As stated earlier, Kentucky K-12 school districts are required to establish Acceptable Use Policies (AUP’s) for appropriate technology use which conforms to the provisions of the 1998 Senate Bill 230 and the accompanying Kentucky Administrative Regulation 5:120 (701 KAR 5:120) as well as federal CIPA requirements. An AUP is a written agreement signed by students, employees, and parents/guardians which outlines the terms and conditions for using technology-based devices (voice, audio, video, and data) maintained by the district and personally owned technology-based devices used during school hours on school property. Compliance with the provisions of SB 230 and KAR 5:120 is a condition of school district participation in the offers of assistance process for education technology funds. SB 230 and KAR 5:120 address:
- Parental consent for student Internet use
- Teacher supervision of student use of technology-based devices
- Auditing procedures to determine whether education technology is being used for the purpose of accessing sexually explicit or other objectionable material
- Limiting use of email on school property to the email system approved by the Kentucky Department of Education as meeting standards for electronic mail systems
Best practice suggests that an AUP address appropriate access to and transmission of data and information as well as the use of any technology-based device maintained by the school, including any personally owned technology-based device brought into the school. Therefore, local districts may want to consider how they wish to address the following components:
- Statement that the AUP complies with state and federal laws and regulations.
- List of the roles and responsibilities for all stakeholders (employees, students, parents/guardians) when using technology resources on campus.
- Explanation of the rights and responsibilities of users when accessing district-owned resources through the Internet from technology devices both on and off campus.
- A disclaimer limiting the school district’s liability relative to:
- Information stored and/or retrieved on school technology-based devices or within district-owned resources accessible on the Internet from any location.
- Personally owned technology-based devices used on school property.
- Description of the instructional philosophies and strategies as well as the advantages gained by the district/schools in utilizing the technology resources available.
- Description of the safety measures the district undertakes to comply with Child Safety laws and regulations, with a disclaimer that these measures do not provide foolproof means for enforcing the provisions of the AUP.
- Description of the method the district undertakes to ensure system and data security, user accounts, and user privileges, with a disclaimer that these measures do not provide a foolproof means for enforcing the provisions of the AUP.
- Assurances that the policy will be enforced as well as a description of the procedures to address Acceptable Use violations, including legal action.
- Description of the ongoing awareness training opportunities for all stakeholders.
- Description of the procedures for evaluating and revising the AUP.
- AUP development/revision should involve representatives of each stakeholder group (i.e. parents, students, teachers, administrators, community members, etc.). Develop a policy which is straightforward and easy to understand. It is very helpful to draw analogies to Board policies and codes of conduct which already exist. If it is unacceptable behavior for a student or staff member to bring a paper magazine with sexually explicit pictures to school, for instance, it is unacceptable behavior for those same people to bring an electronic image of sexually explicit material into the school. If it is unacceptable behavior for a student or staff member to send someone a threatening or harassing hand-written note, it is unacceptable behavior to do the same via electronic mail. These issues are fundamentally those of behavior and personal responsibility thus, for these reasons and more, many districts have integrated their AUP into their local Student Code of Conduct and Staff Handbooks.
- Educate the staff, students and parents/guardians. Policy implementation is far more likely to be successful if the elements of Digital Citizenship are supported by the AUP and incorporated into the curriculum and awareness training of parents, students and employees.
- Develop parental consent forms as required by law. These forms should either clearly explain the Board's definition of acceptable use, provide examples of use which is not acceptable, and stipulate the disciplinary actions or other consequences which may occur if the policy is violated OR be accompanied by a copy of the actual AUP and/or related guidelines. Consent forms should be based on the principle that network access is a privilege and not a right and that the privilege of access entails responsibility.
- Although the Board policy should respect the privacy rights of students and staff, the policy should state clearly that email and other technology use is not guaranteed to be private. System administrators may periodically scan email, monitor files stored locally or on district-owned resources, both locally and Interned-based, and scan Internet use logs. Educating users and parents about district-owned Internet-based resources, such as Live@EDU email, file sharing, collaborative resources, etc. will be beneficial. Users and parents must understand that although these district-owned resources can be accessed from home, adherence to acceptable use guidelines and the district’s right to monitor and manage still applies. This aspect of an AUP might be analogous to the Board’s policy on school lockers; while generally private, lockers may be searched under certain circumstances.
STRATEGIES FOR ENCOURAGING COMPLIANCE
In addition to adopting a policy, the local Board and the schools must adopt multiple level strategies for encouraging compliance:
Preparation of educators
Teachers and others whose duties include classroom management and/or student supervision should be provided with guidance on detecting, deterring, and documenting inappropriate use, on safe-guarding personal privacy, and on dealing with unsolicited online contact as a school safety issue.
The School Council and Community: Information about the Value of the Network
Providing parents and the community with accurate and timely information about how electronic information resources are being used in the schools to support student achievement is very important. The School Based Decision Making Council is an appropriate entity to lead this education effort in the school and community with district guidance and assistance. Parent and community education can be accomplished through technology fairs, community network projects, inviting parents to participate in the classroom, and technology lending libraries which allow parents and students to work together at home.
Familiarity with the Internet and other network services will allow school councils to make more informed judgments about the use of technology throughout the curriculum. Such education efforts will also help parents make more informed judgments about media stories or second-hand information about potential risks associated with the Internet which might otherwise cause undo concern. Their appreciation of the instructional value of these resources will engage them more pro-actively in guiding appropriate use at home and working with the school to ensure that access continues to be available.
To manage the student or staff member who is determined or occasionally tempted to violate acceptable use policies, certain deterrents can be put in place:
The amount of time during which individuals have unmonitored access to the network should be minimized. For students, this means that long, individual sessions in a lab setting are not advisable. Classroom group work generally discourages inappropriate use. For staff, this means that the times when inappropriate use is most likely to occur is time the individual has in an office with a door that can be shut or a computer screen turned so that it cannot be viewed by others.
Certain network management software packages allow the systems administrator to view or intervene and "take over" a user's screen. These packages are designed for problem diagnosis, to troubleshoot network problems, and to support help desk activities. Although they are not designed to scan network activity for inappropriate use, the district may decide to use them for that purpose on an occasional basis. Regardless, if the user is informed that such scanning is feasible that fact alone may deter inappropriate use.
With implementation of Internet-use logs, schools should familiarize parents, students, faculty, and staff with the information contained in logs. The fact that these logs contain detailed information about each Internet access which can be traced to the individual user usually serves as a powerful deterrent.
A sample written agreement form is available from KSBA (Dara.Bass@ksba.org
or 1-800-372-2962, ext. 1220).