Introduction
The University records educational activities delivered face to face and virtually to enhance the student experience and to help students learn. It also provides a means for students to access material that they would otherwise have missed through absence.

The use of technologies to record educational activities is becoming widespread in Higher Education Institutions around the globe and students at the University of South Wales (USW), and across the sector, are now expecting lectures to be captured, where appropriate

Further information can be found on the USW Lecture Recording Policy Hub.

What information is collected?
Typically the following personal information may be captured during lecture recordings:

  • Images
  • Name
  • Voice
  • Opinions and experiences

How does the University use this information?
The University predominantly uses a cloud-based solution called Panopto for lecture recording. Panopto is a video management, lecture recording, and live casting software service. Recordings are stored and made available to students for purposes relating to their studies and to aid their learning.

The University also uses Class Collaborate and Microsoft Teams to record educational activities.

Access to recordings made for USW taught modules is controlled and limited to students enrolled on modules. This typically means that only students enrolled on the module can view the content, though there may be instances where it is shared across courses or modules.

Students should be able to view recordings for the modules that they were enrolled on for a period of 3 years after the creation date of the recording.

Lecture recordings are not designed nor intended as a disciplinary/performance tool and their use will not be the basis for commencing performance or disciplinary proceedings unless there are serious concerns or allegations.

Does the University need consent to record the educational activity?
The University does not need to seek specific consent from staff and students to record each educational activity as the processing is in the legitimate interests of the University and its students. Students will be informed that the session is being recorded.

Individuals will not be intentionally recorded by a video camera unless they are presenting or actively participating in a session. Individuals may be recorded by microphones and cameras if they are sat in view of a camera or speak during the session. Individuals should state their name if they want to be credited for their contributions in recordings. Individuals can opt-out by choosing not to ask questions verbally when the recording is taking place and by sitting away from the camera. Individuals can request that their contribution is edited and removed from the recording.

Individuals should refrain from verbally disclosing any personal information defined by Article 9 of the UK GDPR as ‘special category data’ during a recorded session. Special category data includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, a person's sex life or sexual orientation. Additionally, information relating to a person’s criminal allegations, proceedings or convictions should not be captured by the technology. Sessions where this type of information is likely to be disclosed should not be recorded.

External third parties, such as guest lecturers, are required to sign a consent form.

What is the lawful basis for this processing?
In line with data protection legislation, the University relies upon the following lawful basis to process personal data captured during a recorded lecture: that it is necessary for the purposes of the legitimate interests pursed by the controller or by a third party (Article 6 (1)(f). The legitimate interests assessment (LIA) relevant to this processing can be provided on request.

Where external third parties, such as guest lecturers, are invited to present to students then the lawful basis relied upon will be consent. This consent will be provided in writing.

How long will recorded lectures be held?
Recordings should be retained for three years after the creation date. This ensures that students can view recordings of all the modules that they have taken during their course. After three years the recordings should be reviewed and then deleted.

Lecturers will be notified before the content is deleted to enable a review to take place.

If lecturers wish to use recordings for longer than three years, they should create a copy of the recording, or move it into the latest version of the module.

Who can view recorded lectures?
Recordings are to be stored in Panopto folders relating to specific programme areas or modules. Consequently, recordings will be available to relevant staff and students studying the particular course via Blackboard for purposes relating to their studies.

Where a recording is made using Teams or Collaborate the recording will only be available to invited attendees or members of the module. USW colleagues are recommended to move all recordings to the relevant module Panopto folders and then delete them from Teams/Collaborate for ease of management.

Systems Administrators (CELT, and IT Services) can, where there is a requirement to do so, access, view, and edit all recordings made via Panopto and other technologies.

Data generated using Panopto may also be used by USW staff as part of the USW Learning Analytics service and STEAM (Student Engagement and Attendance Monitoring) service.

Employees of Panopto may need to view recordings to provide support to USW; this may be for the purposes of fixing faults, restoring deleted recordings etc.

How do we ensure that the recordings are secure?
Employee Training: All University employees who handle personal data will be trained on data protection laws and regulations, and the organisation's policies and procedures for protecting personal data. Staff development sessions on using lecture recording procedures are offered on a regular basis.

Encryption: Personal data is encrypted by both in transit and at rest to ensure its confidentiality and integrity.

Access Controls: Technical measures are implemented to restrict access to personal data to authorised personnel only (via SSO).

Patch Management: All software and systems used to process personal data are regularly updated with the latest security patches to mitigate vulnerabilities and reduce the risk of exploitation by hackers. This commitment forms part of our Cyber Essentials certification.

Further information
For further information on your rights and how the University uses personal data please refer to the USW privacy notices.

USW's lecture recording policy and procedures can be found on the USW Lecture Recording Policy Hub.

If you have any concerns in relation to the way your personal information is being processed, please contact the Data Protection Officer at [email protected].