What is Whisper?
Whisper is a reporting service offered by South West Grid for Learning Trust Limited (SWGfL) to schools. The service, hosted by SWGfL, consists of a hosted form to capture information or details for anyone who needs to report issues to the school. That information is then saved and a notification email is sent to an email address(es) nominated by the school on each inbox. It also comprises an alternative SMS service that uses a school specific prefix code to send information to inboxes. Both services can be regarded as anonymous (as between the school and the user) if the user chooses to withhold their personal information in messages.
Whilst some personal data is collected by us in a report (some only if the user chooses to do so and some as a consequence of the electronic footprint of the report) we do not provide this to a school except in limited circumstances as a school will not be able to access.
You can see a visual representation of how Whisper works below:
Who is the Service For?
The service is an open reporting route for any concerns that a whole school community might have, but in particular issues that affect the safety and well-being of children, young people and staff. It can be used by students, pupils, parents, local community or staff; or indeed anyone who needs to report an issue to the school anonymously.
How Can a School Make the Service Available?
Via the Web
Whisper can be accessed by users through a unique URL which we assign to each for you setup within the Whisper system. You may link to your form on your own website by installing a anchor to your unique link, we provide a facility to generate the required HTML code to achieve this.
By accessing your unique link, either through the school website, via an email, or directly, users will be taken to the school's reporting form that is hosted on our website. See our form to see how it looks.
There is also a way for users to use SMS to report issues to your school using our dedicated SMS number and prefixed with your SMS code (Generated when you setup your form), which you can show on your website. The school will not know if the user accessed the system by the web or SMS; each route creates a notification email to administrators assigned to the receiving inbox.
What Can a User Report?
A School will be involved in the education of its user community as to what the service is to be used for but we have designed this so that a user can share anything.
Where this is a student it may be some of the issues we highlight below but it could be anything that a user considers might be helped by telling a responsible adult at the school and they would prefer to message than having a face to face meeting.
This might include:
- The user or someone else being bullied
- Something happening online that the user doesn’t feel comfortable with and might need some
- Advice on a personal issue
- If the user feels somebody at the school is at risk
- If the user has a problem that they need to talk about to somebody
The system may filter and block things like swear words and stop messages getting to the school Whisper account and so users need to be educated about that and also some other use information.
We have produced a short document which is made available when the user makes a report to cover this off together with important data protection information. This User Notice can be viewed here.
Is Reporting through Whisper Really Anonymous?
SWGfL Whisper has been designed for users to be able to report electronically and in private through an online or SMS system that is accessible to staff through an online portal. Personal details are not shared with the school unless a user chooses to include them in the body of the message or adds their name when submitting a message.
When making a report the user can complete contact info boxes; in doing so the system can alert the user by email or SMS of certain system information such as a URI for the message / connected messages or when the school has responded. Save for the user’s name (if provided), this contact data is not made available to the school save under limited circumstances of which the user is aware by way of a notice we give to each user.
See data protection section for more information.
Is it Confidential?
Message content is not transmitted via email, and is only available to view through the Whisper administration system, which is encrypted using standard TLS encryption. Whilst we make every effort for messages to be secure and confidential, there may be occasions when it could be recorded on school security or other systems. Users must be aware that monitoring systems may be able to decrypt and monitor traffic flowing across the school network and that email is not 100% secure. Also the system could be accessed by unauthorised persons should an account password be compromised.
A school will decide how they wish to deal with the subject of the message and sometimes in really serious cases (e.g. someone is at risk of harm) the school may share the information a user has provided with the police. The school is solely responsible for the actions it takes and we consider that it is for the school to act in accordance with its own guidelines on policies as relevant.
We appreciate that the data we hold may be important when a serious case is reported but we shall not be able to provide this unless under limited circumstances.
What Can a User Expect to Happen Once They Have Made a Report?
This depends. The school has a duty of care to deal with any issues that involve the safety or well-being of students or pupils, so a user can expect it to be acted upon. If a user wanted to pass on information about someone or something that they are concerned about, the school will investigate the issue further using the information provided. This could mean talking to the people directly involved or any other possible bystanders.
The school will make their best judgements as to how to respond to the user, but should send messages back to the person who submitted a report during or after an investigation, using the messaging facility provided by the Whisper system.
How Long Before I Get a Response?
We advise schools using SWGfL Whisper to respond to any reports within 24 hours during school time. At weekends this may very well be longer and during school holidays when the school is closed, the service may not be available. To fully investigate issues will take longer depending on the complexity of the case, so users should be informed of progress through the messaging facility of the Whisper system if no other contact details have been provided.
You can provide more information on how quickly you expect to respond to reports using the free text boxes provided in the Whisper Forms setup dialogue.
Where Are Reports, Contact Data and Other Data Stored and For How Long?
Reports, messages, contact data and some location data is stored by us as we require it to provide the service.
Reports will be available to access by the designated member(s) of the school for as long as the report is deemed to still be active, plus the period as specified by the data retention policy specified as part of the setup process.
Reports will be exportable from the system and once in the hands of the school the school is responsible for storage and retention of these outside of the system.
We will process contact data and some location data as required for the service provision and analytical purposes.
Regarding data retention, we have an automated process in place. The school can choose how long personal data is retained for (6/12/24/36 months), and after the selected period, the names, reports, chat messages, email addresses, telephone numbers, IP addresses are erased.
The records are retained with the report categories, dates, APNs, locations (i.e. no personal data) and we use this for analytical purposes.
If you end the service we will work with you to provide you with the text of messages which have not yet been erased.
Data Protection Treatment
We consider that SWGfL and a school are both data controllers in respect of the message content and so we “share” this data and we each have obligations under the data protection laws to the users and, for the school this extends policies for their duties to other data subjects who may be identified by the user in the body of the message;
SWGfL’s involvement is limited to processing the message / responses in each chain (an Interaction) and sharing this with the school. We do not monitor the content of any messages. We will share this data as relevant for providing the Services and store it safely.
The school is solely responsible for acting on the information it receives from the User in accordance with its own policies and procedures (eg. Bullying / safeguarding etc).
The school may save the message content in its own systems and in doing so is responsible for these aspects of processing as a controller outside of the confines of the system (i.e. the School is responsible for putting in place appropriate information and notices for its user community) taking into account that messages may include personal data concerning the user but other data subjects from time to time.
User Contact Data
We are the data controller in respect of this data and we will use these details only to provide the email notifications and other functionality in the system. We are aware that a School may wish us to provide contact details where a message causes concern (i.e. that a user is at risk of harm or similar for the person they have identified in the message); and we will do under limited circumstances such as where this is ordered by a court, the police of any other administrative body outside of the School or the user gives consent.
The messages will also generate some other types of data such as locations data, IP etc and we are the data controller of this and apply the same principles as for user contact data to this.
We explain all this to the user in the User Notice [URL].
Technical Information about a Report
There are currently two entry points into the Whisper system for reports, and the data that could be collected is as follows:
- Via Web Form
- Creating a report
- Name entry is optional – if no name is entered, the user will be seen as [Anonymous] – This is shared with the school.
- Report is required and could contain personal information – This is shared with the school.
- Email Address entry is optional, and is used for the purpose of notifying the reporter when their report gets a response – The school does not have access to this
- IP Address is recorded internally, along with the approximate location and APN of that IP address – The school does not have access to this
- Each report gets assigned a unique link, which is revealed to the user, they can access the chat through this
- If they entered their email they will have the link emailed to them
- Responding to reports
- School does not whether the user used the web form or SMS
- School responds via a chat interface in the backend system connected to the report
- If the user entered an email address, the user will get an email notifying them of a response
- The user can access messages via their unique link
- The user will see the first name of the admin
- The IP address, APN and approximate location will be recorded for each message that is sent between the two parties –the school does not have access to this
- Creating a report
- Via SMS
- Creating a report
- System records the telephone number of the user – the school does not have access to this
- The report sent in the text message is viewable by the school
- Name will be [Anonymous]
- The user will receive an automated text message in response containing their unique link should they wish to continue the conversation through the webchat interface
- Responding to reports
- The school does not know whether the user used the web form or SMS
- When the school replies, this will be sent to the user’s phone via SMS
- Users can respond to messages within the same thread by not using a prefix
- Creating a report
Terms of Service
You can read our full Terms of Service here.
