Online applications. More than just trust?
I came across what seems to be a remarkably useful online application being promoted to schools, PlannerLive. As with all online services there is a need for schools to consider questions about privacy and the transparency of the service providers business plan before considering using the services they provide.
1. How does the service cover its costs? Answers typically include advertising (services to staff etc.), free trial period followed by subscription, selling user information or lists. PlannerLive offers no information on its web site except its all free with no limits. This is frankly not credible! There should be an honest declaration as to how the service plans to recover their investment and hosting costs.
2. If there is confirmation that it really is free and unsponsored with no cost recovery, will it still be around in a years time? What is the risk to schools who start to rely on a service if it is subsequently decommissioned or worse the URL sold on to a less trustworthy owner because it cannot be financially sustained?
3. Since there is mention of student and parent accounts, as well as being populated with staff names it's worth remembering that Schools are data controllers under the Data Protection Act 1998, and this service is acting as a data processor on the school's behalf. This means that if there is a breach of privacy, the school is responsible, not the service provider. Schools are legally obliged to understand how the privacy of their personal data is respected prior to passing it. PlannerLive offers no privacy statement that I can find. Schools should not consider passing personal data to a data processor without the data subject's explicit consent and stating the purpose in their school privacy notice.
4. Schools also need to understand something about the way the service provider operates. This includes knowing:
a. The legal entity to whom they are passing personal data, and how it is passed (e.g. is the online system populated with teacher names by sending a spreadsheet, keying it in, or extracting from an MIS report etc.). The URL of a website is not enough, and the single email address provided by 'Stuart' as a point of contact is also not enough.
b. If there is no formal contract or agreement with the service (because its free?), what remedy is there if personal data is compromised, or confidentiality breached?
c. What happens to personal data if the service is sold or decommissioned?
e. Is the service hosted in the UK or EU, or in another country?
PlannerLive needs to address the risks before schools consider signing up. I think it has great potential and could be a winner once these issues are addressed. PlannerLIVE! creator Stuart Ridout, writes a promotional blog, and according to his Twitter account (@stuartridout) is Head of ICT at a Milton keynes School.