Are teachers meant to be using WhatsApp to discuss my DS

[PETRONELLAS]

Job-share with various other adults involved. Teacher said ‘we let eachother know about DS’s medication issue on WhatsApp. It works really well as we all read it’. I really though GDPR would not allow this and think it’s quite unprofessional. AIBU?

Whatsapp is used in mobile banking too because it’s more secure than bank apps.

Thanks for the insights.
I’m being unreasonable but think they need to have professional systems in place

What would you prefer they use Op?

Even afte 50+ messages, almost all agreeing there is no problem with it ?
As IDon'tknowwhat to say asks, what "system" do you think would work better ?

For those suggesting that it isn't right to use a personal device, how else would I read my emails at home? Do my work at home? I don't have a school device as there is no budget so I have own phone, desktop and laptop. I access studenr details and data on all of them; all we need is it to be password protected. I have work WhatsApp groups for different things because I get hundred of emails a day and things get lost, especially when students email me. WhatsApp is much more secure and reliable that Office365; that thing is the bane of my life. In fact WhatsApp notifications come through much quicker than email too; I track people down on WhatsApp much quicker than email.

If you want a more 'professional' system please find us several million pounds and a few years for development and compatibility testing. Or we could use something free and really effective.

If staff need to pass on written information about a student, it is subject to GDPR, whether handwritten, email, logged to a MIS, or texted.

The advantage of text/WhatsApp is that the information is pushed to the recipient, and doesn’t rely on them logging onto a system or checking emails.

I don’t see what is unprofessional about WhatsApp. If the message uses professional language, then what does it matter how it is transmitted?

Schools will have policies about personal devices - mine says that you can’t use your phone in the presence of students, and can’t take photos of them. We are fine to set up school email and access the MIS and other cloud services. For shared devices, eg home computer, we are trusted to log out of any school accounts so that other family members can stumble onto them.

I think there is a bit of a misunderstanding of what GDPR is on this thread.

I work in a GDPR environment and we would not recommend this. Are they using their personal devices for this? I also doubt the school has done appropriate checks on WhatsApp to be sure about what it does with the information. Sounds super dodgy

WA uses end to end encryption. WA can’t see what you’ve written, there is no data for them to use.

I’m not a teacher and don’t have children of school age but from what little I know I’d imagine there’s little to no finding that allows for teachers to communicate with one another on anything other than personal devices....

I don't understand why it's not a 'professional system'. Just because anyone and everyone can download the app doesn't mean anyone and everyone can read all the messages. As long as there's no data breach they're fine, surely? It's no different to email.

So how do you want them to share important information, OP?
Note in an envelope in a pigeon hole? Someone might misfile it or nick it.
Problems with email have already been mentioned.
Or they could be really secure and tell you that you must communicate the information secretly in person to every individual involved.

they need to have professional systems in place. Like?

I think this is just fine. It’s more confidential than leaving a post it note on the desk saying George now needs two tablets at lunch time, where everyone can read it.

However on a different note WhatsApp isn’t as benign as people seem to think. It’s owned by Facebook who skim off your data.

They need to have professional processes in place but that is not your complaint. Your issue was that you don't approve of WhatsApp

Did the school obtain consent from you in relation to the processing of data related to DS's use of medication? If they didn't then you are right they are in breach of GDPR but that's not related to the use of WhatsApp, it would apply with email/any written log.

The school must have explicit consent (legitimate interests as some posters have suggested don't apply as this is sensitive data).

However before you go in all guns blazing think what you want to achieve - the school may simply decide that being involved in his medication is too much effort.

they need to have professional systems in place

Please provide an example.

I'd guess that WhatsApp is readily available, quick to send and read and picked up instantly. When it comes to medication this is important.

One thing that is required when using any data sharing system, is that it has been audited and sanctioned by the school’s data protection officer (eg bursar or business manager).

Staff should not make informal arrangements.

What professional systems would you suggest ? You do know that teachers will be using their own phones too , it’s not like they’ll be offered one by the school.
You sound a bit precious tbh . Be glad they are caring for your son and meeting his needs .

Nope not secure. Same as anything owned (to be trawled for info to be sold) by Facebook.

Given the perception that security mechanisms like end-to-end encryption render this new generation of IM apps immune to privacy risks, this threat is especially significant.

venturebeat.com/2019/07/15/symantec-reveals-whatsapp-and-telegram-exploit-that-gives-hackers-access-to-your-personal-media/

The personal data for this child share on WhatsApp will not include anything particularly identifiable, eg DOB, address.

That he had a spoonful of Calpol at 11am will not be of any interest to hackers.

That link refers to media files, not text.

It’s not the same as posting it on Facebook or in the school newsletter, OP.

I know I am being facetious but you still haven’t said what your objection to this secure, end to end, encrypted method is or what sort of alternative would suit you ?

Seems like they have a good, well-functioning, professional system in place to me. Would you prefer they didn't communicate effectively about your son's needs?

Seems like they have a good, well-functioning, professional system in place to me. Would you prefer they didn't communicate effectively about your son's needs?

Only if it has been audited by the DPO.

Questions to ask in an audit:

The questions that should be asked when collecting data are:
• What information is being collected?
• Who is collecting it?
• How is it collected?
• Why is it being collected?
• How will it be used?
• Who will it be shared with?
• How long will you keep it for?
• How will it be kept secure?

I’m sure the WhatsApp scenario described here would pass the audit.

That's just today's security alert!

www.2-spyware.com/remove-whatsapp-virus.html
Last year, University of California researcher Tobias Boalter detected a backdoor which enabled unauthorized and unmonitored access to the app. This vulnerability allowed decrypting the secure end-to-end message encryption, making it possible for hackers to read through victims’ conversations.[5] Of course, the flaw was quickly patched up but is there any guarantee that such zero-day will not emerge in the future?

zeenews.india.com/technology/cyber-attackers-can-manipulate-your-whatsapp-telegram-media-files-symantec-2219353.html
Reports in May revealed that a bug in WhatsApp`s audio call feature allowed hackers to install spyware onto Android and iOS phones just by calling the target. The spyware was reportedly developed by the Israeli cyber intelligence company NSO Group.

eu.usatoday.com/story/tech/2019/07/15/whatsapp-apparently-vulnerable-hackers-intercepting-shared-photos/1732416001/
WhatsApp, which is used by over 1.5 billion people, admitted earlier this year that users were unknowingly vulnerable to malicious spyware installed on smartphones. While the messaging app didn't name the perpetrator, it urged users to update their apps as soon as possible for better protection.

www.forbes.com/sites/thomasbrewster/2019/07/10/25-million-android-phones-infected-with-malware-that-hides-in-whatsapp/

What about hacks on SIMS and CPOM?

What do the hackers gain from knowing the time that medication was dispensed? Hackers are usually in it for money, and there isn’t any money in communications about the child.

For those who (mistakenly) think it’s ok for doctors to use whatsapp, here’s some info;

“Communicating via mobile apps

NHS guidance for doctors using mobile apps which lack proper security features – such as WhatsApp – advises that 'it should never be used for the sending of information in the professional healthcare environment.'

The guidance warns that, as a consumer service, WhatsApp 'does not have a service level agreement with users and has no relevant data security certification' and, as such, should not be used to send patient information or details of clinical cases to colleagues.”

From the MDU www.themdu.com/guidance-and-advice/guides/protecting-patient-data

www.computing.co.uk/ctg/news/3078906/facebook-ftc-5bn-fine-cambridge-analytica
The US Federal Trade Commission (FTC) has approved a $5 billion settlement with Facebook over the sharing of data with political consultancy Cambridge Analytica.

The FTC opened its investigation in March last year following claims that data from approximately 87 million Facebook users had been acquired by Cambridge Analytica.