How’s privacy controls provide flexibility for your school

Author: Tony Sheppard CIPP/E

Edtech companies don’t often get the chance to explain how each of their products is designed to support schools’ needs from a privacy point of view.

Most of the time, any information they do provide is simply to allow Data Protection Officers to tick off things in a risk assessment, make sure that any procurement can be completed, and outline some basic information to go into the school’s Privacy Notice.

So, we’re going one step further!

Here, we’ll set out the privacy controls available in and how those combine with your school’s security needs (one of the data protection principles) to provide peace of mind and help you better understand how to make the most of its tools.

NetSupport’s role

As our newest product, has been able to take on a lot of the feedback we had already received from our other edtech solutions, allowing us to select the best features.

Due to being cloud-based and hosted by NetSupport, in the UK, that makes us a Data Processor on behalf of any school or group that uses it. We know and understand how important this is and have tried to improve the transparency about how we support you by publishing a clear Data Processing Agreement to go alongside our T&Cs. We are always looking at ways we can improve this, so feel free to let us know what you think.

Let’s look at what we can do within in terms of privacy and security.

Ensuring the correct level of staff access

Firstly, we make use of staff user details as part of logging in and giving them access to classes and safeguarding information. What sections of the platform they have access to is up to you. You can do it by the role of the user, by which ‘site’ in the platform, or a mixture.

There are five roles, which can be combined depending on what you want staff to do – or not to do!

1. ORGANISATION ADMIN – This is the highest level of access, allowing the user complete control over all sites and all functions, including safeguarding. This is typically given to your senior technical members of staff, who have responsibilities for installation of software, management of accounts and integration with different systems. It is a highly trusted role.

2. SITE ADMIN – This allows access to all configurations and settings within a specific ‘site’. If you are a MAT or have structured the organisation of the platform to separate out areas of your school(s), you can give access just to that site or groups of sites. This does not cover safeguarding, so it’s a handy way to let some technical staff manage the platform without providing access to any safeguarding functionality.

3. TEACHER – This allows teachers to be able to deliver teaching and learning within allocated sites. Again, this means that you can control which devices these staff can or cannot connect to, keeping things secure between different sites. Teachers can be allocated to one or multiple sites.

4. SAFEGUARDING ADMIN – This is an organisational role, allowing full access and control of the safeguarding functionality. This can be a role on its own or combined with that of a Site Admin or a Teacher.

5. SAFEGUARDING USER – Similar to Site Admin, this allows access to Safeguarding functionality for specific sites. This can be a role on its own or combined with that of Site Admin or Teacher. Where it is combined with either of these roles, the sites the Safeguarding User has access to will align with those already set for the Site Admin or Teacher role.

By allowing individual roles, a combination of roles and the delegation to look at specified sites, we have aimed to provide schools with more flexibility on controlling staff access to This is key to ensure that staff only have access to the areas and information required for their jobs.

SIS integration

Many schools already have platforms that help manage which students are in which classes, and which staff are designated as teachers or other roles. This could be Microsoft 365, Google Workspace or Classlink. By integrating with these systems, can ensure that the right students are grouped together and which staff can run those classes.

Controlling connection times and locations

When we look at how we connect to devices or gather safeguarding information from them, we provide a range of options. As there is an increase in using mobile devices with learners, whether laptop schemes or BYOD, schools must take into consideration when and where the device and the learner may be at any given time. Where a device is fixed within a classroom or a laptop trolley, remaining in school all the time, there is little need to change anything to consider devices not on-site. However, a student-owned/controlled device needs some careful management.

You can decide whether there are any dates when you don’t want staff connecting to student devices for lessons. Typically, this will be excluding the date ranges for holidays, whether half-terms, Christmas, Easter or Summer, or maybe inset days and Bank Holidays. You can also exclude days of the week, and also set to only connect at given times, maybe between 8.30am and 3.30pm, depending on the school day.

This gives enough flexibility so that teachers can still include learners in a class when they are isolating at home, but not outside of school hours. It may be that you don’t want to connect to students at home at all, and so you could restrict the connections to IP ranges, only allowing connections when a device is on the school IP range.

For some device types (e.g., Windows), you can even specify that you can only connect when on a particular wireless network. You can set it so that the learner has to grant access to the teacher before the learner’s device joins a lesson – and, likewise, you can set it so that if the teacher wants to operate the remote control, access has to be granted by the learner.

In the same way, there are privacy controls for the safeguarding functionality. Depending on the school’s approach to safeguarding, you might only want to monitor devices when in school, or during school term time, or simply during the school day. These are all decisions that your school can take based on your particular circumstances.

Flexibility and security for your school

The risk assessment (DPIA) a school would undertake when looking at tools such as should look at and consider these areas, and we hope we have provided sufficient options to allow your school to make choices that are healthy for your learners and supportive of your staff – and to maximise the benefits for learning and safeguarding.

Combined with the clear information from the Data Processing Agreement around using best of breed cloud solutions for security and resilience, a careful approach to data minimisation and data retention, and ensuring that we only work with tried and trusted partners as sub-processors to ensure personal data is only processed as instructed by you, we think we have really changed the way edtech vendors should be helping and supporting schools around privacy and security.

If you need any more help or information on any of these points, please contact us.

About the author

Tony Sheppard CIPP/E is an experienced education technician, school senior leader, governor, consultant, Data Protection Officer, privacy professional and Pre-Sales Consultant at NetSupport.

Pointing animation - it's as easy as ABC...

Get the most out of your classroom technology – be up, running and delivering tech-enhanced learning in no time with!