This article is designed to support schools and groups to complete a Data Protection Impact Assessment about their use of Pobble.
This list is alive and growing, so if there's any questions not answered here that you need to know, please email email@example.com.
Please provide an introduction to Pobble
Pobble is an online platform that supports the teaching of writing in schools. As a BETT award winning supplier, supported by the Department of Education through the EdTech Innovation Fund, Pobble is well known and used in UK and international schools with tens of thousands of teacher and pupil users every week.
Pobble provides two main packages, Teaching and Learning (T&L) and Moderation. Pobble also has a free account for teachers to try out various aspects of both these packages.
The T&L tools are designed to support writing in schools, reducing teacher workload and engaging pupils in writing, leading to improved attainment. As well as tools internal to a school (such as accessing resources and example texts, creating and sending lessons to pupils, receiving work submissions, peer and self-feedback etc.), Pobble also enables teachers to publish work to an external school celebration page. Published work can be viewed and commented on by registered Pobble users from all around the world, providing a real audience and purpose for pupils’ work.
The moderation tool is designed to support schools, groups and Local Authorities with their statutory and non-statutory moderation requirements. Using the tool, teachers can share pupils’ writing outside of their school setting with other teachers and moderators, to support assessment and moderation.
In order for the platform to function, Pobble has teacher, pupil and parent accounts, each with various levels of access.
Although nearly all of Pobble's features can be used by teachers and schools immediately upon sign up, we highly recommend that schools notify parents prior to using Publishing (where pupils' work is shared on a school celebration page, viewable by anyone in the Pobble community). Please note any work shared outside of the school community for publishing and moderation is anonymised and so should not contain any personal data.
Parents can sign up for an account directly through the landing page and their accounts can be connected to a pupil account through a code. Once connected, a parent will receive an email directly from Pobble linking to their child’s work every time a piece of work is published on Pobble.
Only verified teachers on the platform can select work to be published, and any comments left by non-verified teachers are centrally moderated by Pobble.
Schools, school groups or teachers may purchase Pobble directly to enhance teaching and learning or assessment and moderation.
Local Authorities, who have a statutory requirement to deliver moderation and moderation training may purchase Pobble's T&L and Moderation tools on behalf of schools.
What pupil information is needed to operate Pobble?
Pobble requires the following information in order to create a pupil account, required for the correct operation of the platform:
- First name
- Second name
- Age group
This information can be provided through a manual upload, or via synchronisation with an MIS via Wonde.
Is any personally identifiable data held?
Yes, we store pupils' names, age group and any other groups the school wishes to add. All data provided will be stored, unless a user specifically requests us to delete some data. We use AWS PostgreSQL product to store data. We use S3 to store uploaded media (works of students).
What is a Group?
Groups allow you to group your pupils in Pobble, for example to identify classes or similar. Groups can be added manually, or synced from your MIS.
If a child’s work is uploaded, where does it go?
A teacher can create a moderation file, which contains a selection of pieces of work for a particular child. This can then be shared with another teacher or moderator outside of their school for moderation purposes. The platform anonymises the work when shared outside of the school it originated from (i.e. the person who receives the moderation file cannot tell the name of the child). The work remains stored in the Pobble database.
Is it possible to identify the child from published work or moderation files?
Are any comments/notes recorded against the child’s work?
How long is data retained once a school has ceased using Pobble?
Is access to pupil data restricted for Pobble staff bar the select few who administer the system?
Only Pobble employees who have a need to access the data to administer the system can access any user data. All employees are DBS checked and employ 2FA on their machines.
Is the data hosted in the UK?
Our data is hosted in Europe with Amazon Web Services (AWS).
Is school's data backed up when using the system?
Data, including backups, are encrypted on disk, including the temporary files created while running queries. We use standard daily AWS RDS backups.
What are the Business Continuity and Disaster Recovery time scales?
We have our own in-house development team who can be available 24 hours a day to deal with any critical issues. As a result, we will start working immediately on solutions as soon as any critical issue is brought to our attention. Since we serve schools all over the world, the platform is only taken down for maintenance in exceptional circumstances, and always for very short timescales. Pobble's uptime was higher than 99.9% over the last 12 months.
Is there any requirement for visitor escorts when visitors are on site at Pobble HQ?
Yes, we have mandatory onboarding training on data security for new employees and we conduct annual refresher training for all employees on data security.
Yes, we have an internal data security policy which outlines for staff how the measure they should take when handling personal information (although as mentioned, most staff do not have access to the personal data of users).