If you work in a school as a principal, in advancement or marketing, board member, wellbeing lead, ICT manager or educator, you may already know this feeling. That quiet pause before approving a photo for social media and the moment of unease that didn’t exist five years ago. The sense that something has shifted, even if the policies haven’t yet caught up.

You’re not imagining it.

The risk environment has changed, and with the amount of coverage now appearing across Australian and international media, this risk is no longer abstract. It is foreseeable.

For many years, schools relied on parental consent and permission to publish forms as the primary legal and ethical basis for publishing student images. Prior to 2021 that approach was considered sufficient. Today, unless consent is genuinely informed, specific, and auditable, it no longer reflects how images are captured, stored, transmitted, and reused in the context of a school's social media use and across multiple EdTech systems.

Loss of control increasingly occurs before anything is posted publicly at the point of image capture, storage and transmission. Photos taken on personal devices or unmanaged school systems can automatically synchronise to private cloud accounts, be retained beyond their original purpose, or be accessed, copied or repurposed in ways never anticipated at the time consent was given. Once an image leaves a controlled school environment, schools can no longer reliably ensure that its use remains aligned with the purpose parents agreed to, that security standards are met, or that the image will not be misused.

This is why leading child-safety bodies, privacy regulators, and the eSafety Commissioner now treat image-based harm as a material governance and duty-of-care issue, not a technical one. Privacy settings do not completely prevent copying and screenshots. Consent forms do not prevent third-party misuse, and schools are often unaware of harm until long after it has occurred.

Under Australian law and the National Child Safe Principles, schools are required to take reasonable, proactive steps to prevent foreseeable harm, including online and technology-facilitated abuse. Image-based exploitation, deepfakes and AI-enabled misuse are now recognised psychosocial hazards with serious implications for student and staff wellbeing, learning, attendance and long-term mental health. When risk is foreseeable, and harm could be severe, the duty of care requires action before a crisis, not after a police report or media inquiry.

This is why many Australian schools that have worked with us are quietly but confidently changing their approach. Some have gone public with their reasons for no longer publishing student images on public platforms that are easily deepfaked. Others have removed student photos from social media entirely, limiting use to closed, authenticated environments. Others have changed the type of photos they publish.

Because leadership means responding to what is now known and what is clearly coming.

Schools did not create this digital ecosystem. Technology companies did. But schools are still the ones placing children into it, often without full visibility of how images and other identifiable data can be used downstream.

This isn’t an argument for shutting down communication or community engagement, as there are ways you can keep your school's social media just by changing the way you do things. It’s an argument for modernising risk assessment and setting safer defaults that align with contemporary child-safe expectations. The question many schools are now asking is not “How do we keep posting safely?” but rather, “What is the minimum public digital footprint our students actually need?”. It reframes the issue from fear to governance, from reaction to leadership.

We’ve supported hundreds of schools to make this transition calmly and confidently, without fear campaigns, without parent backlash, and without adding pressure to already stretched staff.

This work is not about going backwards. It’s about moving forward with integrity, clarity and child-centred decision-making. This risk isn’t going away; in fact, it may increase a recent IWF survey showed a 26,362% increase in CSAM in the last year. Schools that respond early, thoughtfully and systemically are already setting themselves apart as leaders in child safety, wellbeing and digital responsibility.

_________________________________________________________________

What comes next — and how schools are responding

We are now inviting our next tranche of 50 schools to participate in our CTRL+SHFT+OS Early Adopter Program.

CTRL+SHFT+OS is not a policy pack or a one-off intervention. It is the operating system schools use to run and prove the duty of care across the whole school community in one connected system. It gives leadership teams a single, defensible system to capture early risk signals, run the correct response pathways for compliance, support students and staff in real time, and generate regulator- and board-ready evidence automatically without relying on memory, inboxes or reconstruction after the fact.

If your school is ready to lead early or if you are navigating board, leadership or community conversations about what responsible digital practice now requires, we would welcome you to get in touch to organise a live demo.

Contact: kirra@ctrlshft.global