The issue of checking foster carer’s social media posts can be a thorny one for fostering providers. There are a couple of reasons that you might want to check on carer’s online activity; of course as an extension to safeguarding, it may be necessary to ensure that posts including young people in care are appropriate or even permitted. The other main reason explained to us is in terms of carer recruitment – posts can help an agency get a very clear picture of what a carer is like at social and domestic levels.
Through the GDPR lens, personal and even special categories of personal information posted on social media by an individual can be considered to be ‘manifestly made public’ by the data subject if it can be safely identified, that they have posted the information themselves as explained on the Information Commissioners Office website: What are the conditions for processing? The relevant GDPR article is 9(2)(e). This does not absolve the data controller from the requirements of the GDPR for information collected this way; it must still be collected and managed within data protection law; data subjects must be made aware that their data is being processed and how to exercise their rights. It is necessary to recognise the role of cyber and information security controls when assessing your data protection maturity and compliance.
Carers must appreciate the potential risks in posting personal information about themselves and about the young people in their care on social media. Location services enabled on phones and cameras can transfer that information to posts as metadata, which is not always obvious from the images themselves. It is worth noting that the privacy options for apps such as Facebook and Tik-Tok are often buried quite deep in the app’s settings or be ambiguous in their descriptions. Another issue to be aware of is the ability to re-share or screen-grab posts; sharing with friends or friends of friends may result in a broader exposure of the information.
In our opinion, online safety training delivered to foster carers should include a section on data privacy and cyber security. This will empower carers to use social media confidently and safely, making clear decisions about its use. It is advised that carers be encouraged to have conversations about data privacy and security with young people to ensure they are all aware of the risks and the remedies when posting online. Many young people may consider their use of social media to be safe but may be unaware of personal information being made public by them through poor privacy and security setting choices.
Guardian Saints is a not for profit community interest company founded in 2014 by two parents and a foster carer all with successful careers in cyber security, data protection and compliance within the corporate sector.