Online Safety Policy

Approved by Trust Board on 13 July 2022 Applicable from 01 September 2022

Review date: September 2025

Co-op Academies - Online Safety Policy

Contents

1. Introduction 4 2. How will this policy be communicated? 4 3. Aims 4

4. Roles and responsibilities 5 4.1 Headteacher/Principal 5 4.2 Designated Safeguarding Lead 6 4.3 Academy Governing Council, led by Safeguarding Link Governor 8 4.4 All staff 8 4.5 PSHE / RSHE Lead(s) 9 4.6 Academy ‘Computing Lead’ 10 4.7 Subject / aspect leaders 10 4.8 IT Network Manager/Technician/Apprentice 10 4.9 Academy GDPR Ambassador 11 4.10 Volunteers and contractors (including tutors) 12 4.11 Pupils 12 4.12 Parents/carers 13 4.13 External groups including parent associations 13

5. Education and curriculum 14

6. Handling online-safety concerns and incidents 14 6.1 Actions where there are concerns about a child 15 6.2 Sexting - sharing nudes and semi-nudes 15 6.3 Upskirting 16 6.4 Bullying 17 6.5 Sexual violence and harassment 17 6.6 Misuse of academy technology (devices, systems, networks or platforms) 17 6.7 Social media incidents 17

7. Data protection and data security 18 8. Appropriate filtering and monitoring 18

9. Electronic communications 19 9.1 Email 19

10. Academy website 20 11. Cloud platforms 20 2

Co-op Academies - Online Safety Policy

12. Digital images and video 21 13. Social media 22

14. Device usage 22 14.1 Personal devices including wearable technology and ‘bring your own device’ 23 14.2 Network / internet access on academy devices 23 14.3 Trips / events away from the academy 23 14.4 Searching and confiscation 23

15. Further Help and Support 24 16. Review 24

3

Co-op Academies - Online Safety Policy

1. Introduction 

Online safety is an integral part of safeguarding and requires a whole school, cross-curricular approach and collaboration between key academy leads. Accordingly, this policy is written in line with ‘Keeping Children Safe in Education’ 2022 (KCSIE), ‘Teaching Online Safety in Schools’ 2019, statutory RSHE guidance 2019, DfE Sexual violence and sexual harassment between children in school and colleges Sept 2021.

It is designed to sit alongside academies’ statutory Safeguarding and Child Protection policies and Behaviour policies, our Trust’s Colleague Code of Conduct and our Trust’s GDPR Policy. Any issues and concerns with online safety must follow an academy’s safeguarding and child protection procedures.

This Policy applies to all members of the Co-op Academies Trust community (including teaching and support staff, supply teachers and tutors engaged under the DfE National Tutoring Programme, governors, volunteers, contractors, students/pupils, parents/carers, visitors and community users) who have access to our digital technology, networks and systems, whether on-site or remotely, and at any time, or who use technology in their Trust role.

2. How will this policy be communicated? 

This policy will be communicated in the following ways:

● Posted on our Trust website and linked to from academy websites ● Available via the internal Colleague Portal

● Included on the Induction Checklist for all new staff (including temporary, supply and non-classroom-based colleagues)

● Integral to safeguarding updates and training for all colleagues (especially in September refreshers)

● Clearly reflected in any Acceptable Use Policies (AUPs)

● Shared via appropriate areas of the curriculum and/or Student Voice forums ● Shared via appropriate communication channels to other relevant audiences e.g. parents/carers and governors

3. Aims 

This policy aims to:

● Set out expectations for all Co-op Academies Trust community members’ online behaviour, attitudes and activities and use of digital technology (including when devices are offline)

4

Co-op Academies - Online Safety Policy

● Help all stakeholders to recognise that online/digital behaviour standards (including social media activity) must be upheld beyond the confines of the academy gates and academy day, and regardless of device or platform

● Facilitate the safe, responsible, respectful and positive use of technology to support teaching and learning, increase attainment and prepare children and young people for the risks and opportunities of today’s and tomorrow’s digital world, to survive and thrive online

● Help academy colleagues working with children to understand their roles and responsibilities to work safely and responsibly with technology and the online world:

o for the protection and benefit of the children and young people in their care, and

o for their own protection, minimising misplaced or malicious allegations and to better understand their own standards and practice

o for the benefit of the academy, supporting the academy ethos, aims and objectives, and protecting the reputation of the academy and profession ● Establish clear structures by which online misdemeanours will be treated, and procedures to follow where there are doubts or concerns (with reference to other policies)

4. Roles and responsibilities 

This Trust is a community and all members have a duty to behave respectfully online and offline, to use technology for teaching and learning and to prepare for life after school, and to immediately report any concerns or inappropriate behaviour, to protect staff, pupils, families and the reputation of the Trust and its academies. We learn together, make honest mistakes together and support each other in a world that is online and offline at the same time.

4.1 Headteacher/Principal

Key responsibilities:

● Support safeguarding leads and technical staff as they review protections for pupils in the home and remote-learning procedures, rules and safeguards

● Foster a culture of safeguarding where online safety is fully integrated into whole-school safeguarding

● Undertake training in offline and online safeguarding, in accordance with statutory guidance and relevant Local Safeguarding Partnerships

● Liaise with the designated safeguarding lead on all online-safety issues which might arise and receive regular updates on academy issues and broader policy and practice information

● Take overall responsibility for data management and information security ensuring the academy’s provision follows best practice in information handling; work with 5

Co-op Academies - Online Safety Policy

the academy’s GDPR Ambassador , DSL and governors to ensure a

GDPR-compliant framework for storing data, but helping to ensure that child protection is always put first and data-protection processes support careful and legal sharing of information

● Ensure the academy implements and makes effective use of appropriate IT systems and services including school-safe filtering and monitoring, protected email systems and that all technology including cloud systems are implemented according to child-safety first principles

● Be responsible for ensuring that all staff receive suitable training to carry out their safeguarding and online safety roles

● Understand and make all staff aware of procedures to be followed in the event of a serious online safeguarding incident

● Ensure suitable risk assessments are undertaken so the curriculum meets needs of pupils, including risk of children being radicalised online.

● Ensure that there is a system in place to monitor and support staff (e.g. Co-op Academy IT staff) who carry out internal technical online-safety procedures ● Ensure governors are regularly updated on the nature and effectiveness of the academy’s arrangements for online safety

● Ensure the academy website meets statutory requirements

● The responsibilities of the Headteacher in relation to safeguarding, encompassing online safety can be found in KCSiE 2022.

4.2 Designated Safeguarding Lead

Key responsibilities (remember the DSL can delegate certain online safety duties, e.g. to the online-safety coordinator, but not the overall responsibility; this assertion and all quotes below are from Keeping Children Safe in Education 2022):

● “The designated safeguarding lead should take lead responsibility for safeguarding and child protection [including online safety] … this lead responsibility should not be delegated”

● Work with the HT and IT staff to review protections for pupils in the home and remote-learning procedures, rules and safeguards

● Ensure “An effective approach to online safety [that] empowers a school or college to protect and educate the whole school or college community in their use of technology and establishes mechanisms to identify, intervene in and escalate any incident where appropriate.”

● “Liaise with staff (especially pastoral support staff, school nurses, IT Technicians, and SENCOs, or the named person with oversight for SEN in a college and Senior Mental Health Leads) on matters of safety and safeguarding (including online and digital safety) and when deciding whether to make a referral by liaising with relevant agencies.”

● Take day-to-day responsibility for online safety issues and be aware of the potential for serious child protection concerns

6

Co-op Academies - Online Safety Policy

● Remind staff of safeguarding considerations as part of a review of remote learning procedures and technology, including that the same principles of online safety and behaviour apply

● Work with the headteacher, GDPR Ambassador and governors to ensure a GDPR-compliant framework for storing data, but helping to ensure that child protection is always put first and data-protection processes support careful and legal sharing of information

● Stay up to date with the latest trends in online safeguarding and “undertake Prevent awareness training” in relation to the risks associated with extremism and radicalisation.

● Review and update this policy, other online safety documents and the strategy on which they are based (in harmony with policies for behaviour, safeguarding, Prevent and others) and submit for review to the governors/trustees.

● Receive regular updates in online safety issues and legislation, be aware of local and academy trends

● Ensure that online safety education is embedded across the curriculum in line with the statutory RSHE guidance and beyond, in wider academy life

● Promote an awareness of and commitment to online safety throughout the academy community, with a strong focus on parents/carers, but also including hard-to-reach parents/carers – dedicated resources at parentsafe.lgfl.net 

● Communicate regularly with SLT and the designated safeguarding governor to discuss current issues (anonymised), review incident logs and filtering/change control logs and discuss how filtering and monitoring work and have been functioning/helping.

● Ensure all staff are aware of the procedures that need to be followed in the event of an online safety incident, and that these are logged in the same way as any other safeguarding incident.

● Ensure adequate provision for staff to raise concerns when not in school (e.g. through CPOMS, or other system for raising child protection concerns), and for pupils to disclose issues when off site, especially when in

isolation/quarantine/lockdown, e.g. a safe, simple, online form on the academy home page about ‘something that worrying me’ that gets reported through the academy’s “report a concern” function on the academy website

● Oversee and discuss ‘appropriate filtering and monitoring’ with governors and ensure staff are also aware of the safeguarding products each academy has in place to ensure online safety. Key decisions on what should be allowed are the responsibility of the DSL who should be careful to keep children safe but “be careful that ‘over blocking’ does not lead to unreasonable restrictions” (KCSIE).

● Ensure the updated DfE guidance on Sexual Violence & Sexual Harassment Between Children in Schools & Colleges Guidance is followed throughout the academy and that staff adopt a zero-tolerance, whole school approach to this, as well as to bullying including where this behaviour takes place through the use of technology.

7

Co-op Academies - Online Safety Policy

● Facilitate training and advice for all staff, including supply teachers: o cascade knowledge of risks and opportunities throughout the organisation o cpd.lgfl.net has helpful CPD materials including PowerPoints, videos and more

● Pay particular attention to online tutors, both those engaged by the academy as part of the DfE scheme and those hired by parents/carers - share the Online Tutors – Keeping Children Safe poster at parentsafe.lgfl.net to remind parents/carers of key safeguarding principles

4.3 Academy Governing Council, led by Safeguarding Link Governor Key responsibilities (quotes are taken from Keeping Children Safe in Education 2022) ● Note this policy and subsequently review its effectiveness, e.g. by asking the questions in the helpful document from the UK Council for Child Internet Safety (UKCIS) Online safety in schools and colleges: Questions from the Governing Board 

● Ask about how the academy has reviewed protections for pupils in the home (including when with online tutors) and remote-learning procedures, rules and safeguards

● Support the academy in encouraging parents/carers and the wider community to become engaged in online safety activities

● Have regular strategic reviews with the DSL and incorporate online safety into standing discussions of safeguarding at governor meetings

● “Ensure that all staff undergo safeguarding and child protection training (including online safety) at induction and be regularly updated. “Ensure appropriate filters and appropriate monitoring systems are in place [but…] be careful that ‘overblocking’ does not lead to unreasonable restrictions as to what children can be taught with regard to online teaching and safeguarding”.

● “Ensure that children are taught about safeguarding, including online safety […] as part of providing a broad and balanced curriculum […] Consider a whole school or college approach to online safety with a clear policy on the use of mobile technology.”

4.4 All staff

Key responsibilities:

● Pay particular attention to safeguarding provisions for home-learning and remote-teaching technologies

● Recognise that RSHE is now statutory and that it is a whole-school subject requiring the support of all staff; online safety has become core to this new subject ● Understand that online safety is a core part of safeguarding; as such it is part of everyone’s job – never think that someone else will pick it up

● Know who the Designated Safeguarding Lead (DSL) are for your academy ● Read and follow this policy in conjunction with the academy's main safeguarding and child protection policy and Part 1 of KCSiE Sep 22

8

Co-op Academies - Online Safety Policy

● Record online-safety incidents in the same way as any safeguarding incident and report in accordance with academy procedures using CPOMS.

● Sign and follow the colleague Acceptable Use Policy and Colleague Code of Conduct

● Identify opportunities to thread online safety through all academy activities as part of a whole school approach in line with the RSHE curriculum, both outside the classroom and within the curriculum, supporting curriculum/stage/subject leads, and making the most of unexpected learning opportunities as they arise (which have a unique value for pupils)

● Whenever overseeing the use of technology in academy or for homework or remote teaching, encourage and talk about appropriate behaviour and how to get help and consider potential risks and the age-appropriateness of websites (find out what appropriate filtering and monitoring systems are in place)

● When supporting pupils remotely, be mindful of additional safeguarding considerations.

● Carefully supervise and guide pupils when engaged in learning activities involving online technology, supporting them with search skills, critical thinking, age appropriate materials and signposting, and legal issues such as copyright and GDPR.

● Be aware of security best-practice at all times, including password hygiene and phishing strategies.

● Prepare and check all online source and resources before using

● Encourage pupils/students to follow their acceptable use policy at home as well as at school, remind them about it and enforce academy sanctions.

● Notify the DSL of new trends and issues before they become a problem ● Take a zero-tolerance approach to bullying and sexual harassment ● Be aware that you are often most likely to see or overhear online-safety issues

(particularly relating to bullying and sexual harassment and violence) in the playground, corridors, toilets and other communal areas outside the classroom – let the DSL know

● Receive regular updates from the DSL and have a healthy curiosity for online safeguarding issues

● Model safe, responsible and professional behaviours in their own use of technology. This includes outside the academy hours and site, and on social media, in all aspects upholding the reputation of the academy and of the professional reputation of all staff.

4.5 PSHE / RSHE Lead(s)

Key responsibilities:

● As listed in the ‘all staff’ section, plus:

● Embed consent, mental wellbeing, healthy relationships and staying safe online into the PSHE / Relationships education, relationships and sex education (RSE) and health education curriculum. “This will include being taught what positive, healthy

9

Co-op Academies - Online Safety Policy

and respectful online relationships look like, the effects of their online actions on others and knowing how to recognise and display respectful behaviour online. Throughout these subjects, teachers will address online safety and appropriate behaviour in an age appropriate way that is relevant to their pupils’ lives.”

● This will complement the computing curriculum, which covers the principles of online safety at all key stages, with progression in the content to reflect the different and escalating risks that pupils face. This includes how to use technology safely, responsibly, respectfully and securely, and where to go for help and support when they have concerns about content or contact on the internet or other online technologies.

● Work closely with the DSL, computing lead all other staff to ensure an understanding of the issues, approaches and messaging within PSHE / RSHE and to avoid overlap.

4.6 Academy ‘Computing Lead’

Key responsibilities:

As listed in the ‘all staff’ section (above), plus:

● Oversee the delivery of the online safety element of the Computing curriculum in accordance with the national curriculum

● Work closely with the RSHE lead to avoid overlap but ensure a complementary whole-school approach

● Work closely with the DSL and all other staff to ensure an understanding of the issues, approaches and messaging within Computing

● Collaborate with technical staff and others responsible for IT use in the academy to ensure a common and consistent approach, in line with acceptable-use agreements

4.7 Subject / aspect leaders

Key responsibilities:

As listed in the ‘all staff’ section, plus:

● Look for opportunities to embed online safety in your subject or aspect, especially as part of the new RSHE curriculum, and model positive attitudes and approaches to staff and pupils alike

● Consider how the UKCIS framework Education for a Connected World and Teaching Online Safety in Schools can be applied in your context

● Work closely with the DSL and all other staff to ensure an understanding of the issues, approaches and messaging within Computing

● Ensure subject specific action plans also have an online-safety element

4.8 IT Network Manager/Technician/Apprentice

Key responsibilities:

As listed in the ‘all staff’ section, plus:

● Support the HT and DSL team as they review protections for pupils in the home and remote-learning procedures, rules and safeguards

10

Co-op Academies - Online Safety Policy

● Keep up to date with our Trust’s Online Safety Policy and technical information in order to effectively carry out their online safety role and to inform and update others as relevant

● Meet the RSHE lead to see how the online-safety curriculum delivered through this new subject can complement the academy IT system and vice versa, and ensure no conflicts between educational messages and practice.

● Work closely with the designated safeguarding lead / academy GDPT Ambassador to ensure that academy systems and networks reflect academy policy ● Ensure the above stakeholders understand the consequences of existing services and of any changes to these systems (especially in terms of access to personal and sensitive records / data and to systems such as YouTube mode, web filtering settings, sharing permissions for files on cloud platforms etc

● Support and advise on the implementation of ‘appropriate filtering and monitoring’ as decided by the DSL and senior leadership team

● Maintain up-to-date documentation of the academy’s online security and technical procedures

● To report online-safety related issues that come to their attention to the DSL and our Trust’s central IT team

● Manage the academy’s systems, networks and devices, according to a strict password policy, with systems in place for detection of misuse and malicious attack, with adequate protection, encryption and backup for data, including disaster recovery plans, and auditable access controls

● Monitor the use of academy technology and online platforms and that any misuse/attempted misuse is identified and reported in line with academy policy

4.9 Academy GDPR Ambassador

Key responsibilities:

● Be aware that of references to the relationship between data protection and safeguarding in key Department for Education documents ‘Keeping Children Safe in Education’ and ‘Data protection: a toolkit for schools’ (August 2018), especially this quote from the latter document:

“GDPR does not prevent, or limit, the sharing of information for the purposes of keeping children safe. Lawful and secure information sharing between schools, Children’s Social Care, and other local agencies, is essential for keeping children safe and ensuring they get the support they need. The Data Protection Act 2018 introduced ‘safeguarding’ as a reason to be able to process sensitive, personal information, even without consent (DPA, Part 2,18; Schedule 8, 4) When Designated Safeguarding Leads in schools are considering whether, or not, to share safeguarding information (especially with other agencies) it is considered best practice for them to record who they are sharing that information with and for what reason. If they have taken a decision not to seek consent from the data subject and/or parent/carer that should also be recorded within the safeguarding file. All relevant information can be shared without consent if to gain consent would place a child

11

Co-op Academies - Online Safety Policy

at risk. Fears about sharing information must not be allowed to stand in the way of promoting the welfare and protecting the safety of children.”

The same document states that the retention schedule for safeguarding records may be required to be set as ‘Very long term need (until pupil is aged 25 or older)’. However, some local authorities require record retention until 25 for all pupil records. An example of an LA safeguarding record retention policy can be read at safepolicies.lgfl.net, but you should check the rules in your area.

● Work with the DSL, Trust Data Protection Officer (DPO) headteacher and governors to ensure frameworks are in place for the protection of data and of safeguarding information sharing as outlined above. Ensure that all access to safeguarding data is limited as appropriate, and also monitored and audited

4.10 Volunteers and contractors (including tutors)

Key responsibilities:

● Follow any instructions or guidance given in relation to use of academy technology or the internet within the academy

● Report any concerns, no matter how small, to the designated safety lead ● Maintain an awareness of current online safety issues and guidance ● Model safe, responsible and professional behaviours in their own use of

technology at the academy and as part of remote teaching or any online communications

● Note that a contractor should never attempt to arrange any meeting, including tutoring sessions, without the full prior knowledge and approval of the academy, and will never do so directly with a pupil. The same applies to any private/direct communication with a pupil.

4.11 Pupils

Key responsibilities:

● Follow any instructions or guidance given in relation to use of academy technology or the internet within the academy

● Treat home learning during any isolation/quarantine or bubble/academy lockdown in the same way as regular learning in the academy and behave as if a teacher or parent were watching the screen

● Avoid any private communication or use of personal logins/systems to communicate with or arrange meetings with academy staff or tutors

● Understand the importance of reporting abuse, misuse or access to inappropriate materials, including any concerns about a member of academy staff or supply teacher or online tutor

● Know what action to take if they or someone they know feels worried or vulnerable when using online technology, at the academy, home or anywhere else.

12

Co-op Academies - Online Safety Policy

● To understand the importance of adopting safe and responsible behaviours and good online safety practice when using digital technologies outside of the academy and realise that the academy’s policies cover actions out of the academy, including on social media

● Remember the rules on the misuse of academy technology – devices and logins used at home should be used just like if they were in full view of a teacher. ● Understand the benefits/opportunities and risks/dangers of the online world and know who to talk to at the academy or outside school if there are problems

4.12 Parents/carers

Key responsibilities:

● Consult with the academy if they have any concerns about their children’s and others’ use of technology

● Promote positive online safety and model safe, responsible, respectful and positive behaviours in their own use of technology, including on social media: not sharing other’s images or details without permission and refraining from posting negative, threatening or violent comments about others, including the academy staff, volunteers, governors, contractors, pupils or other parents/carers.

● Encourage children to engage fully in home-learning during any period of isolation/quarantine or bubble/academy closure and flag any concerns ● Support the child during remote learning to avoid video calls in a bedroom if possible and if not, to ensure the child is fully dressed and not in bed, with the camera pointing away from beds/bedding/personal information etc. and the background blurred or changed where possible.

● If organising private online tuition, remain in the room if possible, ensure the child knows tutors should not arrange new sessions directly with the child or attempt to communicate privately. Further advice available in the Online Tutors – Guidance for Parents and Carers poster at parentsafe.lgfl.net, which is a dedicated parent portal offering updated advice and resources to help parents/carers keep children safe online

4.13 External groups including parent associations 

Key responsibilities:

● Follow any instructions or guidance given in relation to use of academy technology or the internet within the academy

● Support the academy in promoting online safety and data protection ● Model safe, responsible, respectful and positive behaviours in their own use of technology, including on social media: not sharing other’s images or details without permission and refraining from posting negative, threatening or violent comments about others, including the academy staff, volunteers, governors, contractors, pupils or other parents/carers

13

Co-op Academies - Online Safety Policy

5. Education and curriculum 

The following subjects have the clearest online safety links (see the relevant role descriptors above for more information):

● Relationships education, relationships and sex education (RSE) and health (also known as RSHE or PSHE)

● Computing

● Citizenship

At our Trust, we recognise that online safety and broader digital resilience must be thread throughout the curriculum

Annual reviews of curriculum plans / schemes of work (including for SEND pupils) should be used as an opportunity to evaluate the key areas of Self-image and Identity, Online relationships, Online reputation, Online bullying, Managing online information, Health, Wellbeing and lifestyle, Privacy and security, and Copyright and ownership.

6. Handling online-safety concerns and incidents

Procedures for dealing with online-safety concerns or incidents will be mostly detailed in the following policies (primarily in the first key document):

● Safeguarding and Child Protection Policy

● Anti-Bullying Policy

● Behaviour Policy (including academy sanctions)

● PREVENT - Risk Assessment / Policy

● Data Protection Policy, agreements and other documentation (e.g. privacy statement and consent forms for data sharing, image use etc)

● Colleague Code of Conduct

Co-op Academies Trust commits to take all reasonable precautions to ensure online safety, but recognises that incidents will occur both inside the academy and outside the academy (and that incidents outside the academy may continue to impact pupils when they come into the academy or during extended periods away from the academy). All members of the academy are encouraged to report issues swiftly to allow us to deal with them quickly and sensitively through the academy’s escalation processes. Any suspected online risk or infringement should be reported to the online safety lead / designated safeguarding lead on the same day – where clearly urgent, it will be made by the end of the lesson.

Any concern/allegation about staff misuse is always referred directly to the Headteacher, unless the concern is about the Headteacher in which case the complaint is referred to the Regional Director and/or Chair of Governors. Where appropriate, the LADO (Local

14

Co-op Academies - Online Safety Policy

Authority’s Designated Officer) should also be informed. Staff may also use the NSPCC Whistleblowing Helpline.

The academy will actively seek support from other agencies as needed (i.e. the local authority, LGfL, UK Safer Internet Centre’s Professionals’ Online Safety Helpline (POSH), NCA CEOP, Prevent Officer, Police, IWF). We will inform parents/carers of online-safety incidents involving their children, and the Police where staff or pupils engage in or are subject to behaviour which we consider is particularly disturbing or breaks the law (particular procedures are in place for sexting and upskirting; see section below).

The academy should evaluate whether reporting procedures are adequate for any future closures/lockdowns/isolation etc and make alternative provisions in advance where these might be needed.

6.1 Actions where there are concerns about a child

Staff should follow their academy Safeguarding and child protection policy if they are concerned about the safety of a pupil at the academy and report their concerns to the DSL using CPOMS.

6.2 Sexting - sharing nudes and semi-nudes

All academies (regardless of phase) should refer to the updated UK Council for Internet Safety (UKCIS) guidance on sexting - now referred to as Sharing nudes and semi-nudes: advice for education settings to avoid unnecessary criminalisation of children. NB - where one of the parties is over 18, this is no longer sexting but child sexual abuse.

There is a one-page overview called Sharing nudes and semi-nudes: how to respond to an incident for all staff (not just classroom-based staff) to read, in recognition of the fact that it is mostly someone other than the designated safeguarding lead (DSL) or online safety lead to first become aware of an incident, and it is vital that the correct steps are taken. Colleagues other than the DSL must not attempt to view, share or delete the image or ask anyone else to do so, but to go straight to the DSL.

The academy DSL will in turn use the full guidance document, Sharing nudes and semi-nudes – advice for educational settings to decide next steps and whether other agencies need to be involved.

15

Co-op Academies - Online Safety Policy

*Consider the 5 points for immediate referral at initial review:

1. The incident involves an adult

2. There is reason to believe that a child or young person has been coerced, blackmailed or groomed, or there are concerns about their capacity to consent (for example, owing to special educational needs) 3. What you know about the images or videos suggests the content depicts sexual acts which are unusual for the young person’s developmental stage, or are violent

4. The images involves sexual acts and any pupil in the images or videos is under 13

5. You have reason to believe a child or young person is at immediate risk of harm owing to the sharing of nudes and semi-nudes, for example, they are presenting as suicidal or self-harming

It is important that everyone understands that whilst sexting is illegal, pupils/students can come and talk to members of staff if they have made a mistake or had a problem in this area.

The documents referenced above and materials to support teaching about sexting can be found at sexting.lgfl.net 

6.3 Upskirting

It is important that everyone understands that upskirting (taking a photo of someone under their clothing, not necessarily a skirt) is now a criminal offence, as highlighted in Keeping Children Safe in Education and that pupils/students can come and talk to members of staff if they have made a mistake or had a problem in this area.

16

Co-op Academies - Online Safety Policy

6.4 Bullying

Online bullying should be treated like any other form of bullying and the academy anti-bullying policy should be followed for online bullying, which may also be referred to as cyberbullying, including issues arising from banter.

Materials to support teaching about bullying and useful Department for Education guidance and case studies are at bullying.lgfl.net 

6.5 Sexual violence and harassment

DfE guidance on sexual violence and harassment is referenced in Keeping Children Safe in Education and also a document in its own right. Information on how staff should respond to a report of this nature is outlined in the academy’s Safeguarding and Child Protection Policy.

Any incident of sexual harassment or violence (online or offline) should be reported to the DSL who will follow the full guidance. Colleagues should work to foster a zero-tolerance culture. The guidance stresses that schools must take all forms of sexual violence and harassment seriously, explaining how it exists on a continuum and that behaviours incorrectly viewed as ‘low level’ are treated seriously and not allowed to perpetuate. The document makes specific reference to behaviours such as bra-strap flicking and the careless use of language.

6.6 Misuse of academy technology (devices, systems, networks or platforms) Clear and well communicated rules and procedures are essential to govern pupil and adult use of academy networks, connections, internet connectivity and devices, cloud platforms and social media (both when on academy site and outside of the academy). Academies are responsible for communicating these rules and procedures to relevant audiences, e.g. through the use of Acceptable Use Policies, or similar documents.

Where pupils contravene these rules, the academy Behaviour Policy will be applied; where colleagues contravene these rules, action will be taken as outlined in the Colleague Code of Conduct

Further to these steps, our Trust reserves the right to withdraw – temporarily or permanently – any or all access to such technology, or the right to bring devices onto academy property.

6.7 Social media incidents

See our Trust’s Social Media Policy for rules and expectations of behaviour for children and adults in the Co-op Academies Trust community.

17

Co-op Academies - Online Safety Policy

Breaches will be investigated in accordance with an academy’s Behaviour Policy (for pupils) or our Disciplinary Procedure (for staff).

Further to this, where an incident relates to an inappropriate, upsetting, violent or abusive social media post by a member of the Trust community, we will request that the post be deleted and will expect this to be actioned promptly.

Where an offending post has been made by a third party, the academy may report it to the platform it is hosted on, and may contact the Professionals’ Online Safety Helpline, POSH, (run by the UK Safer Internet Centre) for support or help to accelerate this process.

7. Data protection and data security 

“GDPR does not prevent, or limit, the sharing of information for the purposes of keeping children safe. Lawful and secure information sharing between schools, Children’s Social Care, and other local agencies, is essential for keeping children safe and ensuring they get the support they need. The Data Protection Act 2018 introduced ‘safeguarding’ as a reason to be able to process sensitive, personal information, even without consent (DPA, Part 2,18; Schedule 8, 4) When Designated Safeguarding Leads in schools are considering whether, or not, to share safeguarding information (especially with other agencies) it is considered best practice for them to record who they are sharing that information with and for what reason. If they have taken a decision not to seek consent from the data subject and/or parent/carer that should also be recorded within the safeguarding file. All relevant information can be shared without consent if to gain consent would place a child at risk. Fears about sharing information must not be allowed to stand in the way of promoting the welfare and protecting the safety of children.”

All pupils, staff, governors, volunteers, contractors and parents/carers are bound by our Trust’s Data Protection Policy and agreements, which can be found here.

The Headteacher/Principal, Data Protection Officer and governors work together to ensure a GDPR-compliant framework for storing data, but which ensures that child protection is always put first and data-protection processes support careful and legal sharing of information.

Colleagues are reminded that all safeguarding data is highly sensitive and should be treated with the strictest confidentiality at all times, and only shared via approved channels to colleagues or agencies with appropriate permissions. Encryption of all non-internal emails is compulsory for sharing pupil data. If this is not possible, the Academy GDPR Ambassador and DSL should be informed in advance.

8. Appropriate filtering and monitoring 

18

Co-op Academies - Online Safety Policy

Keeping Children Safe in Education obliges schools to “ensure appropriate filters and appropriate monitoring systems are in place [and] not be able to access harmful or inappropriate material [but at the same time] be careful that “over blocking” does not lead to unreasonable restrictions as to what children can be taught with regards to online teaching and safeguarding.”

Our Trust is moving to a central broadband provider (LGfL). This means we have a dedicated and secure, schoolsafe connection that is protected with firewalls and multiple layers of security, including a web filtering system called WebScreen, which is made specifically to protect children in schools.

There are three types of appropriate monitoring identified by the Safer Internet Centre. These are:

1. Physical monitoring (adult supervision in the classroom, at all times) 2. Internet and web access

3. Active/Pro-active technology monitoring services

When pupils log into their Co-op Academies account on a personal device, including via home wifi systems, activity may be monitored.

9. Electronic communications 

Email, Google Classroom, and other relevant platforms approved and adopted by an academy, are the only means of electronic communication which should be used between staff and pupils / staff and parents/carers (in both directions). Use of a different platform must be approved in advance by the headteacher in advance. Any unauthorised attempt to use a different system may be a safeguarding concern or disciplinary matter and should be notified to the DSL (if by a child) or to the Headteacher (if by a staff member).

9.1 Email

All Trust staff and Pupils use Google Mail for electronic communications.

General principles for email use are as follows:

● Email may only be sent using the email systems above. There should be no circumstances where a private email is used; if this happens by mistake, the DSL/Headteacher/GDPR Ambassador (the particular circumstances of the incident will determine whose remit this is) should be informed immediately.

● Staff or pupil personal data should not be sent externally by email, unless there is no suitable alternative.

o If data needs to be shared with external agencies, appropriate encryption should be used or the data should be shared via another agreed secure platform

19

Co-op Academies - Online Safety Policy

o Internally, colleagues should use the academy network, including when working from home when remote access is available

● Appropriate behaviour is expected at all times, and the system should not be used to send inappropriate materials or language which is bullying, aggressive, rude, insulting, illegal or otherwise inappropriate (e.g. racist, homophobic, transphobic)

● Pupils and staff are allowed to use the email system for reasonable (not excessive, not during lessons) personal use but should be aware that all use is monitored, their emails may be read and the same rules of appropriate behaviour apply at all times. Emails using inappropriate language, images, malware or to adult sites may be blocked and not arrive at their intended destination.

● Staff should be aware that any emails sent regarding a pupil, parent, colleague or any other individual may be released to that individual in the event of a subject access request. All email correspondence should be factual and professional.

● Information sent and received via email should only be kept as long as necessary. Any sensitive data should be deleted when no longer needed.

10. Academy website 

An academy website is a key public-facing information portal for the academy community (both existing and prospective stakeholders) with a key reputational value.

The DfE has determined information which must be available on a school website. Where colleagues submit information for the website, they are asked to remember: ● Schools have the same duty as any person or organisation to respect and uphold copyright law – schools have been fined thousands of pounds for copyright breaches. Sources must always be credited and material only used with permission. If in doubt, check with a member of our Trust’s Marketing & Engagement Team. ● Where pupil work, images or videos are published on the website, their identities are protected and full names are not published (remember also not to save images with a filename that includes a pupil’s full name).

11. Cloud platforms 

It is important to consider data protection before adopting a cloud platform or service – see our Data Protection Policy here. 

For online safety, basic rules of good password hygiene (“Treat your password like your toothbrush – never share it with anyone!”), expert administration and training can help to keep staff and pupils safe, and to avoid incidents. Trust IT and Data Protection colleagues will analyse and document systems and procedures before they are implemented, and regularly review them.

20

Co-op Academies - Online Safety Policy

The following principles apply:

● Privacy Statements inform parents/carers and children (13+) when and what sort of data is stored in the cloud

● The DPO approves new cloud systems, what may or may not be stored in them and by whom. This is noted in a DPIA (data-protection impact statement) where appropriate

● Open access or widely shared folders are clearly marked as such

● Two-factor authentication is used for access to staff or pupil data, wherever possible

● Pupil images/videos are only made public with parental permission ● Only Trust-approved platforms should be used by students or staff to store pupil work

● All stakeholders understand the difference between consumer and education products (e.g. a private Gmail account or Google Drive and those belonging to a managed educational domain)

12. Digital images and video 

When a pupil/student joins the academy, parents/carers are asked if they give consent for their child’s image to be captured in photographs or videos, for what purpose (beyond internal assessment, which does not require express consent). Eg. “do you give permission for your child’s image to be used for displays around the school, and internal or external use by the Academy and our Trust, such as social media, printed and online prospectuses, websites, newsletters. Yes or no.”

Whenever a photo or video is taken/made, the member of staff taking it will check the latest database before using it for any purpose.

Any pupils shown in public facing materials are never identified with more than first name and year group (and photo file names/tags do not include full names to avoid accidentally sharing them).

If a pupil’s status changes (e.g. revoking permission), the academy should take appropriate action to stop the use of images going forward and, if appropriate, delete historical images (e.g. social media posts). In safeguarding cases, the headteacher should also contact the Safeguarding and Marketing & Engagement teams who will advise on next steps.

At Co-op Academies Trust, members of staff should not use personal devices to take or hold data about or photographs of children. Where work devices are used to capture photos or videos of pupils, these will be appropriate, linked to academy activities, taken without secrecy and not in a one-to-one situation.

21

Co-op Academies - Online Safety Policy

Photos are stored on our Trust’s network in line with the retention schedule / Data Protection Policy.

Staff and parents/carers should be reminded annually about the importance of not sharing without permission, due to reasons of child protection (e.g. looked-after children often have restrictions for their own protection), data protection, religious or cultural reasons, or simply for reasons of personal privacy. During celebration events/assemblies the Headteacher/DSL should undertake a risk assessment of any possible risks to children in relation to parental uses of devices and sharing of images and video to determine if this is allowed but with restrictions of the sharing on social media.

We encourage young people to think about their online reputation and digital footprint, so we should be good adult role models.

In their online safety education programme, pupils/students are taught: ● about how images can be manipulated

● how to publish for a wide range of audiences which might include governors, parents/carers or younger children

● about the importance of being very careful about placing any personal photos on social media

● to understand the need to maintain privacy settings so as not to make public, personal information

● that they should not post images or videos of others without their permission ● about the risks associated with providing information with images (including the name of the file), that reveals the identity of others and their location ● about the need to keep their data secure and what to do if they / or a friend are subject to bullying or abuse.

13. Social media 

Co-op Academies Trust works on the principle that if we don’t manage our social media reputation, someone else will. Accordingly, we manage and monitor our social media footprint carefully to know what is being said about the academy and to respond to criticism and praise in a fair, responsible manner. Further information is in our Social Media Policy.

14. Device usage 

Academy / Trust devices must be used in accordance with policy, and devices used at home should be used just like if they were in full view of a teacher or colleague.

22

Co-op Academies - Online Safety Policy

Please read the following in conjunction with Acceptable Use Policies (where applicable), Colleague Code of Conduct (for staff) and the following sections of this document which all impact upon device usage: copyright, data protection, social media, misuse of technology, and digital images and video.

14.1 Personal devices including wearable technology and ‘bring your own device’

Individual academies are responsible for setting out and communicating the details of personal device usage e.g. whether or not pupils / students are able to bring their mobile phones to school and when they are allowed to use them.

The academy should consider that pupils may have access to 3G, 4G and 5G phone networks which may result in pupils being sexually harassed, bullied and controlled via their mobile and smart technology, share indecent images consensually and non-consenually (via large chat groups) and view and share pronography and other harmful content.

14.2 Network / internet access on academy devices

Individual academies are responsible for setting out and communicating the details of academy wifi / internet access on both academy devices, and personal device brought into the academy by different groups within the Trust community.

For example, whether or not pupils / students are able to bring their mobile phones to the academy and when they are allowed to use them; whether guests are given wifi access.

14.3 Trips / events away from the academy

Individual academies are responsible for setting out and communicating the details of mobile phones (etc) on trips or events away from the academy, with reference to our Educational Visits Policy. Any deviation from this (e.g. by mistake or because the school phone will not work) should be notified immediately to the Headteacher. Teachers using their personal phone in an emergency should ensure that the number is hidden to avoid a parent or student accessing a teacher’s private phone number.

14.4 Searching and confiscation

In line with the DfE guidance ‘Searching, screening and confiscation: advice for schools’, the Headteacher/Principal and staff authorised by them have a statutory power to search pupils/property on academy premises. This includes the content of mobile phones and other devices, for example as a result of a reasonable suspicion that a device contains illegal or undesirable material, including but not exclusive to sexual images, pornography, violence or bullying.

23

Co-op Academies - Online Safety Policy

15. Further Help and Support 

Internal academy channels should always be followed first for reporting and support, as documented in academy policy documents, especially in response to incidents, which should be reported in line with your Safeguarding & Child Protection Policy. The DSL will handle referrals to local authority multi-agency safeguarding hubs (MASH) and normally the headteacher will handle referrals to the LA designated officer (LADO).

Beyond this, reporting.lgfl.net has a list of curated links to external support and helplines for both pupils and staff, including the Professionals’ Online-Safety Helpline from the UK Safer Internet Centre and the new NSPCC Report Abuse Helpline for sexual harassment or abuse, as well as hotlines for hate crime, terrorism and fraud which might be useful to share with parents/carers, and anonymous support for children and young people.

16. Review 

This Policy will be reviewed once every three years in consultation with our recognised trade unions, or earlier if necessary.

24