the privacy policy of the CCS software on a yearly basis or as required.  The Approved Provider will review any potential threats to software security on a monthly/ yearly basis.  The School Director/ Nominated Supervisor will advise the Approved Provided as soon as possible regarding any potential threat to security information and access to data sensitive information.  Any breaches of data security will be notified to the Office of the Australian Information Commissioner (OAIC) by using the online Notifiable Data Breach Form.   
     
    All personnel using the software will have their own log in username and password. 

    The Approved Provider will ensure all personnel using the software will have their own log in username and password. Authorised users are encouraged to change their passwords every 6 months. 
     
    Each employee who submits attendance and enrolment notices to CCSS will register with PRODA as a Person with Management or Control of the Provider or as a Person with Responsibility for the Day-to-Day Operation of the School. 
     
    The Approved Provider and or School Director will review staff log ins on a monthly / yearly basis and ensure this procedure is followed by all staff who access CCS software to submit data to 


    Review Of CCS Software Procedure


    ReviewHow oftenBy Whom
    All staff use an individual log-in to access CCS software Upon employment
    Yearly or As required
    Approved Provider and School DIrector / Nominated Supervisor
    Privacy policy of CCS software Initial access to CCS software 
    Yearly or As required
    Approved Provider
    Any breaches of sensitive data relating to Enrolments Upon notificationApproved Provider

    Governance

    Confidentiality and Privacy: 
    • the principles of confidentiality and privacy extend to accessing or viewing and disclosing information about personnel, children and/or their families, which is stored on the School’s network or any device 
    • privacy laws are such that educators or other employees should seek advice from School management regarding matters such as the collection and/or display/publication of images (such as personal images of children or adults), as well as text (such as children’s personal writing) 
    • a permission to publish form must be signed by parents to ensure children’s privacy, safety and copyright associated with the online publication of children’s personal details or work 
    • all material submitted for publication on the School Internet/Intranet site should be appropriate to the School’s learning environment 
    • material can be posted only by those given the authority to do so by the School management  
    • the School management should be consulted regarding links to appropriate websites being placed on the School’s Internet/Intranet (or browser homepages) to provide quick access to sites
    • By including data security in our induction and orientation program we aim to raise awareness of employee responsibilities and have all employees contribute to maintaining a secure data environment within the service. Data security is carefully considered when employees resign or leave a service, to prevent any unauthorised access or misuse of sensitive or confidential information. Management will refer to the Data Security Procedure and Checklist to ensure data is stored, used and accessed in accordance with relevant policies and procedures.
    Nominated Supervisors will ensure: 
    • all staff, families and visitors are aware of the School’s Code of Conduct and Confidentiality and Privacy Policies
    • the School works with an ICT security specialist to ensure the latest security systems are in place to ensure best practice. Anti-virus and internet security systems including firewalls can block access to unsuitable web sites, newsgroups and chat rooms. However, none of these tools are fool proof; they cannot be a substitute for active adult supervision and involvement in a child's use of the internet
    • backups of important and confidential data are made regularly (monthly is recommended) 
    • backups are stored securely either offline, or online (using a cloud-based service) 
    • software and devices are updated regularly to avoid any breach of confidential information 
    • families are referred to the Dealing with Complaints Policy and procedure when raising concerns regarding digital technologies and personal data 
    • all staff are aware that a breach of this policy may initiate appropriate action including the termination of employment
     Nominated Supervisor/ Responsible Person / Educators will: 
    • ensure to use appropriate netiquette and stay safe online by adhering to School policies and procedures 
    • keep passwords confidential and not share with anyone 
    • log out of sites to ensure security of information 
    • never request a family member’s password or personal details via email, text, or Messenger 
    • report anyone who is acting suspiciously or requesting information that does not seem legitimate or makes you feel uncomfortable (See ‘Resources’ section for where to report) 
    • ensure that children are never left unattended whilst a computer or mobile device is connected to the internet 
    • ensure personal mobile phones are not used to take photographs, video or audio recordings of children at the School 
    • only use educational software programs and apps that have been thoroughly examined for appropriate content prior to allowing their use by children
    • provide parents and families with information about the apps or software programs accessed by children at the School 
    • participate in professional development regarding online safety  
    • ensure that appropriate websites are sourced for use with children prior to searching in the presence of children 
    • ensure privacy filters and parental control settings are turned on and used when children are accessing digital technologies online  
    • notify the Office of the Australian Information Commissioner (OAIC) by using the online Notifiable Data Breach Form in the event of a possible data breach. This could include: 
      • a device containing personal information about children and/or families is lost or stolen (parent names and phone numbers, dates of birth, allergies, parent phone numbers) 
      • a data base with personal information about children and/or families is hacked 
      • personal information about a child is mistakenly given to the wrong person (portfolios, child developmental report) 
      • this applies to any possible breach within the School or if the device is left behind whilst on an excursion 
    Families:
    • When sharing anything using technologies such as computers, mobile devices, email, or any device that connects to the internet it is important you and everyone else invited to your account understands about netiquette and staying safe online and ensures privacy laws are adhered to 
    • When it comes to your own children, it is your choice what you share outside of the School. Remember though that young children cannot make their own decisions about what gets published online so you have a responsibility to ensure that whatever is shared is in your children's best interests
    • Be mindful of what you publish on social media about your child as this may form part of their lasting digital footprint 
    • Install Family Friendly Filters to limit access to certain types of content on devices such as mobile phones and computers
    • Install parental controls on streaming services to ensure children are not able to access inappropriate material
    • Consider developing a Family Tech Agreement to establish rules about use of devices at home
    • Sometimes other children in the School may feature in the same photos, videos, and/or observations as your children. In these cases, never duplicate or upload them to the internet/social networking sites or share them with anyone other than family members without those children's parents' permission
    • Access further information about eSafety to help protect your children and be cyber safe

    Continuous Improvement/Reflection

    Our CCS Data Security Policy will be updated and reviewed annually in consultation with families, staff, educators, and SOAPE.


    Resources 

    Australian Government Office of the eSafety commission esafety.gov.au/early-years 
    eSafety Early Years Online safety for under 5s.  esafety.gov.au/sites/default/files/2020-02/E... 
    eSmart Alannah & Madeline foundation esmart.org.au 
    Family Tech Agreement. eSafety Early Years Online safety for under 5s esafety.gov.au/sites/default/files/2020-01/O... 
    Kiddle is a child-friendly search engine for children that filters information and websites with deceptive or explicit content: kiddle.co/ 
    Receive information on scams that can then be provided to the public. To report an online scam or suspected scam, use the form found here: scamwatch.gov.au/report-a-scam 
    More information on online fraud and scams can be found on the Australian Federal Police website afp.gov.au/what-we-do/crime-types/cyber-... 
    Notifiable Data Breaches scheme (NDB) can be made through the Australian Government Office of the Australian Information Commissioner 

     
     

    Source 

    Australian Children’s Education & Care Quality Authority. (2014).  
    Australian Government eSafety Commission (2020) esafety.gov.au 
    Australian Government Department of Education, Skills and Employment. Child Care Provider Handbook (2018)  dese.gov.au/resources-child-care-provider...  
    Australian Government Office of the Australian Information Commissioner (2019) oaic.gov.au/privacy/notifiable-data-breac... 
    Early Childhood Australia Code of Ethics. (2016). 
    Education and Care Services National Law Act 2010. (Amended 2018). 
    Education and Care Services National Regulations. (2011).      
    Guide to the Education and Care Services National Law and the Education and Care Services National Regulations. (2017). 
    Guide to the National Quality Framework. (2017). (Amended 2020). 
    Guide to the National Quality Standard. 
    Privacy Act 1988. 
    Revised National Quality Standard. (2018).