Safeguarding and transparency
The ugly monster has reared it’s head again, and I have been in another Twitter rage storm regarding safeguarding, events not having provision for U18s and liability. So I’d thought I’d try and clarify my position in more than 140 chars.
Firstly, I understand the huge amount of time people put into running hackathons and events and I do not wish to belittle, criticise or undermine what they do. Many of them are college students and they have another, arguable more important, things to be worrying about than events. What I write below is my personal opinion based upon what I have observed.
Safeguarding is not just about kids. Everyone should have the right to feel protected, valued and ‘looked after’ at events — no matter what properties they themselves have. Granted, child protection requires greater emphasis both legally and morally. Running an event with U18 requires a great deal of extra resources, planning and paperwork and is not to be underestimated. In the UK, DBS (Disclosure and Baring Service, formally CRB) checks are required and there is fairly complex legislation over how that is carried out, who requests the check and which level is necessary. Of course there is a cost, however I would argue that hackathon volunteers count as a “volunteer” when applying for a DBS check — in which case it is free. Then there is the arranging of separate sleeping spaces (if it is an overnight event) and cover by a DBS checked adult etc. The list grows ever longer…
So yes, running an event which includes U18s is a formidable task and is not to be underestimated. Many organisers therefore choose not to include them (and then face a certain amount of unacceptable abuse), for reasons of cost, time and liability. Here comes my beef — no event is going to be 100% perfect, safeguarding isn’t either (and here is where I state that I am NOT advocating running events without adequate safeguarding measures) and it seems that if there is even a marginal risk of liability, people just won’t explore the option of U18s, whatever the benefits. Rather sad and shortsighted.
What would be better then? (Tl:dr; here comes the transparency bit) Well, if the organisers were to do a risk assessment, and cost-benefit analysis to determine whether having U18s was safe, practical and possible within various constraints (money, time, space, DBS checks etc.) and they determined: no, it wasn’t — I think that would be fine. They’ve looked at the options, haven’t dismissed the idea at the first hurdle and they have determined they just don’t have the resources to make it happen. Fair enough. Then come the excuses. Why not just publish your risk assessment and cost-benefit analysis to explain why you aren’t able to accommodate U18s instead of saying nothing, offering weak excuses or just making things up. Young people aren’t stupid, they do understand legislation and common sense and trying to hide things from them doesn’t work. That said, most of them do accept that not everything is possible and if you explain the methodology and provide reasonable evidence, people will understand. What’s that called, oh wait — transparency.
And I would argue that transparency can be extended to more than just safeguarding. Loads of events are run every year, worldwide, by different organisers — surely there can be some collaboration between them? Here is where liability comes in again (thanks to Joe Nash for pointing this out). What happens if someone follows you’re advice, something goes wrong and they get sued? Well technically it was your idea, right? So you could get sued too: “There’s risk/liability for my own stuff, but I trust myself to execute it but if I take liability for someone else executing it correctly, nah fuck that”. Now, I really disagree with this “blame game” culture, but that culture is law so I can’t really change that. However, if no one ever shares advice or collaborates because they risk getting sued, where does that leave us? Open Source Software thrives on people spending their time and using their expertise to build applications/services/hardware for zero money (generally) and putting their source code out there for other people to use. So, if I write some code for an OSS application that creates a massive security flaw, am I responsible? Not necessarily. Because the licence I distribute the code under contains a waiver.
At the time of writing, CloudFlare has just made public a massive data breach that has huge repercussions across the industry. Essentially, for the time period where the breach was “active” we have to assume any data sent during that time is public now. Yet, in the interests of transparency CloudFlare have published a report into what went wrong and why, helping to restore confidence and enlighten people, so maybe the same mistake won’t be made again.
