Keeping Child Data Safe – ChatGPT’s Recommendations

by | Jun 2, 2023 | Blog

At Innovation Edge we care greatly about child safety: not just keeping them safe from physical harm but enabling environments at home and in their learning programmes where they can foster stable, supportive relationships with caring adults. Children with connections to these supportive adults are better able to regulate their brain and body’s response to toxic stress. This enables opportune conditions for a child’s learning and growth.

Along with our financial support, we provide strategic coaching, operational support and connections to social capital to the social entrepreneurs providing solutions that create enabling home and preschool environments. For our investees collecting children’s personal information*, we stress the importance of complying with the Protection of Personal Information Act (POPIA) and other regulatory and ethical standards of data protection.

We know this is a complex issue and early-stage organisations don’t always have the resources for legal advice so we used an AI language model to generate recommendations on how to comply.

Here are some safeguarding tips generated by ChatGPT using the prompt “What can organisations working with children do to keep children’s personal information safe as per POPIA”:

1. Obtain consent

Obtain consent from parents or guardians before collecting and processing any personal information of children. Consent should be explicit, voluntary, and informed, and should clearly state the purpose and duration of data processing.

2. Educate staff

Provide training and awareness programmes to staff members who handle children’s personal information. They should understand their responsibilities, the importance of data protection, and the procedures to follow in case of a data breach.

3. Develop privacy policies

Develop and maintain clear and transparent privacy policies that outline how personal information, including children’s information, is collected, used, stored, and disclosed. These policies should be easily accessible to parents, guardians, and individuals concerned. Privacy policies are typically displayed on your organisation’s website.

4. Minimise data collection

Collect and retain only the minimum necessary personal information required for the intended purpose. Avoid collecting sensitive information unless justified and necessary.

5. Implement security measures

Implement appropriate security measures to protect children’s personal information from unauthorised access, loss, or alteration. This includes physical, technical, and organisational safeguards such as encryption, access controls, and regular security assessments.

6. Set out clear data retention and deletion periods

Establish clear retention periods for children’s personal information and ensure that data is deleted when it is no longer necessary for the purpose for which it was collected. It is better to delete data when it is no longer necessary than to risk a breach.

7. Adhere to data subject rights

POPIA grants the person whose data is being collected or processed (the data subject) many rights. Your policies should enable parents, guardians, or children themselves (depending on the age of consent) to exercise their rights including the right to access, rectify, delete, or restrict the processing of personal information.

8. Establish data breach response

If your data protection safeguards have been breached and a child’s data has been accessed by an unauthorised party in a way that may result in significant harm or risk to children’s personal information, the Information Regulator as well as the affected individuals must be notified. It is important that staff are trained on these breach policies and procedures so your organisation can respond to data breaches promptly.

9. Ensure secure data transfer measures

Servers are often hosted outside of South Africa. Ensure that the receiving country has adequate data protection measures in place when designing and implementing safeguards for transferring children’s personal information across borders.

10. Do regular audits and assessments

Conduct regular audits and assessments of data protection practices to ensure compliance with POPIA. This includes reviewing data processing activities, privacy policies, security measures, and consent mechanisms.

It is important for organisations working with children to stay updated on the latest POPIA/GDPR guidelines and consult legal experts to ensure full compliance with data protection regulations. We encourage all our partners working with young children to implement these protocols to keep child data safe and, to make sure their staff and volunteers have the appropriate clearances and training.

To learn more about our support for organisations creating Early Safety and Security for young children, see our Rapid Response Fund film.

*The definition for personal information includes: identifiable information of living person including, but not limited to:

  • information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person.
Article generated with the help of ChatGPT