Your youth group is planning a three day trip to Dartmoor. As group leader it’s your first time leading a trip like this. You feel anxious. There’s a lot of risks. But it’s a great opportunity for your young people, some of whom have never left the city.
Instead of the trip you could stay and do activities in your group’s normal building. Here you know the risks. There are fewer of them and they are better known. It feels safer. But it doesn’t offer the same benefits as a trip up the moor.
So you’ve researched the trip’s risks. There are several, some of which were similar to those at your regular youth sessions, and some of which were specific to taking a group of city kids to a wild place with unpredictable weather, limited mobile reception and dangerous hounds.
You’ve also assessed the risks and identified ways to mitigate them. Some risks remain but together with your manager and team you’ve decided to accept these. Because the benefits outweigh the risks. Your risk appetite is probably neither too conservative, nor too reckless.
It’s the same for those of us trying to understand digital safeguarding risks. We are like that youth leader planning their first ever trip. After a season or two they’ll be a pro and so will you. But for now we all need to learn the ropes…
The youth leader’s approach to risk is the same one you’ll need to take when assessing different ways of engaging with your users online.
You’ve probably got many engagement tools to choose from. Zoom and WhatsApp are common. Some will carry specific risks, some will share generic ones, and each will offer greater or lesser benefits to your users and your staff. You have to assess the risks, identify mitigating actions, then decide how much risk you’re willing to accept in pursuit of supporting your users. In this you’re trying to generate a reasonable level of caution coupled with a reasonable appetite for risk.
“Risk appetite is a way of describing the level of risk you are willing to live with, because of the benefits of doing so.” — Jess McBeath, Online Safety & Digital Citizenship Specialist, Jess Ltd
The only way to decide what level is reasonable is to go through the process. It’s the only way of taking care and doing right by everyone involved. Doing right by them includes not making decisions on your own. At the least you should have other staff involved, and sign off from senior staff, CEO or Board.
And even if after all your analysis and mitigation something does go wrong you’ll be more ready for it and more able to respond. Plus you’ll know you’ve done your best to assess and decide.
The Dartmoor trip includes some similar risks to running a youth centre session. In the same way online delivery presents many similar risks to offline delivery. Here’s a few examples.
Whether you’re doing group or one-to-one work, video or non-video, you and your team can learn the risks involved. Part 2 of this guide will include links to more examples.
“Some issues will be just an online version of an existing offline risk. Some will be additional online issues that you didn’t have to think about before.”- Jess McBeath
Two key principles apply whether offline or online, whether on Zoom or up on the moor.
The biggest way of mitigating risk is to guide and train your staff in behaviour that keeps things safe. It’s not costly to send your staff on a basic online safety course. And of course it’s normal to introduce new policies to your staff and expect them to follow them.
“Secure the person. If the person is practising good security then then the device and platform become safer.” — Declan Doyle, Ethical Hacker at Scottish Business Resilience Centre
Your organisation will already have a risk review process. Likely it’s a standing agenda item at quarterly meetings. Make it more often as you start this work. Then expand the amount of time spent on it quarterly.
You have a duty of care but that doesn’t mean you can control everything that happens on your trip to Dartmoor. It’s the same online. For example:
You can’t control what your users do with a platform when they aren’t using it with you. Just as you aren’t responsible for what they do on their walk home from your coffee shop meeting. But you can check they are old enough to sign up or meet you on their own.
You can’t control if your young people decide to share contact details with each other on a group call and what they do together afterwards. Just like you can’t control whether they do this on Dartmoor then meet up independently afterwards. But you can give them good relationship advice.
You can’t control online platform privacy policies. Just like you can’t control who sees your client visiting your domestic abuse drop-in service. But you can give them good privacy advice.
“Risk can’t be eliminated completely. It’s a part of everything we do, so we should probably try to understand it objectively.” — Lucas Allen, CEO Ln2X
Just like there’s no guarantee the trip will go smoothly, no online platform is 100% safe. There are always risks.
But you can mitigate them:
But that’s all you can do.
Sometimes you will accept a risk in order that you can provide an accessible service rather than one no one can use.
What you define as ‘acceptable risk’ is up to you. But the best way to decide what is acceptable is to understand and document them through a robust process.
Our free services help you make the right decisions and put you in touch with the right agencies to make digital happen.
FREE resources to help you take control of your digital challenge.
Help shape the future of digital for charities. Join our network of skilled professionals and start making a real difference. Find out the variety of opportunities we have on offer and get involved today!
Get involvedGet the latest information about digital in the third sector, including funding opportunities, top tips and events to get involved and connect with others in the network in our fortnightly newsletter.
Subscribe to our newsletter