Summer School Photography and Data Security Policy
1. Purpose of the Policy
This policy outlines how photographs and videos of children attending the Summer School (“the Programme”) may be taken, used, stored, and shared. It ensures compliance with applicable data protection laws (such as the UK GDPR and Data Protection Act 2018) and promotes the safety, dignity, and privacy of all children.
2. Scope
This policy applies to:
All staff, volunteers, contractors, and external photographers working with or on behalf of the Programme.
All photography and video content featuring children participating in Programme activities.
3. Legal and Safeguarding Principles
Children’s images constitute personal data and must be handled lawfully, fairly, and securely.
Consent must be freely given, specific, informed, and unambiguous.
Safeguarding children is the top priority; photography must never compromise wellbeing or safety.
4. Consent Requirements
4.1 Parental/Carer Consent
Written consent must be obtained from the child’s parent or legal guardian before any photographs or videos are taken.
Consent forms must specify:
The types of photographs or videos (e.g., group photos, individual photos, action shots)
How they will be used (e.g., internal documentation, social media, website, printed materials)
Whether images may be shared with third parties (e.g., press, partner organisations)
How long the images will be stored
Consent may be withdrawn at any time. Once withdrawn, no new images will be taken or used, and existing images will be removed where feasible.
4.2 Child Assent
Children should be verbally asked if they feel comfortable being photographed, even if parental consent has been provided.
A child’s refusal always overrides parental consent.
5. Taking Photographs and Videos
5.1 Appropriate Photography
Images must:
Show children suitably dressed and engaged in expected Programme activities
Avoid capturing intimate or vulnerable situations
Avoid identifying details such as full names, addresses, school names, or geolocation tags
Only be taken on Programme-issued devices (no personal phones or cameras)
5.2 Prohibited Photography
No images in bathrooms, changing rooms, first-aid areas, or any private spaces
No covert photography
No live-streaming without explicit, documented consent
6. Image Use and Publication
When publishing online or in print, use first names only or no name at all.
Group photos are preferred over individual images.
Images must not be edited in a way that misrepresents situations or places children at risk.
Social media posts should be approved by the Programme Manager or Safeguarding Lead.
7. Data Storage and Security
7.1 Secure Storage
All digital photographs and videos must be:
Stored on encrypted and password-protected Programme systems
Never stored on personal devices, unencrypted drives, or unsecured cloud services
Backed up only on approved secure servers
Physical copies (if any) must be stored in:
A locked cabinet with controlled access
Areas accessible only to authorised staff
7.2 Access Controls
Access to images is restricted to:
Programme leadership
Marketing/communications staff (only with consent)
Photographers contracted by the Programme
All access must follow the “least privilege” principle.
8. Retention and Deletion
Images will be retained only for the period specified on the consent form, typically up to 3 years unless otherwise agreed.
After the retention period, all images must be securely deleted (digital wiping or physical destruction).
Images subject to withdrawn consent must be removed immediately where technically possible.
9. External Photographers
Where external professionals are hired:
A written data processing agreement must be in place
Photographers must follow all aspects of this policy
Images remain the property of the Programme unless otherwise contracted
10. Reporting Concerns
Any concerns or inappropriate photography should be reported immediately to:
The Designated Safeguarding Lead (sam@sussexmusicschool.com for Heron Park and beth@sussexmusicschool.com for Cradle Hill
The Programme Manager alex@sussexmusicschool.com
The incident will be investigated following safeguarding and data protection procedures.
11. Policy Review
This policy will be reviewed annually or sooner if:
Data protection laws change
New technology is introduced
Safeguarding guidance is updated