LawSense School ICT Law 2025

Date1 April 2025
Time12.00pm-4.35pm (includes breaks). Times are AEDT (Syd/Melb time)
Venue & RecordingsLive Online with recording available to view until 1 May 2025
Pricing$440
Price includes gst.
CPDAddresses 7.2 of the Australian Professional Standards for Teachers
SectorNon-State Schools

Register

Details Price Qty
Registration

This ticket is required and must be purchased.

$440.00*  

* price includes GST


Program

12.00    LawSense Welcome

12.05    Chairperson’s Remarks

Brenton Harty, Director of ICT and Privacy Officer, Presbyterian Ladies’ College, Melbourne; President, MITIE

Myles Carrick, Chief Information Officer, Knox Grammar School, Sydney

12.10    Students Online: Understanding the Implications of New Laws and Examining the Limits of School Duty of Care, Supervision and Searches

New Laws Affecting Students Online

  • Examining the new laws regarding age limits on social media, including examining impacts on:
    • a school’s duty of care regarding social media and other online activities
    • obligations to monitor online use
    • reporting of social media use contrary to age restrictions and school discipline
  • Outlining other relevant reforms

Supervision/Monitoring and Managing Devices, Including Student Activity Outside School Hours

  • Exploring the boundaries of a school’s duty of care and obligations to monitor and respond to student online activity outside school hours on their private device, a BOYD device or school device
  • Using monitoring software (“spyware”) on student managed devices:
    • what can you legally monitor and ensuring you have adequate consent
    • to what extent should you have human monitoring/ escalation to humans?
    • what is your legal exposure for an incident where a greater degree or availability of human monitoring could have prevented harm?
    • what are your responsibilities to act where the information you collect indicates a student may be at risk, including when the information arrives outside school hours

Searches of Student Devices

  • Examining the implication of the new social media age limit laws – should a school investigate and access student data if it suspects a student is breaching the new laws?
  • Understanding rights of schools to search a student’s devices, including:
    • personal phone/
    • school-provided laptop
    • cloud storage (such as email and files)
    • or firewall logs for accessed content

Optimising Policies

  • Updating and optimising policies to deal with student social media, cyber offences and new laws

Ben Tallboys, Principal, Russell Kennedy Lawyers; Legal Counsel, Association of Heads of Independent Schools of Australia (AHISA)

1.10      Break

1.20      Pymble Ladies’ College Case Study: Navigating Rights and Obligations with School Issued Phones

From 2025, Pymble Ladies’ College will seek to control what online material students can access by issuing students with limited access phones. This session explores some of the legal and compliance challenges that the school had to consider and address in implementing the program, including dealing with parents and implementing parameters for device use and monitoring.

Confirmed:

Dr Kate Hadwen, Principal, Pymble Ladies’ College

Anthony England, Director of Innovative Learning Technologies, Pymble Ladies’ College

2.10      Mental Health, Medical and Other Health Data in Schools: Navigating Particular Obligations Regarding Access, Retention and Consent

Schools can collect extensive health and wellbeing data from both students and staff, whether it be from school counselling, school nurses or medical centres, from external mental health or medical professionals, during collection of information for offsite activities, or during staff recruitment or management. This data is subject to heightened legal obligations compared to other types of data, requiring particular consideration of consent, access permissions within a school, sharing information with parents, and retention. This session examines relevant rights, obligations and best practice management and policies for schools

Outlining Particular Obligations with Wellbeing and Health Data

  • Outlining privacy and confidentiality obligations applying to wellbeing and health data in schools
  • Examining obligations regarding retention of wellbeing and health data
  • Understanding exceptions to privacy and confidentiality applying to wellbeing and health records

School Counsellors and Privacy/Confidentiality Obligations

  • School Counsellors and control of information access:
    • understanding additional professional obligations/guidelines regarding confidentiality applying to school counsellors, including registered versus non-registered psychologist
    • exploring the potential conflict between professional obligations not to disclose and duty of care obligations of school management – who “owns” the notes? Who has authority over what information is released?

School Medical or Health Centres

  • Examining professional obligations and duties of school nursing and health staff

Consent, Including Separated Parents and Required Evidence of Consent

  • Understanding who can provide consent regarding collection, use and sharing of health and wellbeing data:
    • student consent where the student is a mature minor
    • parent consent where parents are separated – when can consent be obtained from one parent only? What if parents disagree and one refuses consent?
  • Outlining key elements of a valid consent
  • Examining what evidence of consent you should require in different circumstances including:
    • where the student is a mature minor
    • where there is parent separation or disagreement
    • exploring best practice in consent forms and online consent

Implementing Best Practice School and ICT Policies

  • Exploring best practice policies to manage wellbeing and health data, navigate professional obligations of relevant staff and manage consent

Leah Mooney, Director, KPMG Law

3.10      Break

3.20      Cyber Security and Data Breaches: Examining the Implications for Schools of New Laws and Assessing Whether an Incident is an “Eligible Data Breach”  “Likely to Result in Serious Harm” Under Existing Reporting Laws

Implications of New Law Cyber Security Act 2024 (Cth)

  • Outlining key aspects of the Cyber Security Act 2024 and potential impacts on schools, including:
    • dealing with the Cyber Incident Review Board
    • mandatory reporting of ransomware payments

Case Studies – Assessing Eligible Data Breach

  • Outlining obligations to assess data breaches, including where the breach occurred with a third-party supplier
  • Determining whether a data breach is an “Eligible Data Breach” and therefore reportable, including:
    • determining unauthorised access to or disclosure of personal information, or a loss of personal information
    • it is likely to result in serious harm to one or more individuals
    • the likely risk of serious harm has not been able to be prevented with remedial action
  • Learning from case studies and scenarios:
    • what does the law consider as likely to result in serious harm?
    • determining when you would not report the breach

Gina Tresidder, Principal, Russell Kennedy

4.20      Final Comments from the Chair

4.35      Event Close

Presenters / panelists include:

Brenton Harty boasts four decades of experience in education, spanning roles as a teacher, digital learning manager, and ICT Manager within both government and independent schools. Presently, he holds the dual roles of Director of ICT and Privacy Officer at Presbyterian Ladies’ College Melbourne, while also serving as President of MITIE, a national organization dedicated to representing ICT professionals in the education sector.
With over 15 years of experience in technology leadership and software engineering, Myles Carrick has a passion for leveraging cloud-native architecture, agile methodologies, and user-centric design to create impactful and scalable products and services for the education sector.
Prior to joining Knox Grammar School in January 2023, Myles was the Head of Engineering at Intellischool, a fast-growing edtech startup that provides K12 education analytics and insights. Before that, Myles was the Head of Technology for Enterprise and Operations at Domain Group, where he managed the business technology teams across sales, marketing, finance, HR, and IT.
Ben Tallboys provides sector-specific, practical legal solutions to schools across Australia. Ben is a passionate and effective advocate for principals dealing with complex matters relating to parents, staff and students, as well as their own employment.
Leah Mooney is a cyber security and privacy professional best known for helping organisations to identify and understand cyber risk, data breach management and cyber resilience planning. Leah is a legal consultant for MinterEllison. As part of this role she coaches clients affected by data breaches in the strategic management of their legal and regulatory obligations.
Gina Tresidder has a wealth of experience advising on all aspects of IP, including trade marks, designs, copyright, confidential information, domain names and consumer protection matters. Gina also has significant technical expertise in structuring a range of software and technology agreements for both acquirers and suppliers of IT services and products and has a keen interest in, and advises on, Australia's evolving privacy and data protection landscape.

Terms & Conditions