1. INTRODUCTION
H.H. Shaikh Rashid Al Maktoum Pakistan School (hereby referred to as ‘the School) believes digital technologies and internet access are essential for modern learning. Millennials spend increasing amounts of time online for various activities. The post-COVID world is seeing a changing trend where the importance of online education, virtual meetings and data availability necessitates drawing guidelines for internet users, especially teachers, students and parents. Providing easy internet access to students and teachers where a wealth of valuable information can be used, students and trainers must be safe, and responsible and ethical values are adhered to using digital technologies.
2. PURPOSE AND SCOPE
This policy aims to provide a framework as to how the School uses digital technologies for teaching and learning, behavioural expectations and parents’ responsibilities for guidance.
The IT department at the School is working towards implementing secure and safe cyberspace by establishing better systems to ensure the productive use of digital technology. Web-filtering functionality, firewalls and other modes enable the trainers and teachers to enforce strict checks for online access and restrict unwanted material.
3. OBJECTIVES
ICT provides students with the tools to transform their learning and enrich their learning environment. With this policy, we aim to:
- Provide a clearly stated cybersecurity policy
- Give detailed information on the cyber laws of Dubai
- Ensure the cyber safety and digital security of the school community with proper measures and controls set by the IT department as approved by the Management
- Provide procedures to report cyber-bullying incidents and misuse of internet access.
4. TERMINOLOGY
Cybersecurity “protects a person, organisation, or country and their computer information against crime or attacks carried out using the internet.”
Cyberbullying is “the activity of using the internet to harm or frighten another person, especially by sending them unpleasant messages”.
5. LEGISLATION
This policy aims to ensure that the School is compliant with the terms of:
- Article 29 of Federal Law No. 3 of 2016 Concerning Child Rights, also known as Wadeema’s Law
- Dubai Data Law (Law No. 26 of 2015 on the Organization of Dubai Data Publication and Sharing)
- Article 29 of Federal Law No. 3 of 2016 Concerning Child Rights states: “The telecommunications companies and internet service providers shall notify the competent authorities or the concerned entities of any child pornography materials being circulated through the social media sites and on the Internet and shall provide necessary information and data on the persons, entities or sites that circulate such material or intend to mislead the children.”
- “The Dubai Data Law (Law No. 26 of 2015 on the Organization of Dubai Data Publication and Sharing) aims for data protection and privacy of all individuals including that of children.”
- Moreover, “Ministry of Interior and the National Programme for Happiness and Wellbeing launched the ‘Child Digital Safety’ initiative in March 2018, in a joint effort to raise awareness among children and school students about online threats and challenges, and promote a safe and constructive use of the internet.”
6. TARGETS
In compliance with Federal Legislation, the School aims to:
- Provide education that gives access to current and appropriate educational technologies
- Introduce students to different tools for using digital technologies safely and responsibly and its consequences through laid down guidelines, seminars and workshops
- Provide students with opportunities to access digital technologies with secure internet access for a safer digital environment
- Educate the School community about the smart, safe and responsible use of ICT
- Educate the School community on cyber-bullying and ways to prevent it
- Alert the School for signs and evidence of cyberbullying and report the matter to the School’s Management immediately, whether as an observer or victim.
- Ensure that all reported incidents of cyber-bullying are followed up timely, support is given to all individuals involved, and remedial measures are taken.
7. RESPONSIBILITIES OF THE IT DEPARTMENT
The IT department plays a vital role in managing security and controls of internet and technology usage within the School. They must carry out the following tasks regularly to ensure the safety of the School community:
- Monitoring, maintenance and testing of security controls by ensuring the security configuration for all the ICT systems
- Conducting regular tests and system maintenance to ensure security configuration is running efficiently and providing any updates needed to keep it relevant
- Regular supervision of all systems, servers and networks, as well as monitoring CCTV to report any unusual activities to ensure the safety of the students and teachers
- Controlling administrative and privileged access. Create segmented accounts for established users, place limits on the user’s privileges and monitor activities
- Set passwords for the usage of any IT-related systems and applications and change them at intervals as deemed appropriate
- Protect the systems with anti-malware defences by installing various software to protect the school’s digital data
- Report any incident or breach seen or indicated to the school Management immediately
- Outline email security measures and strict checks to be maintained
- Set rules around handling technology and training to be given to trainers and staff on how to handle sensitive data.
- Set standards for social media and internet access and be well prepared for a breach or disciplinary issue and prepare an incident which will be forwarded to the Management for appropriate action.
- Keep this policy up-to-date.
8. CYBERBULLYING
Cyberbullying is one of the biggest challenges faced by training institutes, especially schools. The negative impact of social media dents the self-esteem of students and teachers, leading to physical and emotional harm. It is crucial to monitor cyber-bullying and take remedial steps through;
- The school will undertake appropriate measures to continuously block access to unsuitable internet sites such as social media platforms, chatrooms and online gaming sites.
- Parental support and cooperation are essential to the success of this policy. Parents will be regularly guided and informed of ethical internet usage by the students during school hours. Necessary assistance will be provided for any cyberbullying incident during school timings or out-of-school and out-of-school hours.
- Students and staff must retain the evidence of cyber-bullying for use by the School Management and the relevant law enforcement agencies
- The School will provide regular updates and guidance to students, parents, staff and faculty to be aware of the effects and (legal) consequences of cyber-bullying and digital safety and literacy programs.
9. DATA PROTECTION
9.1. THE SCHOOL collects and uses certain types of personal information about staff, students, alumni, Governors, parents and other individuals who encounter the School to provide education and related functions. The School may be required by law to collect and use certain types of information to comply with statutory obligations related to employment, education and protection of individuals. This section will ensure that personal information is dealt with appropriately, securely, and in accordance with the UAE legislation on data protection.
9.2. This section applies to all personal information regardless of how it is collected, used, recorded, stored and destroyed, whether paper-based or electronically.
9.3. Definition of Personal Data: Any data relating to an identified natural person, or a natural person who can be identified, directly or indirectly, through the linking of data, by reference to an identifier such as his name, voice, image, identification number, online identifier, geographical location, or one or more physical, physiological, economic, cultural or social characteristics.
9.4. Each student, parent, and employee is provided with a username and password for the School’s Learning Management System (LMS). All details are secured in a database handled by the School’s IT department. If the individual cannot access their account, it should be informed to the Head of the IT Department.
9.5. Employees must send emails through authorised channels such as LMS and Webmail. No other third-party email provider should be used to send emails. Students and parents must email the concerned staff to their official school emails or through LMS. This is to ensure the communication is being delivered to the right person.
9.6. Social media and non-educational websites are blocked for students and staff. Only authorised staff members have been given privileges to use them for school purposes.
9.7. Unauthorised or unlawful use of the internet by students and staff or the processing of personal data by employees will be subject to appropriate disciplinary action.
9.8. The School will maintain strong data governance at all times. Therefore, the School will:
- Inform all individuals clearly about the reason for collecting their personal data at the point of collection.
- Inform individuals when, why and with whom their data is shared.
- Check the quality and accuracy of the data.
- Ensure data is retained until necessary and is deleted/destroyed securely appropriately.
- Ensure that clear and robust safeguards are in place to protect personal data from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded.
- Share data with others only when legally appropriate.
- Ensure procedures are followed when responding to requests to access personal data.
- Ensure all employees are aware of and understand the Cybersecurity Policy.
- Ensure all complaints relating to Data Protection are dealt with in accordance with the School’s Complaints Policy.
To learn more about cybersecurity and the prevention of cybercrimes and cyberbullying, refer to the School’s Cybersecurity Guide 2021-22.