This article covers
- Who controls the data?
- What data can be uploaded?
- How long is data stored for?
- End of Licence
- Deletion Options
- Data Minimalisation
Who controls the data?
In the normal course of use, the user is in control of the data that they capture and upload. The IRIS Connect EULA and Organisation Administrator Agreement outline the controls users have:
4.5 Management of Privacy and Disclosures:
The IRIS Connect system incorporates a privacy by design philosophy which on a day-to-day basis gives Users control of the following:
4.5.1 When reflections are made and deleted
4.5.2 Who has access to reflections and how long for
4.5.3 Your participation in live reflections
4.5.4 The creation of groups and the content thereof
Day-to-day, the data is managed by the user, inducing selecting what to collect, upload, share, edit, store, categorise/tag and delete. However, ultimate ownership and control must reside with their organisation to ensure responsible data management structures.
What data can be uploaded?
- Videos - via the Record app, desktop upload, screen capture
- Audio - via call recording
- Images - via profile picture, attachment uploads to groups and reflections
- Files - via attachment uploads to groups and reflections
- Name and email address - via account creation
- Text - via commenting on reflections, writing on discussions and groups
How long is data stored for?
Uploaded data is stored on our system until
- the user deletes it
- the admin deletes it
- the organisation requests it to be deleted
- it is automatically deleted (see below)
More information can be found in Section 9 - Erasure and Return of Data of the Organisation Administrator & Data Processing Agreement.
End of Licence
At the end of your licence, if you decide not to renew, you have the option to either keep your data on our system and access it under a basic licence, request it to be deleted, or request it to be returned.
Deletion Options - User/Admin Managed
Users can delete their personal data, but organization administrators have the rights in the hierarchy to delete the user and or elements of their data.
User Managed - Reflections Library
All uploaded reflections are displayed with an uploaded date and by default are displayed in chronological order. Therefore if you need your users to delete reflections older than a certain date it should be very easy for them to locate and delete them.
Admin Managed - Safeguarding tools
Through the use of the safeguarding tools, administrators are able to see a list of what reflections a user has uploaded including the uploaded date. Administrators are able to also delete reflections from this view.
Automatic Deletion
Reflection deletion period can be configured by the user or admin. These features are request-only.
Note - Reflections that are clones or edited clips inherit the same deletion date as set on the parent reflection
Organisation-Controlled - Automatic Deletion
We offer an automatic deletion feature that can be activated upon request.
The feature works by specifying the number of days video data (reflections) can be kept for, e.g. 365 days, and then as soon as the data is older than the specified days it is then deleted. This rule applies to all users within the organisation.
When this feature is enabled an information banner is shown under the Recycle Bin section of the organisation administration panel
Please note, the deletion process is different from the standard delete process as it destroys the data, rather than trashes it, ensuring there is no option to recover the files from the recycle bin. The data will still be present in the system's backup files for 6 months before being completely deleted.
If you are an organisation administrator and would like to request this feature be enabled for your organisation please contact our support team.
User-Controlled - Automatic Deletion
We offer an automatic deletion feature that can be activated upon request. Once this is enabled, users are able to set a future date where they want their reflection to auto delete.
Please note, the deletion process is different from the standard delete process as it destroys the data, rather than trashes it, ensuring there is no option to recover the files from the recycle bin. The data will still be present in the system's backup files for 6 months before being completely deleted.
This is set under the Privacy tab of the reflection and is set on each reflection individually.
Once set it will display like this:
If you are an organisation administrator and would like to request this feature be enabled for your organisation please contact our support team.
Data Minimalisation
Anonymisation Feature
The collection of personal data can also be limited through the use of the anonymisation feature. This can be applied to the video either:
1) Pre-recording via the Record app - useful if you do not want to record a non anonymised version
2) Post-recording via the web platforms tools - useful if you wish to record a non anonymised version but maybe need to use the filter for sharing/ safeguarding compliance).
Additionally, there is a couple of organisation anonymisation settings available:
- Forced anonymisation - only the anonymised version of the video is ever captured
- Optional anonymisation - the video can be selected to be anonymised after recording
Anonymisation vs Pseudonymisation
As our system does not track student identity (other than in the video itself), if the first method is employed then the data is anonymised, if the latter method is employed then there is a case to say that this is pseudonymised data as the organisation could technically reverse this process and identify the students, even if the person with whom they have shared the video cannot. However in either case, the data is only anonymised when there is nothing in the audio to triangulate the data subjects' identities.
Additionally, it is important that schools use these tools appropriately within a solid data protection process:
- If they are capturing images of students then they should document a lawful basis for doing so and complete a DPIA.
- If they are going to share images, then they should consider if they have the appropriate data-sharing agreements in place.
- If they are going to use anonymisation tools when sharing video, they should consider if anything in the video or audio track allows for the triangulation of student identity
This tool is a useful addition to the process that allows for an enhanced level of security for data subjects when sharing video. However, as always, common sense should be used when sharing data to ensure that it is appropriate.
Please see here for a guide on using the anonymisation feature.
Editing
For information on editing please see this article
Camera Positioning
For information on camera positioning please see this article