Social Networking Sites: Information Governance Issues

ROBERT GORDON UNIVERSITY
ABERDEEN BUSINESS SCHOOL

DEPARTMENT OF INFORMATION MANAGEMENT
INFORMATION GOVERNANCE
SOCIAL NETWORKING SITES: INFORMATION GOVERNANCE ISSUES
By
EVAGGELOS (VAGELIS) VARFIS
WORD COUNT: 2,775
2010-03-20
1
TABLE OF CONTENTS
1. INTRODUCTION……………………………………………………………………………………3
2. INFORMATION GOVERNANCE (OVERVIEW)……………………………………….4
3. PII (PERSONAL IDENTIFIABLE DATA)………………………………………………..5
4. SOCIAL NETWORKING AND TEENAGERS…………………………………………..6
5. SOCIAL NETWORKING AND ADULTS………………………………………………….7
5.1 THREATS ON PRIVACY/PERSONAL DATA AND SECURITY FLAWS…7
5.1.1 FACEBOOK……………………………………………………………………………………….7
5.1.2 TWITTER………………………………………………………………………………………….8
5.1.3 GOOGLE BUZZ…………………………………………………………………………………8
5.1.4 MYSPACE………………………………………………………………………………………..9
5.1.5 LINKEDIN………………………………………………………………………………………..9
6. IMPLICATIONS………………………………………………………………………………………10
6.1 DATA MINING…………………………………………………………………………………..10
6.2 TARGETED ADS…………………………………………………………………………………10
6.3 EMPLOYMENT…………………………………………………………………………………….10
6.4 IDENTITY THEFT…………………………………………………………………………………11
6.5 SPAMMING………………………………………………………………………………………….11
6.6 ETHICAL ISSUES/CONTROVERSIES………………………………………………….11
6.7 CYBEBULLYING AND CYBERSTALKING……………………………………………….12
7. RECORDS MANAGEMENT AND FREEDOM OF INFORMATION (FOI)………..13
8. DATA PROTECTION-SUGGESTIONS…………………………………………………………14
8.1 LEGAL ASPECT……………………………………………………………………………………..14
8.2 TECHNOLOGICAL ASPECT…………………………………………………………………….14
REFERENCES/BIBLIOGRAPHY
APPENDICES
APPENDIX 1
APPENDIX 2
APPENDIX 3
APPENDIX 4
APPENDIX 5
APPENDIX 6
2
1. INTRODUCTION
An important role, on bringing people together closer, are the online social networking
sites (SNS) like Facebook, Twitter, LinkedIn, MySpace and more recently Google Buzz.
Some of the features of these SNSs allow to users to display pictures –from their
personal background-, comments, thoughts, ideas, opinions. There are functions from
the very same sites which tend to allow, for their users, to expose their personal data,
like address, telephone. Albeit, the SNSs provide all the necessary guarantees –
information security- that these personal data are secure and visible to a selected
number of users, according to the settings that have been made by each user.
Despite the fact that all measures have been taken by the SNSs some crevices on their
security have damaged their reliability. However, the personal data of their users have
been exposed publicly–maybe-, without their consent.
3
2. INFORMATION GOVERNANCE –An overview-
“Information governance is the specification of decision rights and an accountability
framework to encourage desirable behavior in the valuation, creation, storage, use,
archival and deletion of information. It includes the processes, roles, standards and
metrics that ensure the effective and efficient use of information enabling an
organization to achieve its goals.” (Logan 2010).
4
3. PERSONAL IDENTIFIABLE INFORMATION (PII)
“Personal identifiable information (PII) is information which can be used to distinguish or
trace an individual’s identity either alone or when combined with other information that
is linkable to a specific individual.” (Krishnamurthy, Wills 2009).
Based on this definition, users’ personal data are available to third-party servers without
the prior knowledge of the users.
5
4. SNSs AND MINORS
One of the most active communities regarding SNSs are the teenagers and at the same
time they are more vulnerable due to their age. Without realizing the consequences
teenagers are willing to reveal online their thoughts, behavior, pictures. Lenhart in a
search quoted by Barnes (2006) reports that: “81 per cent of parents and 79 per cent of
online teens are not careful enough about giving out their personal information”.
Parents who give their permission to their children so that they can be connected online
and probably use SNSs should be more aware of the dangers that lurk.
The European Commission in a report, quoted by Hart (2010), shows that “50 per cent
of European teens give out personal information online. It also found that only a third of
SNSs responded to user reports asking for help, and 11 of 22 social networking sites
allow private profiles to be usable through search engines”. The lack of efficient and
sufficient information security on behalf of SNSs is sustained by the fact that sexual
predators locate their victims through SNSs.
One of the basic principles of information governance is the deletion of information
under certain conditions. Especially, for the SNSs it is vague if there is policy on deleting
all personal information after the decision of a user to deactivate or delete his/her
account. On the SNSs privacy policy there is not any provision regarding the disposal of
the teenagers’ personal information in case they delete their accounts. The latter
indicates, suggests that the teenagers’ personal data are being kept stored, which could
be detrimental for their current life but for their future life, as well, as adults.
6
5. SOCIAL NETWORKING AND ADULTS
5.1 THREATS ON PRIVACY OF PERSONAL DATA AND SECURITY FLAWS
When it comes to information governance some of the key areas that define this field
are the information security, the privacy personal data. Any leakage, flaw could be
detrimental for the organizations-SNSs- and for their users.
“The relation between privacy and a person’s social network is multi-faceted. In certain
occasions we want information about ourselves to be known only by a small circle of
close friends and not by strangers. In other instances we are willing to reveal personal
information to anonymous strangers but not to those who know us better”. (Gross and
Acquisti 2005)
5.1.1 FACEBOOK
One of the weaknesses that the Facebook has is the fact that the abundant provision of
data, from its users, on their profile information, residence, phone number is possible for
a stalker to locate the user. It would be a form of cyberstalking.
Facebook’s privacy settings and its weaknesses could be located on the search settings:
“When I checked my search settings the option to index my profile by search engines
had been turned on. This is despite the fact that I had explicitly turned off this setting
when Facebook launched public search listings two years ago. If you do not want search
engines like Google and Bing to index your profile, do yourself a favor and make sure
those settings are still set the way you want them to be. “(Paul 2009)
Another weakness, regarding Facebook’s private settings is the password protection
layer:
“Once I had chosen to exclude my Facebook profile from public search engines, I left my
privacy settings page and returned to my profile (your settings are saved automatically).
But, when I went to my privacy settings, the pages were wide open with no password
requirement. I tested this out on several browsers and operating systems, I also signed
out and back several times to see if that would change anything. The password
protection eventually came back after half an hour or so, but that was far too long.
“(Paul 2009)
“Facebook’s “advanced search” allows one to query the database of users, using any of
the fields in a profile. The problem is that when people hide their profile page, they
expect the information on it to remain private. An MIT student could write “getting
drunk” as an interest and set their profile so that only their friends could see their
profile, expecting that this information is secure. This information is not actually secure
unless they also exclude their profile from searches. An advanced search for “getting
7
drunk” would still associate the student’s name with this string” (Jones and Soltren
2005).
Another problem, on Facebook security:
“A high school student at an MIT summer program discovered that by changing the
server in the query URL from “mit.facebook.com” to “school.facebook.com” he could
perform the query on any school without having a valid account for that school. He also
discovered that most fields are indexed by ID number, so he was able to systematically
query who lived in dorm “101”, “102” etc, until he had a comprehensive list of where
everyone said they lived in profiles.” (Jones and Soltren 2005).
5.1.2 TWITTER
Twitter is another popular SNS. Some of its security flaws, its vulnerability history is
illustrated by the following flaws:
“Regarding the phishing attacks, when you get an email: “hey! Check out this funny blog
about you…” when clicking on the link you get redirected to a Twitter look-a-like site.
Once you enter your login name and password, the fake site captures these details and
probably redirected to the original Twitter site” (BlogSec News 2009)
Another security flaw has been found on Twitter’s flash widget, according to Perez
(2010): “the security flaw in Twitter’s flash-based website widget may have allowed
attackers access to the login credentials of any Twitter user”.
Another security failure –of Twitter- is that the specific SNS failed to deal effectively with
the URL shortening. According to Goodchild (2009): “the URL shortening makes it much
easier for hackers to send out faulty or malicious links”.
5.1.3 GOOGLE BUZZ

A new SNS which was launched quite recently is Google Buzz. The most important
security and privacy flaw is trace on the following:
“By default the people you follow and the people that follow you are made public to
anyone who looks at your profile. In other words, before you change ay settings in
Google Buzz someone could go into your profile and see the people you email and chat
with most.” (Carlson 2010)
8
5.1.4 MYSPACE
Another information governance issue on security flaws and privacy of personal data,
concerning MySpace is the fact that:
“A backdoor in MySpace’s architecture allows to anyone who is interested to see the
photographs of some users with private profiles – including those under 16- despite
assurances from MySpace that those pictures can only be seen by people on a user’s
friend list. Information about the backdoor has been circulating on message boards for
months.” (Poulsen 2008)
5.1.5 LINKEDIN
Another social networking site whose vulnerability exposes its users is LinkedIn.
“The flaw which affects only the IE (Internet Explorer) version of the toolbar, would
allow a malicious website to hijack the user’s browser and potentially their PC.” (Security
Watch 2007).
9
6. IMPLICATIONS
6.1 DATA MINING
“Data mining is the process where from financial services companies to marketers are
collecting personal data from social networks for their own unique use” (TechNews World
2010). This phenomenon, of data mining namely, is due to the fact that people are
willing to share their personal information. The non-restricted privacy policy of the SNSs
has enabled these companies to collect all these personal data which are useful for their
commercial purposes. “The next step will be the analysis of your online friends’ data for
example, scoring credit ad other data mining uses that involve the ‘birds of a feather
flock together’ idea”. (TechWorld News 2010)
6.2 TARGETED ADS

A problem located on users’ privacy, is located on SNSs. This means that:
“Companies are able to create user profiles by serving and tracking cookies from
hundreds of websites using sophisticated algorithms, they assign users to different
categories by interest, but they never identify you specifically. Based on the collected
information they are able to show you and other people, like you, relevant advertising.
“(Iskold 2007)
6.3 EMPLOYMENT
Millions of people use social networking sites. Most of these people work for an
organization (company, university, government etc.) or people who are searching for a
job. By virtue of the fact that there are some crevices on the privacy settings and policy
– by extension on information governance- on behalf of the SNSs, the employees (or
potential employees) are under a pending danger.
At the same time it is an ethical issue. However, an information governance issue is the
fact that there are some gaps regarding the SNSs’ personal data and privacy policy.
“The use of Facebook by potential employers is not addressed the Terms of Use for
Facebook. It does not mean a employer cannot access your information for commercial
purposes, like research to make a hiring decision.”(Potter 2008)
10
6.4 IDENTITY THEFT
Another implication caused by SNSs due to security flaws at the expense of their users is
the phenomenon of identity theft.
“When a person’s hometown is known, the window of the first three digits of the user’s
Social Security Number (SSN) can be identified with probability decreasing with the
home state’s populousness. When that person’s birthday is also known and an attacker
has access to SSNs of other people with the same birth date in the same state as the
target (for example obtained from the SSN death index or from the stolen SSNs ), it is
possible to pin down a window of values in which the two middle digits are likely to fall.
The last four digits (often used in unprotected logins and as passwords cab be retrieved
through social engineering. Since the vast majority of the Facebook profiles not only
include birthday and hometown information, but also current phone number and
residence (often used for verification purposes by financial institutions and other credit
agencies), users are exposing themselves to substantial risks of identity theft.” (Gross
and Acquisti 2005)
6.5 SPAMMING
Security flaws from SNSs allow to spammers to find ways to access to users’ personal
data. “That means that the personal email can be hacked” (Virzi 2009).
6.6 ETHICAL ISSUES/CONTROVERSIES

Some of the ethical issues that have been arisen:
“Facebook is changing what it seems to be Publicly Available Information (PAI) with
almost no recourse for the user to control this – a change that does not sit well with the
EFF (Electronic Frontier Foundation). Information under the PAI umbrella includes your
profile picture, friends list, fan pages, gender, geographic region, and networks (school,
work). There is no almost no recourse to protect any of this information. To illustrate
how important this setting could be, the EFF points out that you may belong to a fan
page that supports or condemns gay marriage. Since this is such a controversial issue,
that may be a position you are not willing to share with co-workers, fellow church
members, or other Facebook friends.” (Paul 2010)
One other information governance issue related to records management is the question
whether “the SNSs gather personally identifiable information from the users should store
or share it” . (Oak 2008)
11
6.7 CYBERBULLYING AND CYBERSTALKING
For more details, about cyberbullying, please refer to Appendix 1.
For more details about cyberstalking, please refer to Appendix 2.
12
7. RECORDS MANAGEMENT AND FREEDOM OF INFORMATION (FOI)
With the extensive use of social networking sites, somebody would logically assumed
that the sites themselves would have developed a complete records management policy,
as every other organization would in public or private sector. The case in point, the
question is whether these sites maintain records or not.
For example, public services which use social media (social networks are included) for
the purposes of their service are liable to certain rules for electronic records
management (see Appendix 3).
The logical question is whether the SNSs use electronic records management policy, on
the personal information that they hold. Another question that accrues is what happens
with the user’s personal data in case the user decides to terminates his/he account or if
the user is deceased. For how long are his/her data going to be stored by the SNSs. Is
there a policy on disposing the information after a certain period of time?
These are some of the obscure areas that should highlight.
FOI is addressed and can be applied to public services. However, FOI does not apply to
SNSs. Some of the obscure areas that need to be highlighted is about what happens id
elected officials use SNSs. Do their comments on SNSs constitute public records? It is
vague on whether the users have the right to demands from SNSs all their personal data
any time. It is an ongoing issue which can only be clarified, not by individual opinions
but by enacting the right legislation.
13
8. DATA PROTECTION-SUGGESTIONS
8.1 LEGAL ASPECT
SNSs should comply according to their users’ need. In case they do not comply, then it
is the legislatures’s turn to impose to these companies to follow certain rules.
Therefore, realizing the need to follow the current technological developments the
authorities proposed the enactment of the “Social Networking Safety Act” (appendix 4).
Highlighting the most important excerpts, there is provision for important issues.
“The proposed legislation creates a civil right of action for customers who are offended
by what they read on MySpace or Facebook. It allows the social network provider to sue
customers who post “sexually offensive” or” harassing” communications.
The bill requires social network providers to design their user interfaces with icons that
they will allow customers to report “sexually offensive” or “harassing” communications.
Moreover, the social network provider must investigate complaints, call the police when
“appropriate” and banish offenders.
Finally if the social network provider fails to take action, it can be sued ofr consumer
fraud.” (Barber 2009)
Moreover, according to an advisory body of the European Union about protection and
privacy (appendix 5), suggests what measures should be taken in order for SNSs to be
more efficient on data protection. Epigrammatically, this advisory body based on EU data
protection regulation gives guidance, advices on certain –obscure- areas:
• Security and default privacy settings
• Information to be provided by SNSs
• Processing data of non members
• Third party access
• Legal grounds for direct marketing
• Retention of data
• Right of the users
8.2 TECHNOLOGICAL ASPECT

For all these users who have been facing problems, regarding their professional or
personal life, by the extensive use SNSs, they could resolve this problem by themselves.
With the usage of a software (appendix 6) they could delete themselves –if they are
users of Facebook, Twitter- and consecutively their names/nicknames will stop
appearing on public search engines. Moreover, in case the users want to carry on with
14
their social networking activity, they should enforce to the maximum the privacy
restrictions which are given by the SNSs in order to ensure to a certain extent that there
will not be any malevolent act by another user or third party company. Also, the users
should generate safe, strong and secure passwords in order to maintain the certainty
that they are safe from other users.
15
BIBLIOGRAPHY/REFERENCES
1.BARBER, G. 2009. A social networking safety act. [online] 25 March 2009. Available
from: http://www.freedom-to-tinker.com/blog/grayson/social-networking-safety-act
[Accessed 3 March 2010]
2. BARNES B., SUSAN, 2006. A privacy paradox: social networking in the United States.
First Monday. [online]. 11 (9). Available from:
http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/1394/1312
3. BRADLEY, T., 2009. Protect your privacy settings on Facebook and Twitter. [online].
San Franscisco, CA: PCWorld. Available from:
http://www.pcworld.com/article/172604/protect_your_privacy_on_facebook_and_twitter
.html [Accessed 3 March 2010].
4. CARLSON, N., 2010. Warning: Google Buzz has a huge privacy flaw. [online]. Silicon
Valley: Business Insider. Available from: http://www.businessinsider.com/warning-
google-buzz-has-a-huge-privacy-flaw-2010-2 [Accessed 2 March 2010].
5. Council Regulation (EC) 01189/09 on online social networking
6.FITZGERALD, M., 2009. How Facebook and Twitter are changing data privacy rules.
[online]. Oslo: ComputerWorld. Available from:
http://news.idg.no/cw/art.cfm?id=D14C9B49-1A64-6A71-CEBB8DE087527FB6
[Accessed 4 March 2009].
7.GOODCHILD, J., 2009. 3 ways Twitter security falls short. [online]. Framingham, MA:
CSO online. Available from:
http://www.csoonline.com/article/481236/3_Ways_Twitter_Security_Falls_Short
8.GROSS, R. and ACQUISTI, A., 2005. Information revelation and privacy in online
social networks. Available from:
http://privacy.cs.cmu.edu/dataprivacy/projects/facebook/facebook1.pdf Workshop on
Privacy in the Electronic Society (WPES). 7 November 2005. Alexandria: Virginia
16
9.HOWARD B., A., 2009. Twitter security risks popularity spark regulatory concerns.
[online]. Needham, MA: TechTarget. Available from:
http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1359732,00.h
tml [Accessed 2 March 2010].
10. ISKOLD, A., 2007. Privacy and personalization: from clickstream to targeted
advertising. [online]. ReadWriteWeb. Available from:
http://www.readwriteweb.com/archives/privacy_and_personalization.php [Accessed 2
March 2010]
11.JONES, H., SOLTREN H., J., 2005. Facebook: threats to privacy. [online].
Dissertation, MIT. Available from:
http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall05-
papers/facebook.pdf [Accessed 1 March 2009]
12.KRISHNAMURTHY, B., WILLS E., C., 2009. On the leakage of personally identifiable
information via online social networks. Available from:
http://www2.research.att.com/~bala/papers/wosn09.pdf 3rd Workshop of Online Social
Networks. 17 August 2009. Barcelona: ACM SIG COMM. pp. 7-12
13. LOGAN, D., 2010. What is information governance and why is it so important?
[online]. 11 January 2010. Available from:
http://blogs.gartner.com/debra_logan/2010/01/11/what-is-information-governance-
and-why-is-it-so-hard/
14.OAK, M., 2008. Ethical issues of internet privacy. [online]. Buzzle. Available from:
http://www.buzzle.com/articles/ethical-issues-of-internet-privacy.html [Accessed 2
March 2010].
15.OPSAHL, A., 2010. Twitter and government transparency. [online]. Folsom, CA:
Government Technology. Available from: http://www.govtech.com/gt/articles/738213
16.PAUL, I., 2009. Facebook’s new privacy settings: 5 things you should know [online].
San Fransisco, CA: PCWorld. Available from:
17
http://www.pcworld.com/article/184188/facebooks_new_privacy_settings_5_things_you
_should_know.html?loomia_ow=t0:s0:a38:g26:r2:c0.001062:b29593330:z0 [Accessed
2 March 2010].
17.PCMAGAZINE.SECURITY WATCH 2007. LinkedIn vulnerability exposes users. [online].

New York: PC Magazine. Available from:
http://blogs.pcmag.com/securitywatch/2007/07/linkedin_vulnerability_exposes.php
http://searchcompliance.techtarget.com/news/article/0,289142,sid195_gci1359732,00.h
tml [Accessed 2 March 2010]
18.PEREZ , S., 2010. Security flaw found in Twitter’s flash widget. [online]. 25 January
2010. Available from:
http://www.readwriteweb.com/archives/security_flaw_found_in_twitters_flash_widget.p
hp [Accessed 1 March 2010].
19.POTTER, L., 2008. Legal and ethical issues when employers check applicants’ social
networking sites. [online]. 22 February 2008. Available from:
http://lespotter001.wordpress.com/2008/02/22/legal-and-ethical-issues-with-
employers-checking-social-networking-sites/
20.POULSEN, K., 2008. MySpace buy leaks “private” teen photos to voyers. [online].
Wired News. Available from:
http://www.wired.com/politics/security/news/2008/01/myspace
21. SCHNEIER, B., 2009. Social networking identity theft scams. [online] 8 April 2009.
Available from: http://www.schneier.com/blog/archives/2009/04/social_networki.html
22. SMITH, J., 2009. 10 powerful ways to target facebook ads every performance
advertiser should know. [online]. Palo Alto, CA: InsideNetwork. Available from:
http://www.insidefacebook.com/2009/07/27/10-powerful-ways-to-target-facebook-ads-
that-every-performance-advertiser-should-know/
18
23.SNOL, L., 2009. 2010s top security threats: Facebook, Twitter and iphone apps.
[online]. San Fransisco, CA: PC World. Available from:
http://www.pcworld.com/article/185661/2010s_top_security_threats_facebook_twitter_
and_iphone_apps.html [Accessed 1 March 2010].
24. SUICIDEMARCHINE, 2010. Web 2.0 suicide machine. [online]. Rotterdam: Suicide
Machine. Available from:
http://www.monstersandcritics.com/tech/features/article_1528934.php/Dutch-software-
helps-kill-personal-data-on-internet
25.VIRZI M. , A., 2009. Twitter, spam and security. [online]. New York. ClickZ. Available
from: http://www.clickz.com/3634497 [Accessed 2 March 2009]
26.TECHNEWSWORLD. SKIPEASE 2010. Data mining of personal information from social

network profiles on the rise. [online]. 21 January 2010. Available from:
http://www.skipease.com/blog/data-mining/data-mining-information-from-your-social-
network-profile/ [Accessed 2 March 2010]
19
Appendix 1
Cyberbullying
Safe to Learn: Embedding

anti-bullying work in schools
This guidance was developed for the Department for Children, Schools and Families (DCSF) by Childnet
International and in consultation with the DCSF Cyberbullying Taskforce, on which representatives of the
following organisations sit (in alphabetical order):
Anti-Bullying Alliance (ABA) Mobile Broadband Group

AOL (UK) limited National Association of Head Teachers (NAHT)
Association of School and College Leaders (ASCL) The National Association of Schoolmasters / Union of
Association of Teachers and Lecturers (ATL) Women Teachers (NASUWT)
BBC National Governors’ Association (NGA)
Beatbullying National Society for the Prevention of Cruelty to Children
Bebo (NSPCC)
Becta National Union of Teachers (NUT)
Child Exploitation and Online Protection Centre (CEOP) O2
Childnet International Orange
Children's Charities' Coalition for Internet Safety Parent Governors Representatives Network
Cyberspace Research Unit, University of Central Professional Association of Teachers (PAT)
Lancashire The Carphone Warehouse
Department for Business, Enterprise and Regulatory The Samaritans
Reform (BERR) T-Mobile UK
Fox Interative Media / MySpace Unison
Get Connected Unit for School and Family Studies, Goldsmiths, University
Google / YouTube of London
Home Office Vodafone
Kidscape Yahoo! UK & Ireland
London Councils Youth Justice Board (YJB)
Microsoft (MSN and Windows Live services) York St John University
Ministry of Justice (MoJ)
The Department would also like to thank the staff and pupils at Avenue Primary School, Leicester, and Hamilton
Community College, Leicester, for contributing to the development of this guidance.
01
Contents
GUIDANCE
Executive summary 03
1. Understanding cyberbullying 06
• What is cyberbullying and why do schools need to take it seriously? 06
• The context: young people and technology 10
• Forms that cyberbullying can take 11
• How is cyberbullying different to other forms of bullying? 13
• Brief introduction to the technology 15
2. Preventing cyberbullying
• Taking a whole-school community approach 22
• Understanding and talking about cyberbullying 23
• Updating existing policies and practices 24
• Making reporting cyberbullying easier 25
• Promoting the positive use of technology 27
• Evaluating the impact of prevention activities 28
3. Responding to cyberbullying 30
• Cyberbullying is a form of bullying 30
• Support for the person being bullied 31
• Investigation 35
• Working with the bully and applying sanctions 37
FURTHER RESOURCES
A. Key advice to parents and carers on cyberbullying 40

B. Key advice to children and young people on cyberbullying 42
C. What children and young people say 44
D. Useful websites and resources 46
E. Case study: Letter inviting parents to cyberbullying information event 48
F. Case study: Information letter on sanctions 50
G. Case study: Example Acceptable Use Policy (AUP) 51
02 Safe to Learn: Embedding anti-bullying work in schools
cyberBullying:
Guidance
As more and more schools are having to respond to Quote from a pupil:
the growing challenge of cyberbullying, it is vital that
schools understand the issue, know how to prevent “I felt that no-one understood what I was going
and respond to incidents, and are updated on the through. I didn’t know who was sending me these
legal issues surrounding this challenging subject. messages, and I felt powerless to know what to do.”
The DCSF has worked with children’s charity Quote from a parent:
Childnet International to provide this guidance,
which forms part of the anti-bullying guidance Safe “Having my daughter show me text messages from
to Learn: Embedding Anti-Bullying Work in Schools. nearly everyone in her class all saying derogatory
You will be able to find important information and things about her was devastating.”
clear advice on the subject, and review how your
school takes action. Quote from a staff member:
“The internet and mobile phones have such positive “The accusation about me which the students put on
power to transform children’s lives for the better. their website was horrendous. Within hours it seemed
However, when they are misused, they can cause real that the whole school had read this message.”
pain and distress. Childnet is delighted to have worked
with the DCSF and with members of the Cyberbullying
Taskforce in drawing up this guidance which we hope
will be of real practical help to schools.”
Childnet International
Childnet has produced a summary of this guidance

and a film for schools to use in addressing this issue,
which are available at www.digizen.org
GUIDANCE 03
Executive summary
Executive summary
Understanding cyberbullying to regulate the conduct of pupils when they are

off-site and provides a defence in relation to the
1. Cyberbullying can be defined as the use of confiscation of mobile phones and other items.
Information and Communications Technology (ICT),
particularly mobile phones and the internet, 4. Although cyberbullying is not a specific criminal
deliberately to upset someone else. It can be an offence, there are criminal laws that can apply in
extension of face-to-face bullying, with technology terms of harassment and threatening and menacing
providing the bully with another route to harass their communications. Schools should contact the police
target. However, it differs in several significant ways if they feel that the law has been broken.
from other kinds of bullying: the invasion of home
and personal space; the difficulty in controlling 5. Cyberbullying takes different forms: threats
electronically circulated messages; the size of the and intimidation; harassment or “cyber-stalking”
audience; perceived anonymity; and even the profile (e.g. repeatedly sending unwanted texts or instant
of the person doing the bullying and their target. messages); vilification / defamation; exclusion or
peer rejection; impersonation; unauthorised
2. Research into the extent of cyberbullying publication of private information or images
indicates that it is a feature of many young people’s (including what are sometimes misleadingly referred
lives. It also affects members of school staff and other to as ‘happy slapping’ images); and manipulation.
adults; there are examples of staff being ridiculed,
threatened and otherwise abused online by pupils. 6. Some cyberbullying is clearly deliberate and
aggressive, but it is important to recognise that
3. Cyberbullying, like all bullying, should be taken some incidents of cyberbullying are known to be
very seriously. It is never acceptable, and a range of unintentional and the result of simply not thinking
Education Acts and government guidance outline about the consequences. What may be sent as a joke,
schools’ duties and powers in relation to bullying. may not be received as one, and indeed the distance
The Education and Inspections Act 2006 (EIA 2006) that technology allows in communication means the
includes legal powers that relate more directly to sender may not see the impact of the message on
cyberbullying; it outlines the power of head teachers the receiver. There is also less opportunity for either
party to resolve any misunderstanding or to feel 10. It is important to review and update existing
empathy. It is important that pupils are made aware anti-bullying, behaviour and pastoral care policies
of the effects of their actions. to include cyberbullying. Ensure that learners,
parents and staff are all aware of the procedures
7. In cyberbullying, bystanders can easily become and sanctions for dealing with cyberbullying,
perpetrators – by passing on or showing to others including bullying that takes place out of school.
images designed to humiliate, for example, or by
taking part in online polls or discussion groups. They 11. It is advised that schools establish, or review
may not recognise themselves as participating in existing, Acceptable Use Policies (AUPs), referencing
bullying, but their involvement compounds the responsible use of school IT networks and
misery for the person targeted. It is recommended equipment, Virtual Learning Environments (VLEs)
that anti-bullying policies refer to those ‘bystanders’ and mobile phones. It is also recommended that
– better termed ‘accessories’ in this context – who schools review how the school network is monitored
actively support cyberbullying and set out sanctions and check whether existing procedures are
for this behaviour. It is important that pupils are adequate.
aware that their actions have severe and distressing
consequences and that participating in such activity 12. It is recommended that schools record and
will not be tolerated. monitor incidents of cyberbullying in the same way
as all other forms of bullying. Schools can use this
Preventing cyberbullying information to develop their policies and practices.
8. It is important to decide on the roles and 13. Publicising reporting routes is an important
responsibilities for cyberbullying prevention work. element of prevention, raising awareness of the issue
This will typically involve a named lead from the but also ensuring that any incidents can be stopped
senior management team (usually the person with before they become too serious or upsetting. Make
overall responsibility for anti-bullying work), as sure that learners, parents and staff are all aware of
well as IT staff, pastoral care staff, and school the different ways available to report cyberbullying
council members. incidents. In addition, schools can signpost
information about external reporting routes,
9. Essential elements of prevention are awareness- providing information about contacting service
raising and promoting understanding about providers directly.
cyberbullying. Awareness can be raised and
understanding promoted through discussion and 14. Education and discussion around the
activity around what cyberbullying is and how it responsible use of technologies and e-safety are
differs from other forms of bullying. The activities key to preventing cyberbullying and helping
could include staff development activities; home- children and young people deal confidently with
school events such as special assemblies with any problems that might arise, whether in or out
parents; and addressing cyberbullying within of school. Technology can have a positive role in
curriculum delivery and the Social and Emotional learning and teaching practice, and there is a need
Aspects of Learning (SEAL) programme. for staff to be confident about ICT in order to model
the responsible and positive use of technologies and
to respond to incidents of cyberbullying
appropriately.
GUIDANCE 05
Executive summary
15. Stay up to date – prevention and responding 20. Advise those experiencing cyberbullying on
strategies require continuous review and refinement steps they can take to avoid recurrence – for
as new technologies and services become popular. example, advise those targeted not to retaliate or
This guidance, similarly, will be updated periodically reply; provide advice on ‘blocking’ or removing
as technologies develop. people from ‘buddy lists’; and ask them to think
carefully about what private information they may
16. It is useful to publicise progress and have in the public domain.
cyberbullying prevention activities to the whole-
school community. Keep cyberbullying a live issue 21. Take steps to identify the person responsible
and celebrate your successes. for the bullying. Steps can include looking at the
school system and computer logs; identifying and
Responding to cyberbullying interviewing possible witnesses; and, with police
involvement, obtaining user information from the
17. Cyberbullying is a form of bullying, and as such service provider.
schools should already be equipped to deal with
the majority of cyberbullying cases through their 22. Once the person responsible for the
existing anti-bullying and behaviour policies and cyberbullying has been identified, it is important
procedures. However, schools should recognise the that, as in other cases of bullying, sanctions are
ways in which cyberbullying differs from other forms applied. Steps should be taken to change the
of bullying and reflect that in how they respond to it. attitude and behaviour of the bully, as well as
In addition to considerations about the invasiveness ensuring access to any help that they may need.
of cyberbullying, the size of the audience, and other Schools will have existing sanctions in place for
such factors, cyberbullying yields evidence in a way bullying behaviour, and these should apply equally
that other forms of bullying do not. to cyberbullying. In addition, it is important to refer
to any Acceptable Use Policies (AUPs) for internet
18. The person being bullied will usually have and mobile use, and apply sanctions where
examples of texts or emails received, and should be applicable and practical. Technology-specific
encouraged to keep these to aid in any investigation. sanctions for pupils engaged in cyberbullying
There are also additional reporting routes available, behaviour could include limiting internet access
through mobile phone companies, internet service for a period of time or removing the right to use
providers and social networking sites. Detailed a mobile phone on the school site, for example.
information on retaining evidence, containing
incidents, and contacting the relevant organisations
is provided in this guidance.
19. Some forms of cyberbullying involve the

distribution of content or links to content, which
can exacerbate, extend and prolong the bullying.
There are advantages in trying to contain the spread
of these, and options here include contacting the
service provider, confiscating phones, and contacting
the police (in relation to illegal content).
1. Understanding
cyberbullying
1.1 WHAT IS CYBERBULLYING AND WHY 1.1.3 Cyberbullying can be an extension of face-to-
DO SCHOOLS NEED TO TAKE IT SERIOUSLY? face bullying, with technology providing the bully
with another route to harass their target. However,
A definition cyberbullying does differ in several significant ways
to other kinds of bullying: for example, the invasion
1.1.1 Cyberbullying can be defined as the use of home/personal space; the difficulty in controlling
of Information and Communications Technology electronically circulated messages; and even in the
(ICT), particularly mobile phones and the internet, profile of the bully and target. These differences are
deliberately to upset someone else. As with a school’s important ones for people working with children
general definition of bullying, however, it is advised and young people to understand (see section 1.4).
that schools involve the whole school community in
agreeing an accessible and meaningful definition. 1.1.4 Cyberbullying takes place between children;
In this way, the school will secure greater awareness between adults; but also across different age groups.
of the phenomenon and buy-in for its overall policy Young people can target staff members or other
and strategies to tackle cyberbullying. adults through cyberbullying: there are examples of
school staff being ridiculed, threatened and
1.1.2 Cyberbullying is a sub-set or ‘method’ of otherwise abused online.
bullying. It can be used to carry out all the different
‘types’ of bullying (such as racist bullying, Quote from a head teacher:
homophobic bullying, or bullying related to special
educational needs and disabilities), but instead of “One of my staff members was recently the victim of
the perpetrator carrying out the bullying in person, cyberbullying – some of the students created a web
they use technology as a means of conducting the site about them which contained nasty comments
bullying. Cyberbullying can include a wide range of and accusations…As a direct result the member of
unacceptable behaviours, including harassment, staff suffered from depression and stress, and was
threats and insults. And like face-to-face bullying, actively planning to leave the school. I can honestly
cyberbullying is designed to cause distress and harm. say that this episode nearly destroyed this man”.
GUIDANCE 07
Understanding cyberbullying
How common is cyberbullying? Legal duties and powers: Education law
1.1.5 There have been some studies looking at the 1.1.7 Bullying (and this includes cyberbullying) is
extent of cyberbullying amongst children and never acceptable. The school community has a duty
young people: to protect all its members and provide a safe, healthy
environment. These obligations are highlighted in a
• Research carried out for the Anti-Bullying range of Education Acts and government initiatives
Alliance (ABA) by Goldsmiths, for example, found (see section 2 of the overarching Safe to Learn:
that 22% of 11-16 year-olds had been a victim Embedding Anti-Bullying Work in Schools guidance).
of cyberbullying1.
1.1.8 In addition, the Education and Inspections
• The MSN cyberbullying report (2006) found Act 2006 (EIA 2006) outlines some legal powers
that 11% of UK teens had experienced which relate more directly to cyberbullying. Head
cyberbullying2 . teachers have the power “to such extent as is
reasonable” to regulate the conduct of pupils when
• Noret and River’s four year study on bullying they are off-site or not under the control or charge of
(2007) found that 15% of the 11,227 children a member of staff. This is of particular significance to
surveyed had received nasty or aggressive texts cyberbullying, which is often likely to take place out
and emails, and demonstrated a year on year of school but which can impact very strongly on the
increase in the number of children who are school life of those pupils involved. Section 3.4 of the
being bullied using new technology. School Discipline and Pupil Behaviour Polices guidance
provides more advice on when schools might
• Research conducted as part of the DCSF regulate off-site behaviour3 .
cyberbullying information campaign found
that 34% of 12-15 year olds reported having 1.1.9 EIA 2006 also provides a defence for school
been cyberbullied. staff in confiscating items from pupils. This can
include mobile phones when they are being used to
• Qualitative evidence gathered by NASUWT cause a disturbance in class or otherwise contravene
through a survey of teachers has demonstrated the school behaviour / anti-bullying policy. More
that cyberbullying affects the working lives of information on confiscation can be found in section
staff and impacts severely on staff motivation, 3.8 of the School Discipline and Pupil Behaviour Polices
job satisfaction and teaching practice. guidance 4. School staff may request a pupil reveal a
message or show them other content on their phone
1.1.6 Although there is variation in the figures, all for the purpose of establishing if bullying has
the research indicates that cyberbullying is a occurred, and a refusal to comply might lead to the
feature of many young people's lives. There is also imposition of a disciplinary penalty for failure to
concern that the level of cyberbullying is increasing. follow a reasonable instruction. Where the text or
image is visible on the phone, staff can act on this.
Where the school’s behaviour policy expressly
provides, a member of staff may search through the
phone themselves in an appropriate case where the
pupil is reasonably suspected of involvement.
1 P. Smith, J. Mahdavi et al 2006
2 www.msn.co.uk/customercare/protect/cyberbullying/default.asp?MSPSA=1
3 www.teachernet.gov.uk/wholeschool/behaviour/schooldisciplinepupilbehaviourpolicies/
Legal duties and powers: Civil and • Communications Act 2003: Section 127 covers
criminal law all forms of public communications, and
subsection (1) defines an offence of sending
1.1.10 Although bullying is not a specific criminal a ‘grossly offensive…obscene, indecent or
offence in UK law, there are criminal laws that can menacing’ communication6. Subsection (2)
apply in terms of harassment or threatening defines a separate offence where for the
behaviour. For example – and particularly pertinent purposes of causing annoyance, inconvenience
for cyberbullying – threatening and menacing or needless anxiety, a person sends a message
communications. which that person knows to be false (or causes it
to be sent) or persistently makes use of a public
1.1.11 In fact, some cyberbullying activities could be communications system7.
criminal offences under a range of different laws,
including the Protection from Harassment Act 1997 • Malicious Communications Act 1988: Section
which has both criminal and civil provision, the 1 makes it an offence to send an indecent,
Malicious Communications Act 1988, section 127 of grossly offensive or threatening letter, electronic
the Communications Act 2003 and the Public Order communication or other article to another
Act 1986. The age of criminal responsibility in the UK person with the intention that it should cause
starts at 10. them distress or anxiety8.
• Protection from Harassment Act 1997: This • Public Order Act 1986: Section 5 makes it an
Act is relevant for incidents that have happened offence to, with the intent to cause harassment,
repeatedly (i.e. on more that two occasions). alarm and distress, use threatening, abusive or
Section 1 prohibits behaviour amounting to insulting words, behaviour, writing, signs or other
harassment of another. Section 2 provides a visual representation within the sight or hearing
criminal offence and section 3 provides a civil of a person likely to be caused harassment,
remedy for breach of the prohibition on alarm or distress9. This offence may apply where
harassment in section 1. Section 4 provides a a mobile phone is used as a camera or video
more serious offence of someone causing rather than where speech writing or images
another person to fear, on at least two occasions, are transmitted.
that violence will be used against them5. A civil
court may grant an injunction to restrain a • Obscene Publications Act 1959: It is an offence
person from conduct which amounts to under this Act to publish an obscene article.
harassment and, following conviction of an Publishing includes circulating, showing, playing
offence under section 2 or 4, restraining orders or projecting the article or transmitting that data,
are available to protect the victim of the offence. for example over a school intranet. An obscene
article is one whose effect is such as to tend to
deprave and corrupt persons who are likely to
read, see or hear the matter contained or
embodied in it10.
5 www.opsi.gov.uk/acts/acts1997/1997040.htm
7 Where cyberbullying occurs by messages transmitted via a public electronic communications network, it may amount to an offence under section
127(1) or (2). However, if the bullying is by means of a school intranet and the message is sent and received on the same school site, the message is
unlikely to have been transmitted via the public network.
8 www.opsi.gov.uk/ACTS/acts1988/Ukpga_19880027_en_1.htm. This offence can be committed via an intranet which is not part of a public system.
9 www.opsi.gov.uk/si/si1987/Uksi_19870198_en_2.htm
10 Depravity and corruption are not confined to sexual depravity and corruption.
GUIDANCE 09
• When cyberbullying takes the form of hacking However, the claimant does not have to prove
into someone else’s account, then other criminal that the material is false – the burden of proof on
laws will come into play, such as the Computer that point lies with the author/publisher, who
Misuse Act 1990 11, in addition to civil laws on has to prove that what they have written is true13.
confidentiality and privacy. Where defamatory material is posted on a
website the person affected can inform the host
• An anti-social behaviour order (ASBO) under the of its contents and ask the host to remove it.
Crime and Disorder Act 199812 could be used Once the host knows that the material is there
for cyberbullying. An ASBO is a civil order which and that it may be defamatory, it can no longer
prohibits an individual from engaging in specific rely on the defence of innocent dissemination in
anti-social acts. An ASBO can be made against the Defamation Act 1996. This means that the
any person, aged 10 years or over, where there is person affected could (if the material has been
evidence that their behaviour caused, or is likely published in the jurisdiction, i.e. in England and
to cause, harassment, alarm or distress to others Wales) obtain a court order (an injunction) to
and where an order is needed to protect require removal of the material, and could sue
person(s) from further anti-social acts. Whether either the host or the person who posted the
a course of conduct is anti-social in nature is material for defamation.
primarily measured by the consequences and
the effect it has, or is likely to have, on a member Cyberbullying in the school community
or members of the community within which
it is taking place. An ASBO can be used in 1.1.12 Cyberbullying is not a new phenomenon,
conjunction with other measures as part of a but as mobile phone and internet use become
tiered approach to tackling anti-social behaviour. increasingly common, so does the use of technology
Prohibitions should be precise, targeted at the to bully.
specific behaviour complained of, and
proportionate to the legitimate aim of 1.1.13 Schools are already addressing bullying,
protecting the community from further abuse. discrimination and behavioural issues. This guidance
ASBOs can be extremely effective in preventing on cyberbullying is designed to help school leaders
further escalation into criminal behaviour. and staff who may not be familiar with the ways in
Breach of an Anti-Social Behaviour Order is a which technologies are currently being used by
criminal offence and criminal penalties apply. young people, and their potential abuse.
• Defamation: Defamation is a civil “common law” 1.1.14 Taking a whole-school community approach,
tort in respect of which the Defamation Acts ensuring that the issues are discussed and the school
of 1952 and 1996 provide certain defences. community shares an understanding of what
It applies to any published material that cyberbullying is and what the consequences and
damages the reputation of an individual or an sanctions for it are, is key to effectively preventing
organisation, and it includes material published and dealing with cases.
on the internet. A civil action for defamation can
be brought by an individual or a company, but 1.1.15 A lot of the material covered in this guidance
not by a public authority. It is up to the claimant is equally applicable to the cyberbullying of school
to prove that the material is defamatory. staff as to pupils. Members of the school workforce
11 www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm
suffering from or concerned about cyberbullying responsible use and e-safety is key to helping them
can also contact their trade union or professional deal confidently with any problems that may arise,
association for support and advice. whether in or out of school.
1.2 THE CONTEXT: YOUNG PEOPLE Adults are not always aware of how
AND TECHNOLOGY technologies can be used and abused
The role of technology in young people’s 1.2.5 Teacher training is changing to incorporate
everyday lives and account for e-safety issues, and to equip new
teachers with the information they need to make
1.2.1 Today’s children and young people have the most of technologies to support their learning
grown up in a world that is very different from that of and teaching practice. The Government’s e-strategy
most adults. Subsequently, how young people use supports ICT for continuing professional
technology is not always understood by parents, development for both teachers and leaders. Recently,
carers and staff members. Becta have become the Government’s key partner
in the strategic delivery and implementation of the
1.2.2 Digital media, computers, mobile phones and strategy. There are many partner agencies working at
the internet have been a taken-for-granted part of national, regional and local level to support the best
most children and young people’s upbringing and use and understanding of technology to support
environment. Many rely on technology not just to learning and teaching.
keep in touch, but as a way of developing their
identities, socialising, and belonging to groups. 1.2.6 Technology constantly changes, and the pace
Technology can play a positive, productive and of change can be off-putting for adults: new sites,
creative part of young people’s activities, crazes and fashions come and go continually. It may
development and social participation. seem daunting or demanding of time that just isn't
available to keep up with what young people are
1.2.3 Engagement with technology involves feelings doing.
as well as actions – above all it is a social activity that
allows young people to feel connected to their peers. 1.2.7 As technology develops, children will be
Telling a young person who has been cyberbullied to experimenting with new environments and
keep their mobile phone switched off or to stay off exploring where the boundaries of behaviour lie.
the internet can be interpreted as a disruption of In order to engage in a discussion about acceptable
their social life and perceived as a punishment. and responsible use, it is necessary to be informed
about these technologies, in order to help identify
1.2.4 Barring or restricting school network access to where the limits are and what the potential impacts
particular sites that young people use, such as social of certain behaviours are. It is not necessary to know
networking and gaming sites, does not necessarily about every application or site – but it is important
prevent young people from using them. They will still to keep up to date with a broad understanding of
access them, via their own devices and connections, the different ways that young people are using or
by bypassing blocks, or by finding new, unrestricted abusing, technologies.
sites. Whatever policies and practices individual
schools might have around computer access, mobile 1.2.8 Understanding children and young people’s
phones, or game consoles, it is important to online lives and activities can help adults respond to
recognise how important technology is to young situations appropriately and effectively. Talking to
people. Education and discussion around students about what they do with technology, and
GUIDANCE 11
what their concerns and experiences are, is an derogatory or defamatory statements in order to
essential starting point. Asking children and young provoke a response from their target (sometimes
people to show adults how technologies and referred to as ‘flaming’);
services work is a useful strategy that can provide
an important learning opportunity and context for • tracking targets by using spyware;
discussing online safety.
• sending viruses.
1.3 FORMS THAT CYBERBULLYING
CAN TAKE Vilification / defamation
1.3.1 Cyberbullying takes different forms, some 1.3.5 Cyberbullying can include posting upsetting or
of which are harder to detect or less obviously defamatory remarks about an individual online, or
associated with bullying than others. Schools should name-calling using a mobile device for example.
already have policies and practices in place for These may be general insults, or include prejudice-
dealing with some of these. based bullying. Pupils may use their mobile phones
or email to send sexist, homophobic and racist
Threats and intimidation messages, for example, or they may attack other
kinds of difference – a physical or mental disability,
1.3.2 Serious threats can be sent to both staff and cultural or religious background, appearance, or
pupils by mobile phone, email, and via comments on socio-economic position.
websites, social networking sites or message boards.
Ostracising / peer rejection / exclusion
Harassment or stalking
1.3.6 Online exclusion can be harder to detect than
1.3.3 Repeated, prolonged, unwanted texting, children obviously being marginalised in a space,
whether it is explicitly offensive or not, is a form of such as a classroom, where there are adults present.
harassment. Online stalking (sometimes referred to
as ‘cyberstalking’), where a person’s online activities 1.3.7 Social networking sites, such as Bebo and
are constantly monitored, can cause psychological MySpace, provide a platform for young people to
harm and fear. Previously safe and enjoyable establish an online presence and to talk with other
environments can be experienced as threatening, network members. They can be an important
and online activity may become a source of anxiety. extension of a young person’s social space and
activity. Most social networking sites work as gated
1.3.4 Harassment and stalking can take several and communities, only allowing contact between
often multiple forms online, and may or may not be members, so it is common for only a small number of
a continuation of offline harassment or lead to social networking sites to be popular amongst any
physical harassment and stalking. Forms of individual school’s students. It is possible for a group
harassment include: of students to set up a closed group, which can
protect them from unwanted contact. It also means
• repeatedly sending unwanted text or instant that excluding someone – by refusing to return or
messages, or making phone calls (including acknowledge messages; deleting them from their
silent calls); friendship lists; or using 'ignore' functions – can be
extremely hurtful.
• using public forums, such as message boards or
chatrooms, to repeatedly harass, or to post
Identity theft, unauthorised access have also discovered their images and contact
and impersonation details have been posted to public sites along
with invitations to contact them.
1.3.8 ‘Hacking’ generally means accessing someone
else’s account by finding out or guessing their 1.3.11 You don’t need to be able to access
username and password information. The majority someone’s account details to impersonate them.
of children and young people consulted (see ‘What There are examples of people discovering websites,
children and young people say’ in the Resources profiles or comments written in their name and
section) during the production of this guidance were pretending to be by them.
aware of such incidents.
1.3.12 Identifying perpetrators using technology is
1.3.9 Hacking into systems, accounts or files is not often a time-consuming process, and it may not
automatically a form of cyberbullying, but it is always always be possible for the school to prove who the
a serious issue. Hacking is illegal under the Computer responsible party is (see ‘Investigation’ section of the
Misuse Act 1990 (see information on the civil and ‘Responding to cyberbullying’ chapter). Identifying
criminal law). who has been cyberbullying may depend on more
traditional ways of investigating incidents –
1.3.10 Examples of how hacking can be used to circumstantial evidence, a witness report, or an
cyberbully include: admission of responsibility.
• Accessing and copying someone's information, Publicly posting, sending or forwarding

for example emails or pictures, in order to harass personal or private information or images
or humiliate them. This could include posting
private information on public sites, emailing or 1.3.13 Once electronic messages or pictures are
forwarding data by mobile phone, or printing made public, containing them becomes very difficult.
and circulating paper copies. Video or pictures can be passed between mobile
phones either by a local wireless connection (which
• Deleting someone's information – for example, allows free messages to be sent between devices
electronically submitted or stored assignments that are close to each other), sent by text to other
and homework, or important emails. phones, uploaded to websites, or posted to public
video-hosting sites. Most young people are aware of
• Impersonating someone – for example ‘Happy Slapping’, a term which has been used to refer
pretending to be the person whose account has to physical assaults that are recorded and circulated,
been hacked in order to post abusive comments usually via mobile phone. The DCSF does not
and bad language. This might include posting promote the use of this term, although it recognises
messages to the school's Virtual Learning that its popular currency has at least allowed
Environment (VLE), sending Instant Messages or discussion around this form of cyberbullying to
emails, or may involve using someone's mobile begin to take place. The term is inaccurate and
phone to send abusive calls, texts or images. misleading, and risks minimising serious and illegal
There have been cases where a bully has sent incidents of physical assault. People who record
out nasty messages to everyone on a pupil's attacks can be actively engaging in cyberbullying.
buddy list, and it can be difficult for the person Circulating images of attacks can also be a form of
targeted to make their friends believe the harassment, and will certainly compound the harm
messages did not come from them. People of the original attack.
GUIDANCE 13
1.3.14 Websites are potentially viewable by millions other people, including their family members, might
of people. Even after pages or comments have been find out can make them vulnerable to further
removed,‘cached’ copies may still be available. For manipulation. There is also evidence that mobile
example, Google creates a copy of the pages in its phones and the internet are being used to try to
index which are stored as a cached version that can control, track and manipulate within abusive teen
be accessed via its search results pages, unless a site relationships14.
owner has requested otherwise.
1.3.18 Manipulation is also used by adults with a
1.3.15 Creating, possessing, copying or distributing sexual interest in children to ‘groom’ children they
images of children and young people under the age have contacted online to meet up. This guidance
of 18 which are of an indecent or sexual nature is concentrates on bullying and does not go into
illegal under the Protection of Children Act 1978. ‘grooming’ or wider child protection issues. For
These images are illegal even if they were taken in further information on this, see www.ceop.gov.uk
‘fun’ or by ‘willing’ parties. Section 160 of the Criminal or www.chatdanger.com.
Justice Act 1988 criminalizes the possession of
electronic or hardcopy images. These laws also apply 1.4 HOW IS CYBERBULLYING DIFFERENT
to indecent ‘pseudo-photographs’ – images which TO OTHER FORMS OF BULLYING?
have not been taken but have been created or
adapted, for instance using digital imaging software. Impact
Manipulation 1.4.1 In cyberbullying, the audience for the bullying

can be very large and reached rapidly. This means
1.3.16 Manipulation is an often under-considered that the degree and seriousness, as well as possible
form of bullying, but unfortunately there have been risks and repercussions, have to be evaluated
many cases of manipulative cyberbullying. Examples differently than in cases of other types of bullying.
include putting pressure on someone to reveal If content is shared across mobile phones or posted
personal information or to arrange a physical online, it becomes difficult to control who might see
meeting. This can be done by using online friendship it or have copies of it. Not being able to be certain
status – for example, suggesting that a genuine that the event has been contained and will not recur
friend would give out personal information. / resurface may make it harder for the person being
bullied to gain a sense of 'closure' over an event.
1.3.17 It can be difficult to negotiate online
relationships – some people will find using ignoring 1.4.2 This is a particularly significant way in which
and blocking tools easy, others will hesitate to cyberbullying is different from other forms of
demote the status of people they have already bullying: a single incident can be experienced as
thought of as friends. Manipulation is a very difficult multiple attacks. For example, a humiliating video
type of cyberbullying to detect, since the person posted to the web can be copied to many different
being bullied often feels implicated in and sites. A single instance of bullying – the creation of a
responsible for their own victimisation, and may feel nasty website or the forwarding of a personal email –
guilty or ashamed. Some forms of manipulation may can have repeated and long-term consequences, as
involve getting people to act or talk in a provocative content that is taken off the internet can reappear or
way. Rude images or conversations can be very be circulated again.
embarrassing to young people, and their fear that
14 Tech Abuse in Teen Relationships Study, January 2007: http://loveisnotabuse.com/pdf/06-208%20Tech%20Relationship%20Abuse%20TPL.pdf

1.4.3 It is also worth noting that some of those being Location

bullied may not be aware that they have been or are
being cyberbullied. For example, they may not have 1.4.7 Cyberbullying can take place at any time and
seen, or be aware of, content about them that has can intrude into spaces that might previously have
been posted online. been regarded as safe or personal – the person being
cyberbullied can be left feeling that there is no place
Targets and perpetrators to hide and that they might be attacked at anytime.
Sending abusive text messages, for example, means
1.4.4 Children and young people are not the only that cyberbullying can take place any time of the day
ones that may be subject to cyberbullying. School or night, and the target of the cyberbullying can be
staff have also been victimised and have suffered reached in their own home, even their own bedroom.
distress at the hands of school-aged bullies. The
seeming anonymity and distance that technology 1.4.8 Traditionally, young people have been told to
provides means size and age are not necessarily walk away from someone who is trying to bully
relevant. People who cyberbully do not need to be them. However, it is not possible to walk away from
physically threatening to cyberbully. They don’t need constant phone messages or from a website which
to be stronger, taller or older than the person they has been created to hurt you.
are cyberbullying – they may never be in the same
physical space as the person they are bullying. 1.4.9 Cyberbullying will have an impact on the
education and wellbeing of the person being bullied,
1.4.5 Cyberbullying can be used by a person and the physical location of the bully at the time of
bullying offline to extend their aggression, but can their action is irrelevant in this. Schools now have
equally be used as a form of 'revenge'. There have broad new powers to discipline and regulate the
been some cases where the person cyberbullying behaviour of pupils even when they are off the
had been previously bullied, and used the school site – these are set out in the Education and
technology to respond. Inspections Act 2006 (see information on the law and
also section 3.4 of the School Discipline and Pupil
1.4.6 Bystanders to cyberbullying can easily become Behaviour Policies guidance15).
perpetrators – by passing on or showing to others an
image designed to humiliate another child or staff Anonymity
member, for example, or by recording an assault/act
of bullying on a mobile phone and circulating this. 1.4.10 People who cyberbully may attempt to
As with other forms of bullying, it is important that remain anonymous and this can be extremely
the whole-school community understands their disturbing for those that are being bullied. Although
responsibility to report cyberbullying and support the person being bullied may know that their bully is
the person being bullied. It is advisable that anti- from within their circle of friends or pupils at their
bullying policies refer to those ‘bystanders’ – better school, they may not know the actual identity of the
termed ‘accessories’ in this context – who actively bully and this can make them uneasy, distrustful, and
support cyberbullying incidents and set out suspicious of all their relationships.
sanctions for this behaviour.
1.4.11 However, perpetrators are not as anonymous
as they might think and there are ways of identifying
cyberbullies. Having said that, although there is likely
to be an evidence trail (‘digital footprints’) left by the
GUIDANCE 15
bully, finding out further information that might help 1.4.13 Schools need to ensure that ignorance of
identify who is responsible – by tracking down the the consequences and potential seriousness of
person’s email or IP address (their unique computer cyberbullying is not a defence – that all pupils are
address) – is time consuming and usually requires aware of the issues and rules, for example through
the involvement of other agencies (the police and induction procedures, awareness days and
the service provider, for example). And in some cases, Acceptable Use Policies (see the ‘Preventing
finding out this information will not clearly identify cyberbullying’ section).
an individual. See the ‘Responding to cyberbullying’
section for further information. Evidence
Motivation for bullying 1.4.14 Unlike other forms of bullying, many

cyberbullying incidents can themselves act as
1.4.12 Some cyberbullying is clearly deliberate evidence – in the form of text messages or computer
and aggressive. However, some instances of ‘screen grabs’, for example. As well as evidence that
cyberbullying are known to be unintentional and the an incident has taken place, they may also provide
result of not thinking or a lack of awareness of the information about who the perpetrator is. A nasty
consequences. Online behaviours are generally less text message, for example, will contain the message,
inhibited than offline behaviour, and some children the date and time that it was sent, and information
report saying things to others online that they would about the phone it was sent from.
not have done offline. Two other factors may be
involved here: 1.4.15 Having proof that they are being bullied
might make it easier for some targets of bullying to
• The distance between the bully and the person come forward – however, a recent MSN report found
being bullied: The lack of context can mean that that 74% of teens did not try to get help the last time
what might intended as a joke may not be they were cyberbullied16. Adults and young people
received as such, and indeed may be deeply may not know how important the evidence could be,
upsetting or offensive to the recipient. or how to preserve it. You can find out more about
Additionally, because the bully cannot see the preserving evidence in section 3.3 of the
person being bullied, and the impact that their ‘Responding to cyberbullying’ chapter.
message has had, there is less chance for either to
resolve any misunderstanding or to feel empathy. 1.5 BRIEF INTRODUCTION TO THE
TECHNOLOGY
• A single act can have unintended consequences:
Sending a 'funny' (i.e. embarrassing or Mobile phones
humiliating) picture of a fellow pupil (even a
friend) to someone could be viewed as a one-off 1.5.1 Children and young people use their mobile
incident, but the nature of the technology means phones for much more than talking and texting.
that the sender loses control of the image they The most additional common uses include telling
have sent. It can be sent on, posted up online the time, downloading and forwarding pictures and
and have a wide circulation. For this reason, a film clips, checking email and accessing the internet,
one-off action can turn into a repetitive action, listening to music, and playing games. The wide
and have consequences for the person being range of activities phones are used for, coupled with
bullied far beyond what the original sender may the phone’s role in managing young people’s
have anticipated. different social networks, makes the phone a
powerful and important tool.
16 www.msn.co.uk/customercare/protect/cyberbullying/default.asp?MSPSA=1
1.5.2 As well as being able to store music, take Instant Messenger and Voice Over
photos and video and send these to other phones, Internet Protocols
children can also share this content with other
phones via short range wireless connections. 1.5.3 Instant messenger (IM) is an application that
Wireless personal area network technology uses allows the pupil to chat in real time (i.e. live) with
radio waves, providing a free way for enabled devices people on a pre-selected friend/buddy list. IM
(phones, computers, handheld game consoles) in programmes usually require you to download an
close range of each other to share information. application to your computer, although there are
some web-based services available which do not
Benefits need installing.
Mobile phones allow children to stay in touch with,
and be contacted by friends and family, parents and 1.5.4 IM programmes let you see which of your
carers. They can be useful in emergency situations, contacts are online when you are, and let you chat
and they can allow children a greater sense of using text while you are using your computer. Like
independence. They can be used for storing files, social networking sites, IM services work between a
taking notes, capturing evidence, and research via network of people who have signed up to the same
an internet connection. service and given each other permission to see and
talk to each other when they are online. Unlike
Risks chatrooms, which are typically public and open to
Supervising a young person’s use of their mobile anyone signed up to the chat service, IM is more
phone is far harder than, for example, their use of private, usually taking place between two people.
the family computer, since phones are rarely shared Windows Live Messenger (previously called MSN
and potentially always on. Messenger) is a popular IM programme; however,
there are several different types of IM services.
It is very easy for children to create and circulate
content, including inappropriate content. Using 1.5.5 Voice Over Internet Protocols (VOIP)
a short range wireless connection, content can programmes are becoming increasingly popular
be sent for free between enabled devices. Once since they offer unlimited free phone calls anywhere
forwarded, content is almost impossible to control, in the world, using an internet connected computer
and can easily spread by being passed on. and microphone. Again, calls can only take place
between people who have downloaded the same
Mobiles and bullying application. Services like Windows Live Messenger
Mobiles have been used to cyberbully in a number include IM, voice calling and video conferencing.
of different ways: making nasty calls; sending nasty
text messages; taking and sharing humiliating
images; videoing and sharing acts of bullying and
assault via camera phone (sometimes misleadingly
called ‘Happy Slapping’, see note at 1.3.13). Content
can be posted online or sent from phone to phone,
or shared using a short range wireless connection
between devices, bypassing the phone network
altogether.
GUIDANCE 17
Benefits Benefits
Typically children use instant messenger as an Most chatrooms have a theme or topic, so it is
extension of their regular social lives, to talk to possible to meet others from all around the world
friends outside of school. IM is a quick and effective with the same interest as you and exchange ideas.
way of keeping in touch, and is a good social tool. Often people assume different identities in
IM is also used by some teachers to keep in touch chatrooms, which means they can be free from
with students – in order to check through real world stereotypes, such as age, race and
homework, for example. IM is extremely useful for appearance. For young people this can be an easy
some types of collaborative work and research. way to meet new people, or explore issues which
Some IM programmes keep records of IM they are too shy to talk about in person. Since many
conversations or at least offer this facility, which can people can join in and observe a conversation at
be used as evidence of work or as an example of one time, chatrooms are very useful for
problem solving (it is a good idea to activate this collaborative work. Most chatroom programmes
function as it serves as the best evidence when record conversations too.
making a report of cyberbullying).
Message boards allow different people to add
Risks replies to discussion topics, creating chains of
Some Instant Messenger products can hold up to replies around particular topics, which make take
600 ‘buddies’, or contacts, and some children may place over several months. Some message boards
see having as many ‘friends’ as possible as are moderated – no new messages will be
important. It is usually common for people with published publicly until the owner reviews them –
large buddy lists to know only a small proportion but many others are monitored only by users, who
of the people on their list. are expected to report any inappropriate messages.
IM and bullying Risks

Bullies can use IM to send nasty messages or Public chatrooms can be populated by anyone,
content to other users. People can also ‘hack’ into since accounts usually only require an email address
IM accounts and send nasty messages to contacts. to verify a user’s identity. Most chatrooms do not
carry age verification; therefore children can visit
chatrooms of an adult nature. People can behave
Chatrooms and Message Boards inappropriately or abusively. The nature of
chatroom exchanges tends to be less inhibited than
1.5.6 There are many chat sites online, hosted by when people meet in the real world for the first
major service providers such as AOL as well as by time, and children can be persuaded to give out too
smaller independent websites. Typically chatrooms much personal information and contact details.
are thematically organised around interest, age, or Chatrooms are not necessarily moderated (by a
location. Chatrooms allow groups of people from person observing conversations as they happen) or
across the world to hold text (and sometimes voice) monitored (by someone reviewing previous chat
conversations in real time. session transcripts). There have been cases of adults
using public chatrooms to begin relationships with
children and young people in order to sexually
abuse them (see Resources section for educational
and awareness materials in this and other internet
safety areas).
Chatrooms and Message boards and Webcams

bullying
Nasty or threatening messages can be sent, without 1.5.8 Webcams are small digital cameras which
the target necessarily knowing who they are from. work with computers. They can be used to record
Groups may ostracise and ignore individual photographs or video, which can then be posted on
children. Children and young people may be the internet or forwarded. Most commonly, they are
persuaded to give out private information, or enter used to see someone that you are talking to online.
into apparent friendships with people who are
lying to them about who they are in order to Benefits
develop a friendship which they later exploit. Webcams let you see, in real time (i.e. live), people
you are chatting to, places or events. They can have
educational value – they can bring far-off places to
Email life; be used to view experiments; be used for video-
conferencing; and be used to facilitate collaboration
1.5.7 Email is now an essential part of most people’s between schools in different parts of the country or
working lives. Email accounts are provided by the world. They can also help families to keep in
schools, broadband providers or other internet touch with friends and relatives.
companies.
Risks
Benefits Children have been persuaded to take or send
As well as the obvious communication benefits, inappropriate photographs of themselves, either
web-based email addresses do not require external by their friends or by people they have only had
verification and such ‘disposable’ accounts can contact with online. Webcam use can be difficult to
be extremely useful for entering competitions supervise if the computer is in a child’s bedroom or
and other activities that generate unwanted or private space. Although fairly rare, there have been
spam email. cases of people using virus programmes that can
‘hijack’ the output of a remote webcam and send
Risks the images to their own computers.
Email can be used to send inappropriate images
and to forward private information. Computer Webcams and bullying
viruses and spam are common email hazards. Children can be persuaded or threatened into
Web-based email can also be used by people doing things on a webcam that they might not
wanting to remain anonymous in order to send have otherwise done – undressing or acting in
malicious or nasty mail. unsuitable ways, for example. Once someone else
has content the child or young person would not
Email and bullying like their parents to know about or be made public,
People can send bullying or threatening messages they are at risk of being further manipulated or
via email, or repeatedly send unwanted messages. threatened.
Unsuitable images or video clips can be passed on.
Personal emails can be forwarded inappropriately.
The majority of computer viruses are forwarded
by email.
GUIDANCE 19
Social network sites available sites as private and personal places, and
may post photographs for their immediate friends
1.5.9 Popular social networking websites such as which may be inappropriate or embarrassing in
MySpace and Bebo let users create their own other contexts. Sites which are not made private, or
homepages, set up ‘blogs’ and add friends. registered as belonging to an over 18 year old, are
easy to search for and may be indexed and cached
1.5.10 Social network sites typically allow users to by search engines such as Google. Staff members
set up a profile page, listing their interests and other and parents may view the time spent on social
details, and they enable contact with other users. network sites as inappropriate and excessive, since
Many focus on interests or services – for example, many young people will check their sites several
photo storage and sharing (like Flickr), music times a day for messages and to view their friends’
preferences (like last.fm) or education (like activity.
EduSpaces). They may also provide ‘blogging’ or
other website creation tools. Social networking and bullying
Social Network sites can be abused in a number of
1.5.11 Social network sites are designed to help ways. Most allow comments to be left (although
people find and make friends, and to make it easy to some sites enable users to review / approve content
stay in touch. before it is shown), and nasty comments may be
posted. People might use their own sites to spread
Benefits rumours or make unpleasant comments about
Young people use online space in much the same other people, or post humiliating images or video
way that they use offline space – they socialise with of them. Fake profiles are also fairly common, and
friends and other people online, express these might be used to pretend to be someone else
themselves, and meet up in much the same way as in order to bully, harass or get them into trouble.
they might do at youth clubs or shopping centres.
These sites provide them with public and private
space, and let them express themselves creatively
by selecting and creating content. Young people
can usually set permissions, giving them control
over who can access their profiles and pages.
Risks
Many young people view the social network site
they use as the hub of their online activity and will
spend a lot of time on the look and content of their
pages. Profiles and blogs may contain a lot of
detailed and personal information – about
themselves and their friends. This can be misused
by bullies and sexual predators to gain information
about an individual, their interests and tastes as well
as their location or contact details. Children and
young people often mistakenly view publicly
Video-hosting sites Virtual Learning Environments (VLEs)
1.5.12 Images and video can be posted to blogs, 1.5.13 Many schools now use software that creates
social networking sites, and sent by email. There has a site especially designed for education, called a
been a tremendous rise in the popularity of video- Virtual Learning Environment (or VLE). Programmes
hosting sites, such as YouTube, where clips are such as Moodle allow school staff to set assignments,
uploaded and shared. Popular video clips can be tests and activities and to track their students’
seen by hundreds of thousands of visitors to the progress. A VLE might only be available from the
sites, and clips are rated by viewers and comments school network, or might be accessible from any
(including video comments) can be posted about internet connection (i.e. from home).
them. The video footage can also be embedded in
other sites and pages. Benefits
VLEs provide a structured way for staff to set work and
Benefits deadlines, and for students to complete activities,
There can be a lot of good content to view on submit assignments, and to communicate and
these sites – music videos, funny clips and other collaborate with others from their school community.
entertainment, as well as useful resources, including These sites are typically password protected, to
educational resources. Even internet safety and enable closed working environments and to track the
anti-bullying videos can be found on these sites. learners’ progress through tasks. They can enable
Video is stored on and streamed from the sites students to access resources from home.
themselves, which means that viewing is very easy.
Risks
Risks If the site is accessible from any internet location,
There are two ways that children may be exposed schools will want to ensure that a specific
to risk on video-hosting sites: children may access ‘Acceptable Use Policy’ is in place – although users
inappropriate material (for example, violent or are tracked, students need to be aware of appropriate
pornographic content), and they may post and acceptable behaviour. It is also important that
inappropriate material, which might make them staff are aware of data protection issues, and how
contactable and vulnerable or which might lead to respond to reports or discovery of offensive
to embarrassment of themselves or others. messages or images. Ensuring that passwords are
kept private is important, so that accounts are not
Video-hosting and bullying accessed or misused by anyone else.
Video-hosting sites can be misused for
cyberbullying, and staff as well as pupils have been VLEs and bullying
victim to content posted up on such sites. The Although users are tracked, students may still
cyberbullying may take the form of video taken misuse the platform or post inappropriate
without the subject’s knowledge, even from within messages or images. VLEs usually consist of a range
class, that is then posted and shared, and/or acts of of tools – for example, message boards, chatrooms,
violence against people or property. and Instant Messaging – that can be misused in
the same ways as services outside of the school
environment. Hacking can provide a range of
opportunities for cyberbullying – including sending
nasty messages from someone’s account, posting
inappropriate comments, and deleting schoolwork.
GUIDANCE 21
Gaming sites, consoles and virtual worlds Gaming sites, consoles and virtual
worlds and bullying
1.5.14 A significant amount of the time young As with other programmes that allow people to
people spend using technology is taken up playing communicate with one another, there have been
the wide variety of computer games that are instances of name-calling and abusive / derogatory
available. Computer games can be accessed through remarks. Additionally, players may pick on weaker
online gaming sites, where chat between players or less experienced users, repeatedly killing their
across the world is facilitated, or on handheld character. Wireless-enabled consoles can be used
consoles which use a wireless connection to enable to forward unwanted messages to other
people in the same location to play against each compatible devices.
other or to message one another. Virtual worlds –
2 or 3D online sites where users are encouraged
to design their own avatars (the figures that
represent them in the virtual world), explore and
create their own environments – are becoming
increasingly popular.
Benefits
Gaming has been shown to help develop many
positive skills – leadership and decision-making,
puzzle solving, teamwork and collaboration. Games
that involve physical movement (dance mats, for
example) can provide children and young people
with a fun way to exercise. There are now many
ways of using game software within education –
e.g. Wordshark, which is a collection of games
designed to support students with dyslexia.
Virtual worlds can be used to explore and bring to

life a range of topics – for example, recreating
ancient cities or building virtual prototypes.
Risks
Many games are designed for the adult market and
are inappropriate for children and young people,
containing adult themes and explicit imagery,
although games should carry labels which indicate
the age they are appropriate for. Parents will often
want to limit the amount of time spent on games,
since completing levels and finishing will be fairly
addictive in any effective game. Games and virtual
worlds accessed online will be harder to monitor for
appropriateness of content.
2. Preventing
cyberbullying
2.1 TAKING A WHOLE-SCHOOL safe and welcoming environment as a responsibility

COMMUNITY APPROACH and function of the whole-school community.
2.1.1 This section looks at prevention strategies Co-ordinating responsibility

and activities that are designed to support the
whole-school community. By this, we mean learners, 2.1.3 The first step is to decide who within the
teachers, support staff, parents, school leaders, school community takes responsibility for the
governors, and all the people who provide support – coordination and implementation of cyberbullying
including teaching assistants, break and lunchtime prevention and responding strategies. To be most
supervisors, and extended school provision staff. effective, it is likely that the person nominated will be
Each activity should include a consideration of who a member of the senior management team and/or
can contribute to development, consultation and the staff member responsible for coordinating
implementation, and how to best inform and involve overall anti-bullying activity. An effective approach
as many people as possible. Some activities will be requires clearly defined responsibilities, reporting
targeted at particular groups – however, effectively lines and communication – essential in the context
addressing cyberbullying means making sure the of the time and other resource challenges that staff
whole-school community knows that cyberbullying have to manage. School staff with responsibility for
is not acceptable and knows how to identify and pastoral care, behaviour and IT systems, as well as
take action against cyberbullying. the school council, parents and teacher unions /
professional associations representing staff, will
2.1.2 Schools can take pro-active measures to help need to work together.
prevent cyberbullying from occurring, and to reduce
the impact of any incidents that do happen. Schools 2.1.4 It is useful to identify key partners from outside
are already required to have a clear policy on tackling agencies who can support your school in tackling
all forms of bullying, which is owned, understood and cyberbullying – the police, your Local Safeguarding
implemented by the whole-school community. Children Board, and a member of your local
Cyberbullying prevention can build on this (see Broadband Consortia (if they are providing you
section 2.3 on reviewing and updating policies to with internet services) are recommended. Local
include cyberbullying), promoting and maintaining a Safeguarding Children Boards (LSCBs) play a key role
GUIDANCE 23
Preventing cyberbullying
in coordinating and ensuring the effectiveness • Making reporting cyberbullying easier

of work to safeguard and promote the welfare
of children in their areas. Where instances of • Promoting the positive use of technology
cyberbullying present a significant problem, and
are considered a local priority for action, LSCBs • Evaluating impact of prevention activities
may work with local authorities, schools and other
organisations to support the development of 2.1.7 The approach you take will reflect the culture,
effective policies to address the problem. needs and preferences of your school community.
However, your cyberbullying strategy will need to
2.1.5 Sharing resources, practices and ideas with align with existing anti-discrimination work,
anti-bullying leads from other schools is also curriculum delivery within Citizenship and PSHE,
recommended. This can help ensure joined up and and the work you undertake as part of the Social
effective prevention planning and ensure that good and Emotional Aspects of Learning programme
practice is disseminated. (SEAL) (see the general Safe to Learn guidance, in
particular annex C, for more information on using
Case study: the curriculum and the SEAL programme to
Norfolk County Council have adopted a range of address bullying).
strategies for dealing with cyberbullying, focusing
particularly on raising the awareness of adults who 2.1.8 As with other issues that potentially impact on
may not be aware of the potential for misuse of the whole-school community, wherever possible and
technology and the implications of this misuse. appropriate policies and processes should be
Among other things, Norfolk has: provided training discussed, agreed and developed collectively.
for school staff and parents; organised a two-day
conference for school staff on e-learning, including 2.2 UNDERSTANDING AND TALKING
workshops on cyberbullying and e-safety; asked a ABOUT CYBERBULLYING
group of young people to design assemblies on the
topic of cyberbullying for primary and secondary 2.2.1 Cyberbullying is an issue that is already on your
schools for Anti-Bullying Week; and organised a school’s agenda. Cyberbullying prevention is an
conference for parents on the topic. important way of working towards the Every Child
Matters outcomes, and of safeguarding the health
Preventing cyberbullying and wellbeing of your school community.
2.1.6 There is no single solution to the problem of 2.2.2 Developing and agreeing on a shared
cyberbullying; it needs to be regarded as a live and understanding of what cyberbullying is, and
ongoing issue. This section outlines a prevention supporting school-wide discussion around the issue
framework made up of the five essential action areas of cyberbullying provides a key foundation to all
that together offer a comprehensive and effective your prevention activities.
approach to prevention:
2.2.3 How can you make sure that the whole school
• Understanding and talking about cyberbullying is confident and clear in its understanding of
cyberbullying?
• Updating existing policies and practices
Promote awareness and understanding Case study:

about cyberbullying Kesteven and Sleaford High School in Lincolnshire has
produced information for learners and parents on
2.2.4 It is important that the whole-school sanctions for cyberbullying. You can review these for
community has a shared, agreed definition of ideas about communicating your schools sanctions
cyberbullying. All should be aware of the impact of (see item F in ‘Resources’ section).
cyberbullying and the ways in which it differs from
other forms of bullying. Provide information about out-of-school
bullying
2.2.5 We advise that the whole-school community
has an opportunity to contribute to and be a part 2.2.8 Under the Education and Inspections Act 2006,
of a policy and practice development and review the school has new powers in relation to out-of-
discussion about cyberbullying. school bullying (see information on the law). Staff
members and governors will need to understand
2.2.6 As with other forms of bullying, it is vital to what these are, so that they can deal with or refer
include discussion of prejudice-driven bullying. cases appropriately. Students and parents will need
Sexist, racist and homophobic cyberbullying, as to know that the school can provide them with
well as cyberbullying related to SEN and disabilities, support if cyberbullying takes place out of school.
should be addressed within any discussion and
understanding. 2.3 UPDATING EXISTING POLICIES
AND PRACTICES
Case study:
Mossley Hollins school in Manchester recently held 2.3.1 This section deals with recording incidents,
a cyberbullying conference for their year 9 pupils – a adapting existing policies and making sure everyone
whole day event including information, activities and knows about any changes. Reviewing existing anti-
workshops which focused on tackling cyberbullying. bullying policies and school behaviour policies so
Following their work with the pupils, they invited that they cover cyberbullying incidents is an
parents to attend a one-hour information meeting important part of your regular review of these
(see item E in the Resources section for a copy of the documents. Cyberbullying issues will also impact on
letter to parents). a range of other policies – staff development, ICT
support and infrastructure, and e-learning strategies,
Publicising Sanctions for example.
2.2.7 Pupils need to be aware of the importance of Review and update policies to
a safe environment and how to behave responsibly include cyberbullying
when using ICT. Pupils, parents, staff and governors
should all be aware of the consequences of 2.3.2 School governors, head teachers and senior
cyberbullying. Young people and their parents managers should audit existing policies and
should be made aware of pupils’ rights and procedures to decide which need to be changed
responsibilities in their use of ICT, and what the or adapted in order to include cyberbullying
sanctions are for misuse. prevention and how to respond to incidents.
GUIDANCE 25
2.3.3 The school’s anti-bullying policy and/or school appropriate to prevent it. However, it is important
behaviour policy will certainly need to address that such rules are well-publicised and that parents
cyberbullying if they do not already do so. It is are aware of such measures (parents may currently
important too that cyberbullying is addressed in ICT contact their child via mobile to arrange suitable
and other relevant lessons, and is brought to life after-school collection times, for example, and need
through activities. As with other whole-school to know if phones will be required to be switched
policies, it is important to include and empower off during school hours) and that the school takes
young people to take part in the process. into account other implications as discussed in
paragraph 1.2.4.
Log all cyberbullying incidents
2.3.7 Staff who have a role in moderating and
2.3.4 Keeping good records of any incidents monitoring VLEs and other online environments
of cyberbullying is essential, and can help to should have clear guidance on how to respond to
monitor the effectiveness of your school’s prevention reports of cyberbullying or the discovery of offensive
activities. The use of technology in any incident or upsetting material. If offensive material is posted
can be recorded using your existing incident on your institution’s website, the school may face
report forms and these can be logged as potential liability if they fail to take it down promptly
cyberbullying incidents. once they are made aware of it. The AUP is a positive
step the school can take towards ensuring material is
Review your existing Acceptable Use not published, along with anti-cyberbullying and
Policies (AUPs) ‘responsible use’ activities. It is very important that
action is taken as soon as the staff member
2.3.5 AUPs are the rules that students have to agree responsible or the school becomes aware of any
to follow in order to use ICT in school. If you only offensive material. Removing material needs to
have these online, you might want to produce a involve the school IT staff, since data may be required
paper form that can be sent home for parents to see. by a third party for investigation.
You may want to produce separate AUPs for using
different kinds of technology – e.g. for use of the Case study:
school network; use of a school Virtual Learning An example of an Acceptable Use Policy for pupils
Environment (VLE) or other learning platforms / from a secondary school in Manchester can be found
interactive tools; and use of mobile phones on school in item H in the ‘Resources’ section. Pupils need to sign
premises. Policies should outline the rules and up to the policy to show both that they agree to the
responsibilities of use, sanctions for misuse, and rules in the AUP and understand the consequences if
issues around confiscation and retention. they do not.
2.3.6 It is for schools to decide if they wish to ban or 2.4 MAKING REPORTING
restrict the use of mobile phones or certain internet CYBERBULLYING EASIER
sites during school hours. It is open for schools to
include in their behaviour / anti-bullying policies 2.4.1 Reporting any incident of bullying can be really
measures to restrict the use of mobile phones and hard for the person being bullied and for bystanders.
websites and strong sanctions for their misuse. You can read some of the reasons given for not
Cyberbullying should be taken very seriously and reporting bullying in ‘What children and young
schools should take such action as they consider people say’ in the Resources section.
2.4.2 It is important that adults in the community Explore different reporting routes
are aware of potential non-verbal signs and
indications of cyberbullying. These include 2.4.7 There are a range of strategies, including pupil-
depression, anxiety, or fear. Staff should be alert to centred strategies, which schools have successfully
children seeming upset after using the internet or adopted to both raise awareness of bullying issues
their mobile phone. This might involve subtle and offer pupils alternative reporting routes (see
comments or changes in relationships with friends. sections 4 and 5 of overarching Safe to Learn
They might be unwilling to talk or be secretive about guidance).
their online activities and mobile phone use.
2.4.8 Where peer support programmes are already
2.4.3 Making sure that all members of the school in place, we advise that schools check what
community recognise that asking for help from information is provided about cyberbullying and
a person with greater authority is not a failing or look at how cyberbullying can be included in
a weakness, but a strength which shows good training and awareness.
judgement. No one should feel that they have to
deal with cyberbullying alone. 2.4.9 Setting up a cyberbullying taskforce, made
up of pupils of all ages who are helped to identify
2.4.4 Because reporting can be difficult, it is what the problems are and develop solutions in
important to have different ways for reporting conjunction with teaching staff, is a great awareness
cyberbullying incidents. Making reporting as easy raising activity. It could also be carried out within
as possible, and making sure everyone knows how existing groups – such as the school student
they can report incidents is also an excellent way of council or an existing bullying or healthy schools
raising awareness that cyberbullying is unacceptable. student group.
Publicising school reporting routes Bystanders

Do not overlook the role and responsibility of
2.4.5 Schools are advised to provide parents and bystanders. In cases of cyberbullying, bystanders or
carers with information about cyberbullying policies, ‘accessories’ to the bullying have a more active role –
procedures and activities, and opportunities for they may forward on messages, contribute to
becoming involved in these. This could be done in discussions in a chat room, or take part in an online
several ways – through an assembly or event which poll. So even though they may not have started the
parents are invited to attend, through letters home bullying or think of themselves as bullying, they are
and by posting information on the school website. active participants, making the situation worse and
Children, young people and parents will need compounding the distress for the person subjected
information about all the ways they can report to the bullying.
concerns and incidents and what they should expect
to happen in return. We know from talking to children that one of their
biggest fears in reporting incidents they know about
2.4.6 It is important to make sure that all staff, is that they will become the target of bullying. Schools
including support staff, know who they should talk can involve children and young people in developing
to if they become aware of or suspect cyberbullying ‘bystander guidelines’ that provide information about
is taking place, and they understand how important the responsibilities of bystanders in cyberbullying
reporting any cases can be. incidents.
GUIDANCE 27
Signpost information about external enjoyable (see ‘Understanding cyberbullying’

reporting routes section).
2.4.10 It may be appropriate to report incidents of 2.5.3 Developing an organisational culture of

cyberbullying directly to the internet service confident ICT users supports innovation, e-safety and
provider or mobile phone companies. There are digital literacy skills, and helps to combat misuse and
websites that provide contact details17 and schools high-risk activities.
can provide this information by letter to parents or
from an area on their own websites. See our section Review existing staff development targets
on ‘Responding to cyberbullying’ for information on and opportunities
specific providers and technologies relating to
reporting incidents, deleting accounts and getting 2.5.4 Technology is successfully being used to
offensive materials removed. support engaging, positive and effective learning,
and to realise and increase the potential of
An example of one service provider: personalised learning. The embedding of
“AOL offers bullying and general online safety advice appropriate technologies within learning and
on our Kids and Teens channels and younger AOL teaching practice is a powerful tool which can be
users can also speak to our agony aunt and uncle. In used to enhance learning opportunities for all –
addition, we clearly signpost how users can report making learning more flexible, creative, accessible
any inappropriate activity they come across. These and engaging. Staff development around e-learning
reports are sent to AOL’s Conditions of Service team, and technology provides a great opportunity for
which reviews them and takes the appropriate action”. staff to both develop their own practice creatively
and to support children and young people in their
2.5 PROMOTING THE POSITIVE USE OF safe and responsible use.
TECHNOLOGY
2.5.5 As part of the performance management
2.5.1 It is important for the adults in the school process line managers will be working with teachers
community to understand how children and young to identify what professional development might
people think about and use technology. ICT is help them develop their practice further. Where
increasingly recognised as an essential life skill, and appropriate, schools should look at e-safety issues
embedding technology across the curriculum and as an important component of technology for
in learning and teaching delivery provides education for all members of the school community
opportunities and benefits for both learners and including school leaders and governors, as well as
staff members. teachers, support staff and extended schools
provision staff.
2.5.2 New technologies are being developed all the
time, so keeping up-to-date and informed about Promote e-safety and digital literacy
young people’s use of technologies, as well as their
potential abuse and risks, is very important. While 2.5.6 Explore safe ways of using technology with
children and young people are experts on their own learners to support self-esteem, assertiveness, and
use and can be a valuable source of information participation and to develop friendships. Young
about the technology, they may not necessarily people are more likely to report the misuse of
understand all of the risks involved and the strategies technology in an environment where positive use
for keeping their experience of technology safe and is promoted.
17 See, for example, www.stoptextbully.com.

2.5.7 Appropriate, safe and responsible behaviour in • The SMART Rules – five rules for keeping in
online environments may not be something that control of one’s online activity. For Primary
your learners have previously discussed or been schools see www.kidsmart.org.uk/yp/smart/
supported in. Look at the ways in which you can default; for secondary schools, see
support and discuss ‘netiquette’, e-safety and www.chatdanger.com/smart.
digital literacy.
• For a resource for parents developed with
2.5.8 Ensure that all staff and students are aware of the DfES (now DCSF), see
the importance of keeping passwords confidential http://www.childnet-int.org/kia/parents/.
and user accounts secure. It is also important that
everyone knows how to properly log out of accounts, • For a resource on online security developed
and that students and staff members never leave by a young person for young people see
logged in accounts unattended. www.childnet-int.org/sorted/.
Password protection: Review how the school network

Everyone in the school community needs to is monitored
understand the importance of keeping account
information private and secure – for example, by 2.5.10 The ability to conduct searches of internet
using hard-to-guess passwords and changing them use records at school is an important part of being
frequently. Children who have online accounts of any able to investigate incidents of cyberbullying (see
kind need to be aware that they should never share ‘Responding to cyberbullying’ section). Your school
their passwords (exceptions here could include a may want to review and investigate available
parent or carer, teacher or ICT support staff member software, for example monitoring software and key
at school), and never let anyone use their accounts. logging programmes. It is important that learners are
aware of what monitoring procedures are in place.
The school’s Acceptable Use Policy (AUP) – the Knowing that the school is taking such steps may
agreement between pupils and the school which also act as a disincentive for bullies to misuse school
outlines the responsibilities of learners using the equipment and systems. However, it is important to
school’s computer network and equipment – may remember that using technology to monitor, block
usefully refer to password privacy (see item H in the or filter activity at school is only a partial solution.
‘Resources’ section for an example AUP). We also
advise that it is covered in any internet safety lessons 2.6 EVALUATING THE IMPACT OF
or induction to school accounts that might be PREVENTION ACTIVITIES
password protected (e.g. the VLE).
2.6.1 Tackling cyberbullying is an ongoing process,
2.5.9 Childnet International has produced a range and to get the most out of your prevention activities
of resources which can be used in the classroom regular reviews of impact are vital. Cyberbullying
or to support individual learners, staff members should be included in your review processes, and
and parents: included wherever appropriate in new policies.
Monitoring your impact is an important way of
• For Primary schools, see www.kidsmart.org.uk. marking and celebrating your school’s progress.
For secondary schools, see
www.childnet-int.org/kia/schools/.
GUIDANCE 29
2.6.2 The school should consider how it might most

effectively measure the impact of prevention
activities, and how it will communicate findings to
the whole-school community. It is important to
remember that when an issue is initially made visible
and people feel safe to discuss and identify incidents,
it is likely that the school will see the number of
reports go up. It is important to communicate to
parents and the whole-school community why this
happens in the short term, and to recognise that
reducing incidents is a longer-term goal.
Conduct a regular survey
2.6.3 The Children’s Commissioner has

recommended that all schools conduct an annual
survey of pupil’s experiences of bullying18.
Cyberbullying incidents could be included in such
a survey. This will provide schools with a good
overview of how common cyberbullying incidents
are amongst pupils, and highlight any areas that
need particular attention. It will also provide you
with a broad measure against which you can check
the progress and impact of your prevention
activities.
2.6.4 Many schools already use student and staff

satisfaction surveys. It is useful also to conduct a
parent satisfaction survey. Asking questions about
cyberbullying will provide you with an indication
about awareness and the success of your prevention
work. The Anti-Bullying Alliance (ABA) Audit
questionnaires are useful tools for evaluation19.
Publicise progress and activities to the

whole-school community
2.6.5 The staff members responsible for behaviour

and anti-bullying can review cyberbullying
prevention on an ongoing basis. Make sure you
keep parents informed, by letter home and via the
school website of your activities and the impact you
are making.
18 Bullying Today: A report by the Office of the Children's Commissioner (November 2006): www.childrenscommissioner.org/adult/consultationresponses.
cfm?id=1920.
19 www.anti-bullyingalliance.org.uk
3. Responding to
cyberbullying
This section is designed to provide advice to schools • Impact – the scale and scope of cyberbullying
on the options available for responding to incidents can be greater than other forms of bullying.
of cyberbullying.
• Targets and perpetrators – the people involved
3.1 CYBERBULLYING IS A FORM may have a different profile to traditional bullies
OF BULLYING and their targets.
3.1.1 It is important to recognise that cyberbullying • Location – the 24/7 and anyplace nature of
is a form of bullying, and as such schools should cyberbullying.
already be equipped to deal with the majority of
cyberbullying cases through their existing anti- • Anonymity – the person being bullied will not
bullying and behaviour policies and procedures (see always know who is attacking them.
the ‘Preventing cyberbullying’ section for information
on including cyberbullying in these policies). • Motivation – some pupils may not be aware that
what they are doing is bullying.
3.1.2 In all cases of bullying, incidents should be
properly documented, recorded and investigated; • Evidence – unlike other forms of bullying, the
support should be provided for the person being target of the bullying will have evidence of its
bullied; other staff members and parents should be occurrence.
informed as appropriate; and those found to be
bullying should be interviewed and receive For more information on the differences between
appropriate sanctions. cyberbullying and other forms of bullying, see
section 1.4 of the ‘Understanding cyberbullying’
3.1.3 There are particular features of cyberbullying chapter).
that differ from other forms of bullying and need
to be recognised and taken into account when
determining how to respond effectively. The key
differences are:
GUIDANCE 31
Responding to cyberbullying
3.1.4 Practices and procedures to report and receive or see the message, or that they were not
respond to incidents of bullying and discrimination bothered by it. Instead, the person should keep the
should already be in place in the school, and the evidence and take it to their parent or a member of
majority of cyberbullying cases will be effectively staff (see section 3.3 on preserving evidence).
dealt with within existing protocols.
3.2.4 Advise the pupil to think about the information
3.1.5 In addition to existing procedures, staff should they have in the public domain and where they go
be particularly aware of the following during any online. It is important that pupils are careful about
response to cyberbullying incidents: who they give their mobile phone number to, and
that they consider whether they should stay
• Supporting the person being bullied members of chatrooms, for example, where people
are treating them badly.
• Recording and investigating incidents
3.2.5 Advising the child to change their contact
• Working with the bully and sanctions details, such as their Instant Messenger identity or
mobile phone number, can be an effective way of
3.2 SUPPORT FOR THE PERSON stopping unwanted contact. However, it is important
BEING BULLIED to be aware that some children may not want to do
this, and will see this as a last resort for both practical
3.2.1 As with other forms of bullying the target of and social reasons, and they may feel that they are
cyberbullying may be in need of emotional support. being punished.
Key principles here include reassuring them that
they have done the right thing by telling someone; Try to contain the incident
recognising that it must have been difficult for them
to deal with; and reiterating that no-one has a right 3.2.6 Some forms of cyberbullying involve the
to do that to them. Refer to any existing pastoral distribution of content or links to content, which can
support/procedures for supporting those who have exacerbate, extend and prolong the bullying. There
been bullied in the school, and refer them to helpful are advantages in trying to contain the ‘spread’ of
information and resources (see section 4 of the this. If bullying content, e.g. embarrassing images,
overarching anti-bullying guidance, Safe to Learn). have been circulated, it is important to look at
whether this content can be removed from the web.
3.2.2 Taking steps to ensure the school adopts a
culture that does not tolerate cyberbullying can help 3.2.7 Some steps can be taken to try to stop it
to make the target of cyberbullying feel safe (see spreading:
section on ‘Preventing cyberbullying’).
• The quickest and most effective route to getting
Advice on online empowerment inappropriate material taken down from the
web will be to have the person who originally
3.2.3 It is important to advise the person being posted it remove it. If you know who the person
bullied not to retaliate or return the message. responsible is, ensure that they understand why
Replying to messages, particularly in anger, is the material is hurtful and ask them to remove it
probably just what the bully wants, and by not (see section 3.3 for advice on preserving
replying the bully may think that the target did not evidence).
Quote from a parent: Preventing recurrence (e.g. blocking or

changing contact details)
“Thankfully my son’s school were very helpful, they
identified the child who posted the video from 3.2.9 There are some steps that the person being
another video he had posted, they have disciplined bullied can take, depending on the service that the
the other child and had him remove the video, in fact bully has used, which can allow users to manage
they took the matter very seriously and also had who they share information with and also who can
any users who had posted anything with reference contact them. These features can help a person
to the school remove their videos so that was being bullied to stop further contact from the person
very reassuring.” harassing them. For example, blocking the person
from their email or instant messenger buddy list will
• Contact the host (e.g. social networking site) to mean that they will not receive messages from that
make a report to get the content taken down particular sender anymore.
(see ‘When and how to contact the service
provider’ below). The material posted may 3.2.10 Pupils or their parents should be advised
breach the service provider’s terms and to contact the service provider or host (i.e. the
conditions of use and can then be removed. chatroom, the social network provider, or mobile
operator) to inform them of what has happened, and
• Confiscation of phones containing offending get their advice on how to stop this happening
content / asking pupils to delete the content again. The service provider may be able to block
and say who they have sent it on to. School staff particular senders or callers (for landlines), or advise
can confiscate a mobile phone as a disciplinary on how to change contact details, and potentially
penalty, and have a legal defence in respect of delete the accounts of those that are abusing the
this in the Education and Inspections Act 2006 service. This following section outlines what each
(s 94). However, staff do not have a right to search service provider can do and gives details on how to
through pupils’ mobile phones unless the contact them.
school’s behaviour policy expressly provides for
this and the pupil is reasonably suspected of When and how to contact the service
involvement in an incident of cyberbullying provider
which is of a sufficiently serious nature (see
section on Education Law for more information). Mobile phones
3.2.11 All UK Mobile operators have nuisance call
• Contact the police in cases of actual/suspected centres set up and/or procedures in place to deal
illegal content. The police will be able to with such instances. The responses may vary, but
determine what content is needed for evidential possibilities for the operator include changing the
purposes, potentially allowing the remaining mobile number of the person being bullied so that
content to be deleted. the bully will not be able to continue to contact them
without finding out their new number. It is not
3.2.8 As previously stated, members of the school always possible for operators to bar particular
workforce, as well as pupils, have been bullied online, numbers from contacting the phone of the person
with insulting comments and material posted about being bullied, although some phone handsets
them. This material should be dealt with seriously themselves do have this capability. Action can be
and incidents contained in the ways described above taken against the bully's phone account (e.g.
to ensure the well-being of staff. blocking their account), only with police
involvement.
GUIDANCE 33
3.2.12 Details of how to contact the phone reporting features will be within the profiles
operators: themselves, so they are 'handy' for the user. If social
networking sites do receive reports about
• O2: 08705214000 or ncb@O2.com cyberbullying, they will investigate and can remove
content that is illegal or breaks their terms and
• Vodafone: call customer services on 191 from conditions in other ways. They may issue conduct
a Vodafone phone or on any other phone call warnings and they can delete the accounts of those
08700700191 for Pay Monthly customers or on that have broken these rules. It is also good practice
08700776655 for Pay As You Go customers. for social network providers to make clear to the
users what the terms and conditions are for using
• 3: call 333 from a 3 phone, or 08707 330 333. the service, outlining what is inappropriate and
unacceptable behaviour, as well as providing
• Orange: call 450 on an Orange phone or 07973 prominent safety information so that users know
100450 for Pay As You Go customers; call 150 how to use the service safely and responsibly.
from an Orange phone or 07973 100150 for
Pay Monthly customers. 3.2.16 Contacts of some social network providers:
• T-Mobile: call customer services on 150 from • Bebo: reports can be made by clicking on a
your T-Mobile phone or on 0845 412 5000 from ‘Report Abuse’ link located below the user’s
a landline, or email using the 'how to contact us' profile photo (top left hand corner of screen) on
section of the T-Mobile website at www.t- every Bebo profile page. Bebo users can also
mobile.co.uk. report specific media content (i.e. photos, videos,
widgets) to the Bebo customer services team by
Social networking sites clicking on a ‘Report Abuse’ link located below
(e.g. Bebo, MySpace, Piczo) the content they wish to report. Users have the
3.2.13 It is normally possible to block / ignore option to report suspicious online activity
particular users on social networking sites, which directly to the police by clicking the 'Report
should mean the user can stop receiving unwanted Abuse' link and then clicking the 'File Police
comments. Users can do this from within the site. Report' button.
3.2.14 Many social network providers also enable • MySpace: reports can be made via the ‘Contact
users to pre-moderate any comments left on their MySpace’ link, which is accessible at the bottom
profile before they are visible by others. This can help of the MySpace homepage (http://uk.myspace.
a user prevent unwanted or hurtful comments com/), and at the bottom of every page within
appearing on their profile for all to see. The user can the MySpace site.
also set their profile to ‘Private’, so that only those
authorised by the user are able to access and see • Piczo: reports can be made within the service
their profile. (there is a ‘Report Bad Content’ button at the top
of every member page). At the bottom of the
3.2.15 It is good practice for social network home page and on the ‘Contact Us’ page there is
providers to make reporting incidents of a link to a ‘Report Abuse’ page. The ‘Report Abuse’
cyberbullying easy, and thus have clear, accessible page can be found at http://pic3.piczo.com/
and prominent reporting features20. Many of these public/piczo2/piczoAbuse.jsp.
20 The Home Office are publishing good practice guidance for social networking providers, drawn up by social network providers, children’s charities and
others, see http://www.police.homeoffice.gov.uk/operational-policing/crime-disorder/child-protection-taskforce

Instant Messenger (IM) (e.g. Windows Live 3.2.21 Contacts of some email providers:
Messenger or MSN Messenger)
3.2.17 It is possible to block users21, or change • Hotmail: there is an online contact form at http://
Instant Messenger IDs so the bully is not able to support.msn.com/default.aspx?mkt=en-gb.
contact their target any more. Most providers will
have information on their website about how to do • Gmail: there is an online contact form at https://
this. In addition, the Instant Messenger provider can services.google.com/inquiry/gmail_security4.
investigate and shut down any accounts that have
been misused and clearly break their terms of • Yahoo! Mail: there is a ‘Help’ link available to users
service. The best evidence for the service provider is when logged in, which contains a reporting
archived or recorded conversations, and most IM form. This can also be seen at http://help.yahoo.
providers allow the user to record all messages22. com/l/uk/yahoo/mail/yahoomail/abuse/general.
html?from_url=http://help.yahoo.com/l/yahoo/
3.2.18 It is also good practice for Instant Messenger mail/yahoomail/abuse/abuse-15.html.
providers to have visible and easy-to-access
reporting features on their service (see the Home Video-hosting sites
Office good practice guidance for Instant Messenger 3.2.22 It is possible to get content taken down from
providers23). video-hosting sites, though the content will need to
be illegal or have broken the terms of service of the
3.2.19 Contacts of some IM providers: site in other ways. On YouTube, perhaps the most
well-known of such sites, it is possible to report
• MSN: when in Windows Live Messenger, clicking content to the site provider as inappropriate. In order
the ‘Help’ tab will bring up a range of options, to do this, you will need to create an account (this is
including ‘Report Abuse’ and there is also an free) and log in, and then you will have the option to
online feedback form at http://support.msn. ‘flag content as inappropriate’. The option to flag the
com/default.aspx?mkt=en-gb to report on a content is under the video content itself.
range of products including MSN Messenger.
3.2.23 YouTube provides information on what is
• Yahoo!: when in Yahoo! Messenger, clicking the considered inappropriate in its terms of service, see
‘Help’ tab will bring up a range of options, www.youtube.com/t/terms section 5C.
including ‘Report Abuse’.
Chatrooms, individual website owners / forums,
E-mail providers (e.g. hotmail and GMail) message board hosts
3.2.20 It is possible to block particular senders24, and 3.2.24 Most chatrooms should offer the user the
if the bullying persists an alternative is for the person option of blocking or ignoring particular users. Some
being bullied to change their email addresses. The services may be moderated, and the moderators will
email provider will have information on their website warn users posting abusive comments or take down
about how to create a new account. content that breaks their terms of use. It is good
practice for chat providers to have a clear and
21 See www.chatdanger.com/messenger/safetyadvice_learn2.aspx
22 See www.chatdanger.com/messenger/safetyadvice_learn.aspx
23 See http://police.homeoffice.gov.uk/news-and-publications/publication/operational-policing/ho_model.pdf?view=Binary
24 See www.chatdanger.com/email/learn1.aspx
GUIDANCE 35
prominent reporting mechanism to enable the user • On mobiles, ensure the person being bullied
to contact the service provider25. Users that abuse keeps / saves any messages, whether voice,
the service can have their account deleted. image or text. Unfortunately forwarding
messages, for example to a staff member’s
Case study: phone, will result in information from the original
One young person was befriended by another player message, such as the sender’s phone number,
on a gaming site, who initially wanted to trade game being lost.
items and was friendly. When the young person
declined the trade, the other player became nasty and • On instant messenger, some services allow the
started threatening and swearing. The young person user to record all conversations. The user could
took a ‘Print Screen’ copy of the abusive text and also copy and paste, save and print these26. When
blocked the other player to prevent any further reporting to the service provider, or even to the
contact. They also reported the players name and police, copied and pasted conversations are less
conduct to the game site administrator. useful as evidence, as this can easily be edited.
Conversations recorded / archived by the instant
3.3 INVESTIGATION messaging service are better for evidence here.
Conversations can also be printed out in hard
Preserve the evidence copy or sections can be saved as a screen grab.
3.3.1 Schools should advise pupils and staff to try to • On social networking sites, video-hosting sites, or
keep a record of the abuse: particularly the date and other websites, keep the site link, print page or
time; the content of the message(s); and where produce a screen grab of the page and save it. To
possible a sender’s ID (e.g. username, email, mobile take a copy of what appears on the screen, press
phone number) or the web address of the profile / Control and Print Screen, and then paste this into
content. Taking an accurate copy or recording of the a word-processing document.
whole web-page address, for example, will help the
service provider to locate the relevant content. • On chatrooms, print the page or produce a
screen grab of the page. To take a copy of what
3.3.2 Keeping the evidence will help in any appears on the screen, press Control and Print
investigation into the cyberbullying by the service Screen, and then paste this into a word-
provider, but it can also be useful in showing what processing document.
has happened to those who may need to know,
including parents, teachers, pastoral care staff, and • On email, ask the person being bullied to print it;
the police. forward the message on to the staff member
investigating the incident; and encourage them
How to do this to continue to forward and save any subsequent
messages. Preserving the whole message, and
3.3.3 It is always useful to keep a written record, not just the text, is more useful, as this will
but it is better to save evidence of bullying on the contain ‘headers’ (information about where the
device itself: message has come from)27.
25 See http://police.homeoffice.gov.uk/news-and-publications/publication/operational-policing/ho_model.pdf?view=Binary
26 See www.chatdanger.com/messenger/safetyadvice_learn.aspx
27 See www.fkbko.co.uk/EN.php?lang=EN&&subject=3&&id=43&&level=2
A note about images: it was? Contact the school ICT staff or ICT
If images are involved in the cyberbullying, it is support to see if this is possible.
important to ascertain if these might be illegal or raise
child protection concerns. Indecent or sexual images • Are there identifiable witnesses that can be
of children (defined as people under the age of 18) interviewed? There may be children who have
are illegal to produce, circulate or possess in the UK. visited the offending site and left comments,
These include images that children have taken of for example.
themselves or their friends, using their mobile phone
for example. • If the bullying was not carried out on the school
system, was it carried out on a mobile or a
Contact: particular internet service (e.g. IM or social
networking site)? As discussed, the service
• Internet Watch Foundation, if the images are provider, when contacted, may be able to take
internet content (see www.iwf.org.uk). some steps to stop the abuse by blocking the
aggressor or removing content it considers
• The local police if illegal images have been taken of defamatory or breaks their terms of service.
a child and circulated. However, the police will need to be involved to
enable them to look into the data of another
Similarly if there is a recording of a crime, e.g. assault user (see below).
on another child, contact the local police.
• If the bullying was via mobile phone, has the
If the images are not illegal or of an illegal act, then bully withheld their number? If so, it is important
steps can be taken to try to contain the incident (see to record the date and time of the message and
‘Try to Contain the Incident’ above). contact the mobile operator. Steps can be taken
to trace the call, but the mobile operator can
Identifying the bully only disclose this information to the police, so
police would need to be involved. If the number
3.3.4 Although the technology seemingly allows is not withheld, it may be possible for the school
anonymity, there are ways to find out information to identify the caller. For example, another
about where bullying originated. However, it is student may be able to identify the number or
important to be aware that this may not necessarily the school may already keep records of the
lead to an identifiable individual. For instance, if mobile phone numbers of their pupils. Content
another person’s phone or school network account shared through a local wireless connection on
has been used, locating where the information was mobile phones does not pass through the
originally sent from will not, by itself, determine who service providers’ network, and is much harder
the bully is. There have been cases of people using to trace (see ‘Brief introduction to technology’
another individual’s phone or hacking into their IM section). Similarly text messages sent from a
or school email account to send nasty messages. website to a phone also provide difficulties for
tracing for the internet service or mobile
3.3.5 In cases where you do not know the identity of operator.
the bully, some key questions to look at:
• Has a potential criminal offence been
• Was the bullying carried out on the school committed? If so, the police may have a duty to
system? If yes, are there logs in school to see who investigate. Police can issue a RIPA (Regulation of
GUIDANCE 37
Investigatory Powers Act 2000) request to a 3.4 WORKING WITH THE BULLY AND
service provider, enabling them to disclose the APPLYING SANCTIONS
data about a message or the person sending
a message. This may help to identify the bully. 3.4.1 Once the person responsible for cyberbullying
Relevant criminal offences here include has been identified, it is important that – as in other
harassment and stalking, threats of harm or cases of bullying – sanctions are applied, and the
violence to a person or property, any evidence range of sanctions include all those that are used in
of sexual exploitation (for example grooming response to other forms of bullying.
or inappropriate sexual contact or behaviour).
A new national agency called the Child 3.4.2 Steps should be taken to change the attitude
Exploitation and Online Protection Centre and behaviour of the bully, as well as ensuring access
(CEOP) was set up in 2006 to deal with child to any support that they may need.
sexual exploitation, and it is possible to report
directly to them online at www.ceop.gov.uk. 3.4.3 When determining the appropriate response
However, it is important to note that it is the and proportionate sanctions, it is important to
sexual exploitation of children and young consider the ways in which cyberbullying incidents
people, not cyberbullying, which forms the might differ in impact to other forms of bullying. The
remit of CEOP. key considerations here may include attempts by the
bully to disguise their identity; the public nature of
Information about cyberbullying and posted material (and the extent of the humiliation);
civil and criminal laws: and the difficulty in controlling copies of the material
It is very important for schools to take cyberbullying (the difficulty in gaining closure over the event).
seriously. It can be a very serious matter and can
constitute a criminal offence. Although bullying or 3.4.4 It should also be recognised, where induction
cyberbullying is not a specific offence in UK law, there and education activities are not in place, that some
are criminal laws that can apply in terms of cyberbullying has been known to be unintentional
harassment, for example, or threatening behaviour, or or at least carried out with little awareness of the
indeed – particularly for cyberbullying – threatening consequences. Determining appropriate sanctions
and menacing communications. See section on civil for incidents will then require sensitivity to the
and criminal law for more detail. impact on the person being bullied as well as any
misunderstanding or thoughtlessness on the part
Investigating allegations against staff of the cyberbully.
3.3.6 Some messages might allege abuse against a 3.4.5 Consideration should also be given to the
teacher or other member of staff. Online allegations possibility that the cyberbullying could be a part
should be handled in the same way as other of retaliation to previous bullying endured by
allegations against staff, following the guidance the perpetrator.
in chapter 5 of Safeguarding Children and Safer
Recruitment in Education28. The Department is
currently reviewing its guidance on handling
allegations against staff, and the issue of online
allegations is being considered as part of this review.
28 See http://publications.teachernet.gov.uk/default.aspx?PageFunction=productdetails&PageMode=publications&ProductId=DFES-04217-2006&
Sanctions for bullying behaviour Working with the bully
3.4.6 The aim of sanctions is to: 3.4.10 It is important to ensure that the bully is
helped to recognise the consequences of their
• Help the person harmed to feel safe again and actions, to help change their attitude, behaviour and
be assured that the bullying will stop. the way they use technology. Effective steps can be
taken here that reflect work done with other bullying
• Hold the perpetrator to account, getting them to behaviour, including measures like restorative justice.
recognise the harm caused and deter them from These are discussed in section 4 of the overarching
repeating the behaviour. Safe to Learn guidance.
• Demonstrate to the school community that

cyberbullying is unacceptable and that the
school has effective ways of dealing with it, so
deterring others from behaving similarly.
3.4.7 In addition to any sanctions that are in existing

anti-bullying / behaviour policies, it is important to
refer to any Acceptable Use Policy or agreement for
internet and mobile use, and apply sanctions for
breaches where applicable and practical.
3.4.8 Technology specific sanctions for pupils

engaged in cyberbullying behaviour could include
limiting internet access for a period of time or
removing the right to bring a mobile phone into
school (although issues of child safety should be
considered in relation to the latter). For an example
of how one school has technology specific sanctions,
see item F in the ‘Resources’ section for a letter sent
out to all the parents of one school outlining the
sanctions that are in place.
3.4.9 For more information on disciplinary sanctions

in general, see the School Discipline and Pupil
Behaviour Policies guidance29.
FURTHER RESOURCES 39
CYBERBULLYING:
Further resources
A. Key advice to
parents and carers
on cyberbullying
When a child is the target of cyberbullying – bullying Use the tools

via mobile phone or the internet – they can feel Most software and services on the internet have in-
alone and very misunderstood. It is therefore vital built safety features. Knowing how to use them can
that as a parent or carer you know how to support prevent unwanted contact. For example, Instant
your child if they are caught up in cyberbulling. This Messenger services such as MSN Messenger have
short guide will help you. features which allow users to block others on their
contact list and conversations can be saved on most
1) PREVENT CYBERBULLYING Instant Messenger services. Social networking sites
such as MySpace and Bebo also have tools available
Where to start – young people can keep their profile set to ‘private’,
The best way to deal with cyberbullying is to prevent for example, so that only approved friends can see it.
it happening in the first place. Although it may be
uncomfortable to accept, you should be aware that With bullies using text and picture messaging, it is
your child may as likely cyberbully as be a target of also important to check with your children’s internet
cyberbullying and that sometimes children get or mobile phone provider to find out what
caught up in cyberbullying simply by not thinking protections they can offer, including whether it is
about the consequences of what they are doing. It is possible to change your mobile number.
therefore crucial that you talk with your children and
understand the ways in which they are using the
internet and their mobile phone. In this guide there is
an anti-cyberbullying code which contains seven key
messages for children, which you may find a helpful
starting point for a discussion with them about
issues, such as being careful about posting images
on personal websites and where to go to get help.
A. Key advice to parents and carers on cyberbullying
2) RESPONDING TO CYBERBULLYING • The police: If the cyberbullying is serious and a

potential criminal offence has been committed
It is vital that you have strategies to help your child you should consider contacting the police.
if they come to you saying that they are being Relevant criminal offences here include
cyberbullied. harassment and stalking, threats of harm or
violence to a person or property, any evidence
The anti-cyberbullying code of sexual exploitation, for example grooming,
Start by teaching your children the seven key distribution of sexual images or inappropriate
messages in the anti-cyberbullying code (see item B). sexual contact or behaviour.
This includes advice on not replying or retaliating to
cyberbullying, as well as not assisting a cyberbully by See item D for a list of useful websites and
forwarding a message, even as a joke. resources.
Keep the evidence

Keeping the evidence of cyberbullying is helpful
when reporting an incident and may help in
identifying the bully. This means keeping copies
of offending emails, text messages or online
conversations.
Reporting cyberbullying
There are a number of organisations that can help
you if you need to report incidents of cyberbullying:
• The school: If the incident involves a pupil or

pupils at your child’s school, then it is important
to let the school know. All schools have a legal
duty to have measures in place to support the
person being bullied and to apply disciplinary
sanctions to the pupil doing the bullying.
Schools are increasingly updating these policies
to include cyberbullying.
• The provider of the service: Most service

providers have complaints and abuse policies
and it is important to report the incident to the
provider of the service – i.e. the mobile phone
operator (e.g. O2 or Vodafone), the instant
messenger provider (e.g. MSN Messenger or
AOL), or the social network provider (e.g. Bebo or
Piczo). Most responsible service providers will
have a ‘Report Abuse’ or a nuisance call bureau,
and these can provide information and advice
on how to help your child.
B. Key advice to children

and young people on
cyberbullying
ANTI-CYBERBULLYING CODE 2) Think before you send

It is important to think before you send any images
Being sent an abusive or threatening text message, or text about yourself or someone else by email or
or seeing nasty comments about yourself on a mobile phone, or before you post information on
website can be really upsetting. This code gives you a website. Remember that what you send can be
seven important tips to protect yourself and your made public very quickly and could stay online
friends from getting caught up in cyberbullying and forever. Do you really want your teacher or future
advice on to how to report it when it does happen. employer to see that photo?
1) Always respect others 3) Treat your password like your toothbrush

Remember that when you send a message to Don’t let anyone know your passwords. It is a good
someone you cannot see the impact that your words idea to change them on a regular basis. Choosing
or images may have on the other person. That is why hard-to-guess passwords with symbols or numbers
it is important to always show respect to people and will help stop people hacking into your account and
be careful what you say online or what images you pretending to be you. Remember to only give your
send. What you think is a joke may really hurt mobile number or personal website address to
someone else. Always ask permission before you trusted friends.
take a photo of someone.
4) Block the Bully
If you receive a rude or nasty message or picture Most responsible websites and services allow you
about someone else, do not forward it. You could to block or report someone who is behaving badly.
be assisting a bully, and even be accused of Make use of these features, they are there for
cyberbullying yourself. You could also be breaking a reason!
the law.
5) Don’t retaliate or reply!
Replying to bullying messages, particularly in anger,
is just what the bully wants.
B. Key advice to children and young people on cyberbullying
6) Save the evidence

Learn how to keep records of offending messages,
pictures or online conversations. These will help you
demonstrate to others what is happening, and can
be used by your school, internet service provider,
mobile phone company, or even the police, to
investigate the cyberbullying.
7) Make sure you tell

You have a right not to be harassed and bullied
online.
There are people that can help:
• Tell an adult you trust, who can help you to

report it to the right place, or call a helpline like
ChildLine on 0800 1111 in confidence.
• Tell the provider of the service you have been

bullied on (e.g. your mobile phone operator or
social network provider). Check their websites to
see where to report.
• Tell your school. Your teacher or the anti-bullying

co-ordinator at your school can support you and
can discipline the person bullying you.
Finally, don’t just stand there – if you see

cyberbullying going on, support the victim and
report the bullying. How would you feel if no-one
stood up for you?
C. What children and

young people say
What did children and young people Reasons given for why young people
tell us about their experiences of might not tell someone they are being
cyberbullying? cyberbullied:
During the consultation process, carried out while • They were scared of making the situation worse,
developing this guidance for schools, Childnet staff for themselves or for other people.
talked to primary- and secondary-aged pupils
from London and Leicester about their views on • They had been threatened about what would
cyberbullying. These views are included to give happen if they did tell anyone.
a young person’s perspective on the issue of
cyberbullying. • They felt ashamed about their own behaviour.
Many of the pupils had experienced cyberbullying • If it was something rude, they often did not want
personally, or had friends who had been to tell their mum – they felt too embarrassed to
cyberbullied. The vast majority of the children and have conversations about things like that.
young people used mobile phones and the internet
on a regular basis. Most of them believed that they • They were worried it might be their fault and
understood the technology better than their that they would also get punished, or that they
teachers and parents, and many reported helping had done something to deserve it.
teachers or parents with mobile phones and
websites. • They were worried that grown-ups would not
understand what had happened to them and
that they would not be able to explain it
properly.
• They were worried that grown-ups would be

dismissive of cyberbullying because it ‘was only
words’ and that their feelings would be
dismissed as silly.
C. What children and young people say
• They were scared that the person cyberbullying • Many of the children said that they would report
them might hurt them physically. what had happened to the people running the
website or to the phone company.
• They didn’t know who to tell.
• Giving advice to the person being cyberbullied
• They felt “closed up inside”, and didn’t know how was seen as a useful thing that they could do –
to explain what was happening to them. this included telling the person being bullied not
to reply or get involved; to save any messages;
• They felt too depressed to be able to do and to take ‘print screen’ images for evidence.
anything about the cyberbullying.
Approaches to be cautious of:
• The thing they were being cyberbullied about
was true and they didn’t want everyone to know. • Some children and young people said that
they would take responsibility for sorting the
• They were being ganged up on by a group and problem out themselves directly. This included
were too scared to tell anyone. talking with the person doing the cyberbullying
and trying to get them to see what they were
• They were worried that adults would not believe doing was wrong.
them.
• Some young people suggested passing the
What did children and young people say problem on to older brothers and sisters to
they would do to help someone they sort out.
knew was being cyberbullied?
Young people need to know that they are not
Positive approaches: expected to sort out problems on their own, but that
they will be helped and supported by adults.
• Some of the young people saw that supporting
and befriending the victim was very important – Dangerous Approaches:
making sure that the victim did not feel alone,
talking through what had happened with them • Some children and young people said that they
and trying to cheer them up. They identified that would cyberbully the person back, or beat up the
feeling isolated and depressed made positive person doing the cyberbullying.
action more difficult for the person involved.
• Others said that they would do nothing – they
• Nearly all the children and young people would be too scared of being bullied themselves
recognised that telling someone with more to get involved.
authority than them would be the best way to
help the victim. They named a range of people,
including the police, teachers, grown-ups they
liked, their parents, and their head teacher.
• In some cases they felt safer contacting expert

groups – they talked about phoning ChildLine,
and also emailing Childnet International.
D. Useful websites
and resources
Research • Get Connected – free confidential helpline for

young people (open 1pm-11pm every day).
• Research by Nathalie Noret (York St John) and Tel: 0808 8084994.
Professor Ian Rivers (Queen Margaret's University
Edinburgh), 200730. • Samaritans – helpline for those in distress,
offering multi-channel support.
• Research carried out for the Anti-Bullying Tel: 08457 90 90 90. Email: Jo@samaritans.org.
Alliance (ABA), Cyberbullying: its forms and impact SMS text: 07725 909090.
in secondary school pupils by P. Smith, J. Mahdavi
et al, 200631. Useful websites:
• MSN cyberbullying report, 200632. • Childnet – a range of resources for primary and
secondary schools, for children and young
• UK Children Go Online study by Sonia people, for teachers and for parents
Livingstone and Magdalena Bober (LSE), 200533. (www.childnet-int.org).
Helplines • StopText bully – a website dedicated to mobile

phone bullying, contains advice for young
• Childline – free 24 hour helpline for children and people including how to contact your operator
young people. Tel: 0800 1111. (www.stoptextbully.com).
• Kidscape – run a telephone advice line

exclusively for parents and carers giving advice
about bullying. Tel: 08451 205 204 (10am-4pm
weekdays).
30 See http://www2.yorksj.ac.uk/default.asp?Page_ID=4330
31 See http://www.dfes.gov.uk/research/data/uploadfiles/RBX03-06.pdf
32 See http://www.msn.co.uk/customercare/protect/cyberbullying/default.asp?MSPSA=1
33 See http://www.children-go-online.net
D. Useful websites and resources
• Cyberbullying.org – one of the first websites • Childnet International have a range of resources
set up in this area, for young people, providing for primary and secondary schools. The website
advice around preventing and taking action also has a sample family agreement which can
against cyberbullying. A Canadian-based site be printed out (see www.childnet-int.org/kia/
(www.cyberbullying.org). parents – click on see sample content from
Know IT All for Parents).
• Chatdanger – a website that informs about the
potential dangers online (including bullying), Good practice guidance
and advice on how to stay safe while chatting
(www.chatdanger.com). For the providers of internet services:
• The Home Office are publishing good practice
• Anti-Bullying Alliance – the Alliance brings guidance for social networking providers, drawn
together over 60 organisations into one network up by social network providers, children’s
with the aim of reducing bullying. Their website charities and others34.
has a parents section with links to recommended
organisations who can help with bullying issues • The Home Office have already published such
(www.anti-bullyingalliance.org.uk). guidance for chat, instant messenger and web-
based services providers35. And on moderating
• Many of the internet service providers, mobile interactive services36. These good practice
phone companies and social networking sites guidance documents contain a range of
have useful advice and safety tips for users and recommendations for service providers,
parents on their own websites. including around education of their users;
making reporting an easy and prominent facility
• Please see section I of the ‘Resources’ section for users; and providing tools for their users (such
in Safe to Learn, the over-arching anti- as blocking tools).
bullying guidance, for more organisations
that can help. For UK mobile operators:
• UK code of practice for the self-regulation of new
Internet safety resources forms of content on mobiles37. This code outlines
the mobile operators commitment to deal
• For more information on policies around ICT in vigorously with malicious communications.
schools, including Acceptable Use Policies (AUPs)
for staff and pupils, see www.becta.org.uk/
schools/esafety.
• The Child Exploitation and Online Protection

Centre (CEOP), has produced a set of resources
around internet safety for secondary schools called
Think U Know, see www.thinkuknow.co.uk. CEOP
also provide resources and training in delivering
the Think U Know presentation in schools.
34 see http://www.police.homeoffice.gov.uk/operational-policing/crime-disorder/child-protection-taskforce.
35 see http://police.homeoffice.gov.uk/news-and-publications/publication/operational-policing/ho_model.pdf?view=Binary
36 See http://police.homeoffice.gov.uk/news-and-publications/publication/operational-policing/moderation.pdf?view=Binary
37 See www.imcb.org.uk/assets/documents/10000109Codeofpractice.pdf
E. Case study:
letter inviting parents
to cyberbullying
information event
Dear Parent/Carer,
CYBER BULLYING PARENTS’ INFORMATION EVENING – TUESDAY 6TH MARCH 2007
Cyber Bullying is a form of bullying that is on the increase nationally. It is where a child is tormented,
threatened, harassed, humiliated, embarrassed or targeted by another child using the Internet, mobile phone,
or other type of digital technology. We do not have any specific concerns in relation to our own school, but we
do want to ensure that issues faced by children nationally are addressed.
Both the local education authority and the Cyberspace Research Unit (CRU) at the University of Central
Lancashire have encouraged our school to take a lead in this area, given their view of our strong record on
anti-bullying thus far.
With this in mind, we are holding an intensive full day Cyber Bullying Conference for all of our Year 9 pupils in
school on Wednesday, March 7th. During the four sessions, the students will be given valuable information
about how to deal with this type of bullying as well as being able to participate in workshops covering
various aspects of this unacceptable behaviour.
As Mossley Hollins is pioneering this type of event, representatives of Childline, Childnet, UCLAN, DfES and
Tameside MBC will be joining us on the day to share their expertise. Nationally, it has been noted that much of
this type of bullying occurs in the home via mobile phones and the internet and so it is vital that you, as
parents, are informed and aware of what steps you can take to prevent any such problem. Therefore, we
would like to invite you (no students) to attend an information giving evening on Tuesday, 6th March
in the School Arts Theatre at 6:30pm.
E. Case study: letter inviting parents to cyberbullying information event
We expect that this meeting will last for approximately one hour, but we really feel that it will be an hour well
spent and of great value.
Please make every effort to attend this meeting and we would be grateful if you could complete the attached
reply slip.
Thank you as always for your support.
Head of Upper School/Deputy Head of Year 9
I/we will/will not be attending the Cyber Bullying Information Meeting at 6:30pm on Tuesday 6th March.
Please return by Friday, 2nd March.
Refreshments will be provided.
Signed
Parent/Carer of Form
F. Case study:
information letter
on sanctions
Kesteven & Sleaford High School
Dear Parents/Guardians
As you may already know, as part of our procedures for monitoring unsafe activity on the internet and by
email, and in order to promote responsible computer use, the school monitors its network using a monitoring
software product. This system allows all student activity on our network to be monitored and inappropriate
use to be identified.
Use of this product has dramatically reduced instances of abuse on our network. However, when
inappropriate use occurs, the school has a framework of sanctions as outlined below:
Internet abuse: 2-4 weeks limited internet access, depending on the severity of the abuse.
Email abuse: 2-4 weeks withdrawal of email privileges, depending on severity.
Network abuse: 2-4 weeks limited access or total withdrawal depending on the severity.
Please note these sanctions have been designed so that they will not impact on the education of our
students. Limited internet access status confines the internet access to a predefined list of websites needed
for their studies. This list is maintained by department heads and is updated on a regular basis.
In serious instances a copy of the incident is sent home with an accompanying letter.
Although these incidents are a rarity, this framework of sanctions, accompanied in each case by an interview
with a member of the pastoral team, provides an opportunity to reinforce a responsible use ethic that will
prepare pupils for ICT use outside the school environment.
The school is happy to answer any questions about this policy, so please feel free to contact us if there is
anything you would like to discuss.
G. Case study: example acceptable use policy
G. Case study:
example acceptable
use policy
Mossley Hollins High School
Information and Communications Technology

Acceptable Use Policy
Pupil Guidelines for Internet Use
General
Pupils are responsible for good behaviour on the internet just as they are in a classroom or a school corridor.
General school rules apply.
The internet, primarily, is provided for pupils to conduct research and backup their work. Parents/carer’s
permission is required before a pupil is granted access. Access is a privilege, not a right and that access
requires responsibility.
Individual users of the internet are responsible for their behaviour and communications over the network.
Users must comply with school standards and honour the agreements they have signed.
Computer storage areas (including any external storage media you bring to school) will be treated like school
lockers. Staff may review files and communications to ensure that users are using the system responsibly.
Users should not expect that files stored on servers or storage media are always private.
During school, teachers will guide pupils towards appropriate materials. Outside of school, families bear
responsibility for such guidance as they must also exercise with information sources such as television,
telephones, movies, radio and other potentially offensive media.
The following are not permitted within the school environment:
1. Sending or displaying offensive messages or pictures.
2. Using obscene language.
3. Harassing, insulting or attacking others.
4. Damaging computers, computer systems or computer networks.
5. Violating copyright laws.
6. Using others’ passwords or accounts
7. ‘Hacking’ into others’ folders, work or files for any reason.
8. Intentionally wasting limited resources, including printer ink and paper.
Sanctions
1. Violations of the above rules will result in a temporary or permanent ban on internet/computer use.
2. Your parents/carers will be informed.
3. Additional disciplinary action may be added in line with existing practice on inappropriate language or
behaviour.
4. When applicable, police or local authorities may be involved.
5. If necessary, external agencies such as Social Networking or Email Member sites may be contacted and
informed.
G. Case study: example acceptable use policy
Pupils
• You must have your parent’s / carer’s permission before using the internet.
• You must have a supervising teacher or member of staff with you at all times when using the internet.
• Do not disclose any password or login name to anyone, other than the persons responsible for running
and maintaining the system.
• Do not upload/send personal addresses, telephone / fax numbers or photographs of anyone (staff or
pupil) at the school.
• Use of names of pupils, or photographs of students will require parents to have been informed about
such use.
• Do not download, use or upload any material which is copyright. Always seek permission from the owner,
before using any material from the internet. If in doubt, do not use the material.
• Under no circumstances should you view, upload or download any material which is likely to be
unsuitable for children. This applies to any material of a violent dangerous or inappropriate context. If you
are unsure ask the supervisor.
• Always respect the privacy of files of other users.
• Be polite and appreciate that other users might have different views than your own. The use of strong
language, swearing or aggressive behaviour is not allowed. Do not state anything which could be
interpreted as libel.
• Ensure that you have followed the correct procedures for using the internet.
• Report any incident which breaches these rules to the I.T. Network Manager or Co-ordinator of ICT.
I have read and agree to abide by the rules stated in the I.C.T. Acceptable Use Policy. I understand the
consequences if I do not.
Name: Form:
Signed: Date:
You can download this publication or order copies online at
www.teachernet.gov.uk/publications
Search using the ref: DCSF-00658-2007
Copies of this publication can also be obtained from:
DCSF Publications
PO Box 5050
Sherwood Park
Annesley
Nottingham NG15 0DJ
Tel: 0845 60 222 60
Fax: 0845 60 333 60
Textphone: 0845 60 555 60
Please quote ref: 00658-2007DOM-EN
ISBN: 978-1-84775-028-0
PPBEL/D21/0907/53
Crown Copyright 2007
Extracts from this document may be reproduced for

non-commercial research, education or training purposes on
the condition that the source is acknowledged. For any other
use please contact hmsolicensing@opsi.x.gsi.gov.uk
This publication is printed

this publication please recycle it
Appendix 2
The National Center for Victims of Crime - Library/Document Viewer
Home | Members Only | About the Center | Support Our Work | Store | Contact Us |
Conferences and TrainingsVictim AssistanceProvider SupportCivil LitigationPublic PolicyResource LibraryPress Center
Search
THIS SITE BEST VIEWED IN INTERNET EXPLORER 6.0 (free download ) OR HIGHER.
You are here: Home > Library > Document Viewer

Documents Submit
Printable Version
Resource Centers Back to previous view
Help for Crime Victims Cyberstalking

● Definition
VictimLaw ● Overview
● Cyberstalking and the Law
Conferences and Trainings ● If you are a victim of Cyberstalking
● Potential effects of Cyberstalking
● For more information
Stalking Resource Center ● Resources on the Internet
● References
Parallel Justice ● A U.S. Department of Justice report estimates that there may be tens or even hundreds of thousands of
cyberstalking victims in the United States (Report on Cyberstalking, 1999).
Youth Initiative ● A 1997 nationwide survey conducted by the University of Cincinnati found that almost 25% of stalking
incidents among college age women involved cyberstalking (Report on Cyberstalking, 1999).
DNA Resource Center

Definition
Cyberstalking can be defined as threatening behavior or unwanted advances directed at another using the
Resilience Project Internet and other forms of online and computer communications.
Dating Violence Resource

Center
Overview
Cyberstalking is a relatively new phenomenon. With the decreasing expense and thereby increased availability of
computers and online services, more individuals are purchasing computers and "logging onto" the Internet,
making another form of communication vulnerable to abuse by stalkers.
Cyberstalkers target their victims through chat rooms, message boards, discussion forums, and e-mail.
Cyberstalking takes many forms such as: threatening or obscene e-mail; spamming (in which a stalker sends a
victim a multitude of junk e-mail); live chat harassment or flaming (online verbal abuse); leaving improper
messages on message boards or in guest books; sending electronic viruses; sending unsolicited e-mail; tracing
another person's computer and Internet activity, and electronic identity theft.
Similar to stalking off-line, online stalking can be a terrifying experience for victims, placing them at risk of
psychological trauma, and possible physical harm. Many cyberstalking situations do evolve into off-line stalking,
and a victim may experience abusive and excessive phone calls, vandalism, threatening or obscene mail,
trespassing, and physical assault.
Cyberstalking and the Law

With personal information becoming readily available to an increasing number of people through the Internet
and other advanced technology, state legislators are addressing the problem of stalkers who harass and threaten
their victims over the World Wide Web. Stalking laws and other statutes criminalizing harassment behavior
currently in effect in many states may already address this issue by making it a crime to communicate by any
means with the intent to harass or alarm the victim.
States have begun to address the use of computer equipment for stalking purposes by including provisions
prohibiting such activity in both harassment and anti-stalking legislation (Riveira, 1,2). A handful of states, such
as Alabama, Arizona, Connecticut, Hawaii, Illinois, New Hampshire and New York have specifically including
prohibitions against harassing electronic, computer or e-mail communications in their harassment legislation.
Alaska, Oklahoma, Wyoming, and more recently, California, have incorporated electronically communicated
statements as conduct constituting stalking in their anti-stalking laws. A few states have both stalking and
http://www.ncvc.org/ncvc/main.aspx?dbName=DocumentViewer&DocumentID=32458 (1 of 3) [8/3/2010 8:46:42 μμ]

harassment statutes that criminalize threatening and unwanted electronic communications. Other states have
laws other than harassment or anti-stalking statutes that prohibit misuse of computer communications and e-
mail, while others have passed laws containing broad language that can be interpreted to include cyberstalking
behaviors (Gregorie).
> Recent federal law has addressed cyberstalking as well. The Violence Against Women Act, passed in 2000,
made cyberstalking a part of the federal interstate stalking statute. Other federal legislation that addresses
cyberstalking has been introduced recently, but no such measures have yet been enacted. Consequently, there
remains a lack of legislation at the federal level to specifically address cyberstalking, leaving the majority of
legislative prohibitions against cyberstalking at the state level (Wiredpatrol.org).
If you are a Victim of Cyberstalking

● Victims who are under the age of 18 should tell their parents or another adult they trust about any
harassments and/or threats.
● Experts suggest that in cases where the offender is known, victims should send the stalker a clear written
warning. Specifically, victims should communicate that the contact is unwanted, and ask the perpetrator to
cease sending communications of any kind. Victims should do this only once. Then, no matter the response,
victims should under no circumstances ever communicate with the stalker again. Victims should save copies
of this communication in both electronic and hard copy form.
● If the harassment continues, the victim may wish to file a complaint with the stalker's Internet service
provider, as well as with their own service provider. Many Internet service providers offer tools that filter or
block communications from specific individuals.
● As soon as individuals suspect they are victims of online harassment or cyberstalking, they should start
collecting all evidence and document all contact made by the stalker. Save all e-mail, postings, or other
communications in both electronic and hard-copy form. If possible, save all of the header information from
e-mails and newsgroup postings. Record the dates and times of any contact with the stalker.
● Victims may also want to start a log of each communication explaining the situation in more detail. Victims
may want to document how the harassment is affecting their lives and what steps they have taken to stop
the harassment.
● Victims may want to file a report with local law enforcement or contact their local prosecutor's office to see
what charges, if any, can be pursued. Victims should save copies of police reports and record all contact
with law enforcement officials and the prosecutor's office.
● Victims who are being continually harassed may want to consider changing their e-mail address, Internet
service provider, a home phone number, and should examine the possibility of using encryption software or
privacy protection programs. Any local computer store can offer a variety of protective software, options
and suggestions. Victims may also want to learn how to use the filtering capabilities of email programs to
block e-mails from certain addresses.
● Furthermore, victims should contact online directory listings such as www.four11.com, www.switchboard.
com, and www.whowhere.com to request removal from their directory.
● Finally, under no circumstances should victims agree to meet with the perpetrator face to face to "work it
out," or "talk." No contact should ever be made with the stalker. Meeting a stalker in person can be very
dangerous.
Potential Effects of Cyberstalking

Just because cyberstalking does not include physical contact with the perpetrator does not mean it is not as
threatening or frightening as any other type of crime. Victims of cyberstalking often experience psychological
trauma, as well as physical and emotional reactions as a result of their victimization. Some of these effects may
include:
● changes in sleeping and eating patterns

● nightmares
● hypervigilance
● anxiety
● helplessness
● fear for safety
● shock and disbelief
Victims experiencing these reactions and many others might consider seeking out support from friends, family
and victim service professionals in order to cope with the trauma resulting from cyberstalking. In order to locate
local victim service professionals that may be able to offer assistance, safety suggestions, and information and
referrals, please contact the Helpline of the National Center for Victims of Crime at 1-800-FYI-CALL, 8:30 a.m.
to 8:30 p.m., Monday through Friday, Eastern Standard Time.
Read more about cyberstalking via the Stalking Resource Center.
For more information, please contact:
The Privacy Rights Clearinghouse

3100 5th Avenue., Suite B
San Diego, CA 92103

(619) 298-3396
Resources on the World Wide Web:

● National Center for Victims of Crime Stalking Resource Center
● National Network to End Domestic Violence (NNEDV)
● Working to Halt Online Abuse (WHOA) - whoa@haltabuse.org
● CyberAngels
● Safety Ed International
● Electronic Privacy Information Center (EPIC)
● Online Privacy Alliance
● Network Solutions WHOIS - Helps determine contents of domain name registration
Your local prosecutor's office, law enforcement, or state Attorney General's office. Check in the Blue Pages of
your local phone book under the appropriate section heading of either "Local Government," "County
Government," or "State Government."
References
● U.S. Department of Justice. (August 1999). Cyberstalking: A New Challenge for Law Enforcement
and Industry -- A Report from the Attorney General to the Vice President. Washington, DC: U.S.
Department of Justice, pp. 2, 6.
● Gregorie, Trudy. Cyberstalking: Dangers on the Information Superhighway. The Stalking Resource
Center, The National Center for Victims of Crime. Online.
● Riveira, Diane. (September/October 2000). "Internet Crimes Against Women," Sexual Assault
Report, 4 (1).
● Wired Patrol. "US Federal Laws- Cyberstalking." Accessed 15 April 2003. http://www.wiredpatrol.
org/stalking/federal.html
All rights reserved.
Copyright © 2003 by the National Center for Victims of Crime. This information may be freely distributed,
provided that it is distributed free of charge, in its entirety and includes this copyright notice.
Submit Query
2010 © National Center for Victims of Crime. All Rights Reserved. Privacy statement. Legal disclaimer. Terms of Service. Accessibility issues.
Contacts: 2000 M Street NW, Suite 480, Washington, D.C. 20036 phone: 202-467-8700 fax: 202-467-8701, email: webmaster@ncvc.org.
Site operated by Alfa XP Web Software Company, LLC .
Home | About the Center | Victim Assistance | Provider Support | Civil Litigation | Resource Library
Members Only | Support our Work | Press Center | Store | Jobs | Volunteer/Intern | Contact Us
Technical Problem? Please e-mail our webmaster.
This site best viewed in Microsoft Internet Explorer 6.0 or higher.
Login >>

Appendix 3
September 2009
Electronic Records Management:

Blogs, Wikis, Facebook, Twitter & Managing Public Records
The purpose of this advice is to provide guidance to state and local government agencies
regarding the retention of public records of posts to social networking websites such as
blogs, wikis, Facebook, Twitter, etc.
Agencies need to consider the following five (5) factors when managing the retention of their
public records created or received through social networking sites:
1. Are the posts public records?
If the posts are made or received in connection with the transaction of the agency’s public
business (such as providing advice or receiving comments about the agency, its programs, core
business, etc.), then they are public records for the purposes of records retention and need to be
retained for their minimum retention periods.
2. Are the posts primary or secondary copies?
If the posts are simply copies of records that the agency is already retaining for the minimum
retention period (such as links to publications), then the posts may be considered secondary
copies and retained accordingly. Otherwise, the posts are the agency’s primary record.
3. How long do the posts need to be retained?
Agencies should use the same records series for posts that they would use if the same advice
was distributed as a letter or an email to everyone within the agency’s jurisdiction. Agencies
need to retain their primary record of posts which are public records for at least the minimum
retention period listed for those records in the approved records retention schedules.
4. How will the posts be retained by the agency?
Agencies need to consider how they will retain a record in their custody and control of their posts
to social networking websites. When retention of the posts themselves is outside the agency’s
control, the agency needs to consider what other records they will retain, such as email
confirmations of each post or comment. Agencies need to consider these issues in any service
contracts with vendors of social networking websites and in their configuration settings for their
social networking website accounts.
5. For which types of records is this technology appropriate?
Agencies need to determine the business activities for which social networking technology is
appropriate if the agency is unable to manage the creation, receipt and retention of public
records documenting the public business they transact using social networking websites.
Additional advice regarding the management of public records is available from

Washington State Archives:
www.secstate.wa.gov/archives
recordsmanagement@secstate.wa.gov
Appendix 4
A3757 Assembly Floor Statement MARCH 16, 2009
STATEMENT TO
ASSEMBLY, No. 3757

with Assembly Floor Amendments
(Proposed by Assemblyman ALBANO)
ADOPTED: MARCH 16, 2009
This bill enacts the “Social Networking Safety Act,” which provides civil penalties against
individuals who transmit sexually offensive communication through a social networking website.
The amendments change the definition of “sexually offensive communication” to include any
communication which a reasonable person would believe is intended to solicit or request a person
to engage in sexual activity, and any communication depicting or describing nudity, sexual
conduct or sexual excitement when it: (1) predominantly appeals to a prurient interest in sex; (2)
is patently offensive to prevailing standards in the adult community as a whole with respect to
what is suitable material or conduct for minors; and (3) taken as a whole, is without serious
literary, artistic, political or scientific value for minors. This definition eliminates the cross
reference to obscene material as defined in N.J.S.2C:34-3 when discussing the type of
communication.
These floor amendments clarify that this prohibition applies to a person transmitting a
sexually offensive communication through a social networking website to a person located in
New Jersey who the actor knows or should know is less than 13 years of age or is at least 13 but
less than 16 years old and at least four years younger than the actor.
The amendments also provide that the prohibition against transmitting sexually offensive
communication through a social networking website does not apply to any provider or user of an
interactive computer service with respect to information provided by another information content
provider. The amendments define “interactive computer service” as any information service,
system, or access software provider that provides or enables computer access by multiple users to
a computer server, including specifically a service or system that provides access to the Internet
and such systems operated or services offered by libraries or educational institutions. The
amendments define: (1) “information content provider” as any person or entity that is responsible,
in whole or in part, for the creation or development of information provided through the Internet
or any other interactive computer service; and (2) “Internet” as the international computer
network of both federal and non-federal interoperable packet switched data networks.
In addition to prohibiting sexually offensive communication, this bill as originally introduced
also prohibited the transmittal of any “abusive communication” through a social networking
website. The floor amendments eliminate the prohibition against “abusive communication” and
http://www.njleg.state.nj.us/2008/Bills/A4000/3757_S2.HTM (1 of 2) [8/3/2010 8:50:30 μμ]

A3757 Assembly Floor Statement MARCH 16, 2009
replace it with a prohibition against transmitting “harassing communication” through a social

networking website. The amendments define “harassing communication” as any communication
which is directed at a specific person, serves no legitimate purpose and which a reasonable person
would believe is intended to threaten, intimate or harass another person. The amendments also
eliminate the provision that the transmittal of the harassing communication be to a person who
is, or who the actor reasonably believes is, less than 18 years of age.
The floor amendments also change the definition of “social networking website” to eliminate
the requirement that the website be accessible to third parties and on which users under the age of
18 may post personal information. The new definition provides that it includes any website
located on the Internet on which users located in New Jersey may create a searchable profile,
page or similar account that is accessible to other users or visitors to the website and share
personal information with other users or visitors and through which users or visitors may
communicate directly with such users.
In addition to providing civil penalties to for the transmittal of sexually offensive
communication through a social networking website and prohibiting the transmittal of harassing
communication, this bill makes it a violation of the Consumer Fraud Act, N.J.S.A.56:8-1 et seq.,
for a social networking website operator to fail to revoke the website access of any user or third
party upon receipt of information that the user or third party has transmitted offensive
communications. The floor amendments eliminate the term “third party” and replace it with
“visitor.” “Visitor” is defined as a person other than the user or the operator, or an employee of
the operator who accesses a social networking website. The amendments clarify that a “user” is a
person located in this State who establishes on a social networking website a profile, page or
similar account that is accessible to other users or visitors to the website and on which the user
may share personal information with other users and visitors.
The amendments would also provide that nothing in the act be construed to permit a civil
action against an interactive computer service that is inconsistent with the provisions of 47 U.S.C.
§230 (c). This section of the federal law provides immunity from liability to any provider or user
of an interactive computer service for any voluntary action taken in good faith to restrict access to
or availability of material which the provider or user considers obscene.
http://www.njleg.state.nj.us/2008/Bills/A4000/3757_S2.HTM (2 of 2) [8/3/2010 8:50:30 μμ]

Appendix 5
ARTICLE 29 DATA PROTECTION WORKING PARTY
01189/09/EN
WP 163
Opinion 5/2009 on online social networking
Adopted on 12 June 2009
This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data
protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.
The secretariat is provided by Directorate D (Fundamental Rights and Citizenship) of the European Commission, Directorate
General Justice, Freedom and Security, B-1049 Brussels, Belgium, Office No LX-46 01/02.
Website: http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm
Table of contents
Executive Summary ............................................................................................................... 3
1. Introduction ................................................................................................................ 4
2. Definition of a "social network service (SNS)" and business model ......................... 4
3. Application of the Data Protection Directive............................................................. 5
3.1 Who is the data controller?..................................................................................... 5
3.2 Security and default privacy settings ..................................................................... 7
3.3 Information to be provided by SNS ....................................................................... 7
3.4 Sensitive Data......................................................................................................... 8
3.5 Processing data of non-members............................................................................ 8
3.6 Third party access................................................................................................... 8
3.7 Legal grounds for direct marketing........................................................................ 9
3.8 Retention of data .................................................................................................. 10
3.9 Rights of the users ................................................................................................ 11
4. Children and minors ................................................................................................. 11
5. Summary of obligations/rights ................................................................................. 12
- 2-
Executive Summary
This Opinion focuses on how the operation of social networking sites can meet the
requirements of EU data protection legislation. It principally is intended to provide guidance
to SNS providers on the measures that need to be in place to ensure compliance with EU law.
The Opinion notes that SNS providers and, in many cases, third party application providers,
are data controllers with corresponding responsibilities towards SNS users. The Opinion
outlines how many users operate within a purely personal sphere, contacting people as part of
the management of their personal, family or household affairs. In such cases, the Opinion
deems that the ‘household exemption’ applies and the regulations governing data controllers
do not apply. The Opinion also specifies circumstances whereby the activities of a user of an
SNS are not covered by the ‘household exemption’. The dissemination and use of information
available on SNS for other secondary, unintended purposes is of key concern to the Article 29
Working Party. Robust security and privacy-friendly default settings are advocated
throughout the Opinion as the ideal starting point with regard to all services on offer. Access
to profile information emerges as a key area of concern. Topics such as the processing of
sensitive data and images, advertising and direct marketing on SNS and data retention issues
are also addressed.
Key recommendations focus on the obligations of SNS providers to conform with the Data
Protection Directive and to uphold and strengthen the rights of users. Of paramount
importance, SNS providers should inform users of their identity from the outset and outline
all the different purposes for which they process personal data. Particular care should be taken
by SNS providers with regard to the processing of the personal data of minors. The Opinion
recommends that users should only upload pictures or information about other individuals,
with the individual’s consent and considers that SNS also have a duty to advise users
regarding the privacy rights of others.
- 3-
THE WORKING PARTY ON THE PROTECTION OF INDIVIDUALS WITH
REGARD TO THE PROCESSING OF PERSONAL DATA
set up by Directive 95/46/EC of the European Parliament and of the Council of 24 October
19951,
having regard to Articles 29 and 30 paragraphs 1 (a) and 3 of that Directive, and Article 15
paragraph 3 of Directive 2002/58/EC of the European Parliament and of the Council of 12
July 2002
having regard to Article 255 of the EC Treaty and to Regulation (EC) no 1049/2001 of the
European Parliament and of the Council of 30 May 2001 regarding public access to European
Parliament, Council and Commission documents
having regard to its Rules of Procedure
HAS ADOPTED THE PRESENT DOCUMENT:
1. Introduction
The evolution of web communities and hosted services such as social network services
("SNS") is a relatively recent phenomenon, with the number of users of these sites continuing
to multiply at an exponential rate.
The personal information a user posts online, combined with data outlining the users actions
and interactions with other people, can create a rich profile of that person's interests and
activities. Personal data published on social network sites can be used by third parties for a
wide variety of purposes, including commercial purposes, and may pose major risks such as
identity theft, financial loss, loss of business or employment opportunities and physical harm.
The Berlin International Working Group on Data Protection in Telecommunications adopted
the Rome Memorandum2 in March 2008. The Memorandum analyses the risks for privacy and
security posed by social networks and provides guidelines for regulators, providers and users.
The recently adopted Resolution on Privacy Protection in Social Network Services3 also
addresses challenges brought about by the SNS. The Working Party also takes into account
the position paper published by the European Network and Information Security Agency
(ENISA) “Security Issues and Recommendations for Online Social Networks,”4 in October
2007 aimed at regulators and providers of social networks.
2. Definition of a "social network service (SNS)" and business model

SNS can broadly be defined as online communication platforms which enable individuals to
join or create networks of like-minded users. In the legal sense, social networks are
information society services, as defined in Article 1 paragraph 2 of Directive 98/34/EC as
amended by Directive 98/48/EC. SNS share certain characteristics:
1
Official Journal no. L281 of 23/11/1995, p. 31,
http://europa.eu.int/comm/internal_market/en/media/dataprot/index.htm
2
http://www.datenschutz-berlin.de/attachments/461/WP_social_network_services.pdf
3
Adopted at the 30th International Conference of Data Protection and Privacy Commissioners in Strasbourg, 17;10.2008,
http://www.privacyconference2008.org/adopted_resolutions/STRASBOURG2008/resolution_social_networks_en.pdf
4
http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_pp_social_networks.pdf
- 4-
- users are invited to provide personal data for the purpose of generating a description of
themselves or ‘profile’.
- SNS also provide tools which allow users to post their own material (user-generated
content such as a photograph or a diary entry, music or video clip or links to other sites5);
- ‘social networking’ is enabled using tools which provide a list of contacts for each user,
and with which users can interact.
SNS generate much of their revenue through advertising which is served alongside the web
pages set up and accessed by users. Users who post large amounts of information about their
interests on their profiles offer a refined market to advertisers wishing to serve targeted
advertisements based on that information.
It is therefore important that SNS operate in a way which respects the rights and freedoms of
users who have a legitimate expectation that the personal data they disclose will be processed
according to European and national data protection and privacy legislation.
3. Application of the Data Protection Directive

The provisions of the Data Protection Directive apply to SNS providers in most cases, even if
their headquarters are located outside of the EEA. The Article 29 Working Party refers to its
earlier opinion on search engines for further guidance on the issues of establishment and use
of equipment as determinants for the applicability of the Data Protection Directive and the
rules subsequently triggered by the processing of IP addresses and the use of cookies.6
3.1 Who is the data controller?

SNS providers
SNS providers are data controllers under the Data Protection Directive. They provide the
means for the processing of user data and provide all the “basic” services related to user
management (e.g. registration and deletion of accounts). SNS providers also determine the
use that may be made of user data for advertising and marketing purposes - including
advertising provided by third parties.
Application providers
Application providers may also be data controllers, if they develop applications which run in
addition to the ones from the SNS and users decide to use such an application.
Users
In most cases, users are considered to be data subjects. The Directive does not impose the
duties of a data controller on an individual who processes personal data "in the course of a
purely personal or household activity" - the so-called "household exemption". In some
instances, the activities of a user of an SNS may not be covered by the household exemption
and the user might be considered to have taken on some of the responsibilities of a data
controller. Some of these instances are developed below:
5
In these cases where SNS provide electronic communications services, provisions of ePrivacy Directive
2002/58 will also apply.
6
WP148, “Opinion 1/2008 on data protection issues related to search engines”.
- 5-
3.1.1. Purpose and nature
A growing trend of SNS is the "shift from "Web 2.0 for fun" to Web 2.0 for productivity and
services"7 where the activities of some SNS users may extend beyond a purely personal or
household activity, for example when the SNS is used as a collaboration platform for an
association or a company. If an SNS user acts on behalf of a company or association, or uses
the SNS mainly as a platform to advance commercial, political or charitable goals, the
exception does not apply. Here, the user assumes the full responsibilities of a data controller
who is disclosing personal data to another data controller (SNS) and to third parties (other
SNS users or potentially even other data controllers with access to the data). In these
circumstances, the user needs the consent of the persons concerned or some other legitimate
basis provided in the Data Protection Directive.
Typically, access to data (profile data, postings, stories…) contributed by a user is limited to
self-selected contacts. In some cases however, users may acquire a high number of third party
contacts, some of whom he may not actually know. A high number of contacts could be an
indication that the household exception does not apply and therefore that the user would be
considered a data controller.
3.1.2. Access to profile information
SNS should ensure privacy-friendly and free of charge default settings are in place restricting
access to self-selected contacts.
When access to profile information extends beyond self-selected contacts, such as when
access to a profile is provided to all members within the SNS8 or the data is indexable by
search engines, access goes beyond the personal or household sphere. Equally, if a user takes
an informed decision to extend access beyond self-selected ‘friends’ data controller
responsibilities come into force. Effectively, the same legal regime will then apply as when
any person uses other technology platforms to publish personal data on the web9. In several
Member States, the lack of access restrictions (thus the public character) means the Data
Protection Directive applies in terms of the internet user acquiring data controller
responsibilities10.
It should be kept in mind that, even if the household exemption does not apply, the SNS user
may benefit from other exemptions such as the exemption for journalistic purposes, artistic or
literary expression. In those cases, a balance needs to be struck between freedom of
expression and the right to privacy.
3.1.3 Processing of third party data by users
The application of the household exemption is also constrained by the need to guarantee the
rights of third parties, particularly with regard to sensitive data. In addition, it must be noted
that even if the household exemption applies, a user might be liable according to general
7
"Internet of the future: Europe must be a key player" speech from Ms Reding, European Commissioner for Information
Society and Media during the meeting Future of the Internet initiative of the Lisbon Council, Brussels, 2 February 2009
8
or when it can be argued that no actual selection is being made in accepting contacts, i.e the users accepts “contacts”
regardless of the connection they have
9
Such as with publishing platforms that are not SNS, or with self-hosted software.
10
In its Satamedia judgment the ECJ rules inversely in paragraph 44: "It follows that the latter exception must be
interpreted as relating only to activities which are carried out in the course of private or family life of individuals (see
Lindqvist, paragraph 47). That clearly does not apply to the activities of Markkinapörssi and Satamedia, the purpose of
which is to make the data collected accessible to an unrestricted number of people."
- 6-
provisions of national civil or criminal laws in question (e.g. defamation, liability in tort for
violation of personality, penal liability).
3.2 Security and default privacy settings

Secure processing of information is a key element of trust in SNS. Controllers must take the
appropriate technical and organisational measures, ‘both at the time of the design of the
processing system and at the time of the processing itself’ to maintain security and prevent
unauthorised processing, taking into account the risks represented by the processing and the
nature of the data11.
An important element of the privacy settings is the access to personal data published in a
profile. If there are no restrictions to such access, third parties may link all kinds of intimate
details regarding the users, either as a member of the SNS or via search engines. However,
only a minority of users signing up to a service will make any changes to default settings.
Therefore, SNS should offer privacy-friendly default settings which allow users to freely and
specifically consent to any access to their profile's content that is beyond their self-selected
contacts in order to reduce the risk of unlawful processing by third parties. Restricted access
profiles should not be discoverable by internal search engines, including the facility to search
by parameters such as age or location. Decisions to extend access may not be implicit12, for
example with an "opt-out" provided by the controller of the SNS.
3.3 Information to be provided by SNS

SNS providers should inform users of their identity and the different purposes for which they
process personal data according to the provisions laid out in Article 10 of the Data Protection
Directive including, but not limited to:
- usage of the data for direct marketing purposes;
- possible sharing of the data with specified categories of third parties;
- an overview on profiles: their creation and chief data sources;
- the use of sensitive data.
The Working Party recommends that:
- SNS providers provide adequate warnings to users about the privacy risks to
themselves and to others when they upload information on the SNS;
- SNS users should also be reminded that uploading information about other individuals
may impinge upon their privacy and data protection rights;
- SNS users should be advised by SNS that if they wish to upload pictures or
information about other individuals, this should be done with the individual’s
consent13.
11
Article 17 and Recital 46 of the Data Protection Directive.
12
The Report and Guidance on Privacy in Social Network Services (”Rome Memorandum”) indicates risks such as “The
misleading notion of community”, p2, “Giving away more personal information than you think you do”, p3. A computer
security company warns an important SNS about default access to members within the same geographical location :
http://www.sophos.com/pressoffice/news/articles/2007/10/facebook-network.html
13
This could be made easier by introducing tagging management tools within social network websites, e.g. by
making available areas in a personal profile to indicate the presence of a user’s name in tagged images or
- 7-
3.4 Sensitive Data
Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs,
trade-union membership or data concerning health or sex life is considered sensitive.
Sensitive personal data may only be published on the Internet with the explicit consent from
the data subject or if the data subject has made the data manifestly public himself.14
In some EU Member States, images of data subjects are considered a special category of
personal data since they may be used to distinguish between racial/ethnic origins or may be
used to deduce religious beliefs or health data. The Working Party in general does not
consider images on the Internet to be sensitive data15, unless the images are clearly used to
reveal sensitive data about individuals.
As data controllers, SNS may not process any sensitive data about SNS members or non-
members without their explicit consent16. If an SNS includes in the profile form of users any
questions relating to sensitive data, the SNS must make it very clear that answering such
questions is completely voluntary.
3.5 Processing data of non-members

Many SNS allow users to contribute data about other people, such as adding a name to a
picture, rating a person, listing the “people I have met/want to meet” at events. This tagging
may also identify non-members. However, the processing of such data about non-members by
the SNS may only be performed if one of the criteria laid down in Article 7 of the Data
Protection Directive is fulfilled.
In addition, the creation of pre-built profiles of non-members through the aggregation of data
that is independently contributed by SNS users, including relationship data inferred from
uploaded address books, lacks a legal basis.17
Even if the SNS had the means to contact the non-user and inform this non-user about the
existence of personal data relating to him/her, a possible e-mail invitation to join the SNS in
order to access these personal data would violate the prohibition laid down in Article 13.4 of
the ePrivacy Directive on the sending of unsolicited electronic messages for direct marketing
purposes.
3.6 Third party access

3.6.1 SNS-mediated access
In addition to the core SNS service, most SNS offer users additional applications provided by
third party developers which also process personal data.
SNS should have the means to ensure that third party applications comply with the Data
Protection and ePrivacy Directives. This implies, in particular, that they provide clear and
videos waiting for consent, or setting expiration times for tags that have not received consent by the tagged
individual.
14
Member States may lay down exemptions from this rule; see Article 8.2 (a) second sentence and Article 8 4 of the Data
Protection Directive.
15
The publication of images on the Internet does however raise increasing privacy concerns as facial recognition
technologies improve.
16
consent has to be free, informed and specific
17
Recital 38 of the Data Protection Directive specifies: “Whereas, if the processing of data is to be fair, the data subject
must be in a position to learn of the existence of a processing operation and, where data are collected from him, must be
given accurate and full information, bearing in mind the circumstances of the collection.” For some SNS, the
publication of profiles of non-members allegedly has become an important way of marketing their “services”.
- 8-
specific information to users about the processing of their personal data and that they only
have access to necessary personal data. Therefore, layered access should be offered to third
party developers by the SNS so they can opt for a mode of access that is intrinsically more
limited. SNS should ensure furthermore that users may easily report concerns about
applications.
3.6.2 User-mediated third party access
SNS sometimes allow users to access and update their data with other applications. For
example users might be able to:
- read and post messages to the network from their mobile phone;
- synchronize the contact data of their friends in the SNS with their address book on a
desktop computer;
- update their status or location in the SNS automatically by using another website.
SNS publish the way this software can be written in the form of an “Application
Programming Interface” (“API”). This enables any third party to write software to perform
these tasks, and allow users to freely choose between several third party providers18. When
offering an API that enables access to contacts' data, SNS should:
- provide for a level of granularity that lets the user choose an access level for the third
party that is only just sufficient to perform a certain task.
When accessing personal data via third party’s API on behalf of a user, third party services
should:
- process and store data no longer than necessary to perform a specific task;
- perform no operations on imported user contacts' data other than personal usage by the
contributing user.
3.7 Legal grounds for direct marketing

Direct marketing is an essential part of the SNS business model; different marketing models
can be used by SNS. Nevertheless, marketing using users’ personal data should comply with
relevant provisions of both Data Protection and ePrivacy Directive19.
Contextual marketing is tailored to the content that is viewed or accessed by the user20.
Segmented marketing consists in serving advertisements to targeted groups of users21; a user

is placed in a group according to the information he has directly communicated to the SNS22.
Finally, behavioural marketing selects the advertisements based on the observation and
analysis of the users’ activity over time. These techniques may be subject to different legal
requirements, depending on the applicable legal grounds and the characteristics of the
18
While “API” is a broad technical term, here API refers to access on behalf of a user, i.e. users need to give their login
credentials to the software, so that it can act on their behalf.
19
The Working Party intends to address the different aspects of online advertising in a separate document in the near
future.
20
e.g. if the page which is displayed mentions the word “Paris”, the advertisement could concern a restaurant in this city
21
each group being defined by a set of criteria
22
e.g. when he registered with the service
- 9-
techniques used. The Working Party recommends not using sensitive data in behavioural
advertising models, unless all legal requirements are met.
Whatever model or combination of models is used, advertisements can either be served
directly by the SNS (the SNS provider acts here as a broker) or by a third party advertiser. In
the first case, personal data of the users do not need to be disclosed to third parties. In the
second case however, the third party advertiser might process personal data about the users
e.g. if it processes the IP address of the user and a cookie that was placed on the user’s
computer.
3.8 Retention of data

SNS fall outside the scope of the definition of electronic communication services provided in
Article 2 letter c) of the Framework Directive (2002/21/EC). SNS providers may offer
additional services that fall under the scope of an electronic communications service such as a
publicly accessible email service. Such a service will be subject to the provisions of the e-
Privacy Directive and the Data Retention Directive.
Some SNS allow their users to send invitations to third parties. The prohibition on the use of
electronic mail for the purposes of direct marketing does not apply to personal
communications. In order to comply with the exception for personal communications, an SNS
must comply with the following criteria:
- no incentive is given to either sender or recipient;
- the provider does not select the recipients of the message;23
- the identity of the sending user must be clearly mentioned;
- the sending user must know the full content of the message that will be sent on his
behalf.
Some SNS also retain identification data of users who were banned from the service, to
ensure that they cannot register again. In that case, these users must be informed that such
processing is taking place. In addition, the only information that may be retained is
identification information, and not the reasons why these persons were banned. This
information should not be retained for more than one year.
Personal data communicated by a user when he registers to a SNS should be deleted as soon
as either the user or the SNS provider decides to delete the account24. Similarly, information
deleted by a user when updating his account should not be retained. SNS should notify users
before taking these steps with the means they have at their disposal to inform users about
these retention periods. For security and legal reasons, in specific cases, it could be justifiable
to store updated or deleted data and accounts for a defined period of time in order to help
prevent malicious operations resulting from identity theft and other offences or crimes.
When a user does not use the service for a defined period of time, the profile should be set to
inactive, i.e. no longer visible to other users or the outside world, and after another period of
time the data in the abandoned account should be deleted. SNS should notify users before
taking these steps with whatever means they have at their disposal.
23
i.e. the practice by some SNSs to send invitations indiscriminately to the entire address book of a user is not allowed
24
According to Article 6 para 1e) of the Data Protection Directive, data must be “kept in a form which permits
identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for
which they are further processed.”
-10-
3.9 Rights of the users
SNS should respect the rights of the individuals concerned by the processing according to the
provisions laid out in Articles 12 and 14 of the Data Protection Directive.
Access and rectification rights of users are not limited to the users of the service but to any
natural person whose data are processed25. Members and non-members of SNS must have a
means to exercise their right of access, correction and deletion. The homepage of SNS sites
should clearly refer to the existence of a “complaint handling office” set up by the SNS
provider to deal with data protection and privacy issues and complaints by both members and
non-members.
Article 6 para 1 letter c) of the Data Protection Directive requires the data to be “adequate,
relevant and not excessive in relation to the purposes for which they are collected and/or
further processed". In this context, it can be observed that SNS may need to register some
identifying data about members but does not need to publish the real name of members on the
Internet. Therefore, SNS should consider carefully if they can justify forcing their users to act
under their real identity rather than under a pseudonym. There are strong arguments in favor
of giving users choice in this respect and in at least one Member State, this is a legal
requirement. The arguments are particularly strong in the case of SNS with wide membership.
Article 17 of the Data Protection Directive requires that the controller implements appropriate
technical and organizational security measures to protect personal data. In particular, such
security measures include access control and authentication mechanisms which can still be
implemented if pseudonyms are used.
4. Children and minors

A large proportion of SNS services are utilised by children/minors. The Working Party's
Opinion WP14726 focused on the application of data protection principles in the school and
educational environment. The Opinion emphasised the need for taking into account the best
interest of the child as also set out in the UN Convention on the Rights of the Child. The
Working Party wishes to stress the importance of this principle also in the context of SNS.
Some interesting initiatives27 have been undertaken by Data Protection Authorities world
wide which focus mostly on awareness-raising regarding SNS and possible risks. The
Working Party encourages further research on how to address the difficulties surrounding
adequate age verification and proof of informed consent in order to better address these
challenges.
Based on the considerations made so far, the Working Party believes that a multi-pronged
strategy would be appropriate to address the protection of children’s data in the SNS context.
Such a strategy might be based on:
- awareness raising initiatives, which are fundamental to ensure the active involvement
of children (via schools, the inclusion of DP-basics in educational curricula, the
creation of ad-hoc educational tools, the collaboration of national competent bodies);
25
e.g. instance, it is the case if this person’s email address was used by the SNS service to send him an invitation
26
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp147_en.pdf
27
For example, the Portuguese “Dadus” initiative http://dadus.cnpd.pt/, the Danish Chat Check Badge,
http://www.fdim.dk/
-11-
- fair and lawful processing with regard to minors such as not asking for sensitive data
in the subscription forms, no direct marketing aimed specifically at minors, the prior
consent of parents before subscribing, and suitable degrees of logical separation
between the communities of children and adults;
- implementation of Privacy Enhancing Technologies (PETs) - e.g. privacy-friendly
settings by default, pop-up warning boxes at appropriate steps, age verification
software);
- self-regulation by providers, to encourage the adoption of codes of practice that should
be equipped with effective enforcement measures, also disciplinary in nature;
- if necessary, ad-hoc legislative measures to discourage unfair and/or deceptive
practices in the SNS context.
5. Summary of obligations/rights
Applicability of EC Directives
1. The Data Protection Directive generally applies to the processing of personal
data by SNS, even when their headquarters are outside of the EEA.
2. SNS providers are considered data controllers under the Data Protection
Directive.
3. Application providers might be considered data controllers under the Data
Protection Directive.
4. Users are considered data subjects vis-à-vis the processing of their data by SNS.
5. Processing of personal data by users in most cases falls within the household
exemption. There are instances where the activities of a user are not covered by
this exemption.
6. SNS fall outside of the scope of the definition of electronic communication service
and therefore the Data Retention Directive does not apply to SNS.
Obligations of SNS
7. SNS should inform users of their identity, and provide comprehensive and clear
information about the purposes and different ways in which they intend to
process personal data.
8. SNS should offer privacy-friendly default settings.
9. SNS should provide information and adequate warning to users about privacy
risks when they upload data onto the SNS.
11. Users should be advised by SNS that pictures or information about other
individuals, should only be uploaded with the individual’s consent.
12. At a minimum, the homepage of SNS should contain a link to a complaint facility,
covering data protection issues, for both members and non-members.
13. Marketing activity must comply with the rules laid down in the Data Protection
and ePrivacy Directives.
-12-
14. SNS must set maximum periods to retain data on inactive users. Abandoned
accounts must be deleted.
15. With regard to minors, SNS should take appropriate action to limit the risks.
Rights of Users
16. Both members and non-members of SNS have the rights of data subjects if
applicable, according to the provisions of Article 10 – 14 of the Data Protection
Directive.
17. Both members and non-members should have access to an easy-to-use complaint
handling procedure set up by the SNS.
18. Users should, in general, be allowed to adopt a pseudonym.
Done at Brussels, on 12 June 2009
For the Working Party

The Chairman
Alex TÜRK
-13-
Appendix 6
Web 2.0 Suicide Machine - Meet your Real Neighbours again! - Sign out forever!
About
FAQ
Take a Tour
Review
Contact
Open,
Smart and
100%
satisfaction
guaranteed!
Select your 229,651 friends have been unfriended
Social Network:
and
391,125 tweets have been removed since

Please read the C&D letter from Facebook here!!!
launching.
3,109 people went before you!
Click here to watch the latest ones!
works for all platforms: (version 2.03.17)
Faster, Safer, Smarter, Better Windows, Linux, Mac
http://suicidemachine.org/ (1 of 3) [8/3/2010 8:56:13 μμ]

Tired of your Social Network?

Please make sure you have Flash Player
Liberate your newbie friends with a Web2.0 suicide! This machine lets you delete
all your energy sucking social-networking profiles, kill your fake virtual friends,
and completely do away with your Web2.0 alterego. The machine is just a 10 installed.
metaphor for the website which moddr_ is hosting; the belly of the beast where the
web2.0 suicide scripts are maintained. Our service currently runs with Facebook,
Myspace, Twitter and LinkedIn! Commit NOW!
Feel free like a real bird again and untwitter yourself. Watch it here!
Take the Testimonials FAQ

2.0 Suicide
View Learn
Watch
them the Who's Who We believe everyone
how should be able
Tour! all
of social network it
to commit suicide in
kills
social
View suiciders networks!
Video
ABOUT OUR OUR PROMOTE

US TARGET SERVICES US
NETWORKS
● Credits ● Watch Promo ● ShareThis
● Press ● Facebook Video
● Review ● MySpace ● Untwitter
● Contact ● LinkedIn Video
● Twitter ● Memorial
Pages
● Privacy Policy
● FAQ


Social Networking Sites: Information Governance Issues

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Social Networking Sites: Information Governance Issues

Caricato da

Copyright:

Formati disponibili

ROBERT GORDON UNIVERSITY

ABERDEEN BUSINESS SCHOOL

SOCIAL NETWORKING SITES: INFORMATION GOVERNANCE ISSUES

WORD COUNT: 2,775

5.1.3 GOOGLE BUZZ

6.2 TARGETED ADS

6.6 ETHICAL ISSUES/CONTROVERSIES

8.2 TECHNOLOGICAL ASPECT

5. Council Regulation (EC) 01189/09 on online social networking

17.PCMAGAZINE.SECURITY WATCH 2007. LinkedIn vulnerability exposes users. [online].

[Accessed 2 March 2010].

[Accessed 3 March 2010]

26.TECHNEWSWORLD. SKIPEASE 2010. Data mining of personal information from social

Safe to Learn: Embedding

Anti-Bullying Alliance (ABA) Mobile Broadband Group

A. Key advice to parents and carers on cyberbullying 40

Childnet has produced a summary of this guidance

Understanding cyberbullying to regulate the conduct of pupils when they are

19. Some forms of cyberbullying involve the

How common is cyberbullying? Legal duties and powers: Education law

• Accessing and copying someone's information, Publicly posting, sending or forwarding

Manipulation 1.4.1 In cyberbullying, the audience for the bullying

14 Tech Abuse in Teen Relationships Study, January 2007: http://loveisnotabuse.com/pdf/06-208%20Tech%20Relationship%20Abuse%20TPL.pdf

1.4.3 It is also worth noting that some of those being Location

Motivation for bullying 1.4.14 Unlike other forms of bullying, many

IM and bullying Risks

Chatrooms and Message boards and Webcams

Video-hosting sites Virtual Learning Environments (VLEs)

Virtual worlds can be used to explore and bring to

2.1 TAKING A WHOLE-SCHOOL safe and welcoming environment as a responsibility

2.1.1 This section looks at prevention strategies Co-ordinating responsibility

in coordinating and ensuring the effectiveness • Making reporting cyberbullying easier

Promote awareness and understanding Case study:

Publicising school reporting routes Bystanders

Signpost information about external enjoyable (see ‘Understanding cyberbullying’

2.4.10 It may be appropriate to report incidents of 2.5.3 Developing an organisational culture of

17 See, for example, www.stoptextbully.com.

Password protection: Review how the school network

2.6.2 The school should consider how it might most

Conduct a regular survey

2.6.3 The Children’s Commissioner has

2.6.4 Many schools already use student and staff

Publicise progress and activities to the

2.6.5 The staff members responsible for behaviour

Quote from a parent: Preventing recurrence (e.g. blocking or

others, see http://www.police.homeoffice.gov.uk/operational-policing/crime-disorder/child-protection-taskforce

Sanctions for bullying behaviour Working with the bully

• Demonstrate to the school community that

3.4.7 In addition to any sanctions that are in existing

3.4.8 Technology specific sanctions for pupils

3.4.9 For more information on disciplinary sanctions

When a child is the target of cyberbullying – bullying Use the tools

2) RESPONDING TO CYBERBULLYING • The police: If the cyberbullying is serious and a

Keep the evidence

• The school: If the incident involves a pupil or

• The provider of the service: Most service

B. Key advice to children

ANTI-CYBERBULLYING CODE 2) Think before you send

1) Always respect others 3) Treat your password like your toothbrush

6) Save the evidence

7) Make sure you tell

There are people that can help:

• Tell an adult you trust, who can help you to

Chatrooms and Message boards and Webcams

Virtual worlds can be used to explore and bring to