a) Understanding and engaging with legislation

In my previous portfolio, I discussed:

• Copyright and Intellectual Property Rights

• Data Protection Act

• Freedom of Information and

• Accessibility under the Equality Act.

I don't think it is required that I repeat myself about what I have already discussed in my previous portfolio. Instead, I am going to draw from some of my recent experiences on how I have engaged with these legislations

General Data Protection Regulation (GDPR)

General Data Protection Regulation or GDPR can be considered one of the toughest privacy and security laws enacted. This enforces organisations collecting user data to act responsibly. There are seven principles guiding the GDPR:

• Lawfulness, fairness, and transparency

• Purpose limitation

• Data minimisation

• Accuracy

• Storage limitation

• Integrity and confidentiality

• Accountability

GDPR places an emphasis on personal data protection but it also gives data subjects, or the individuals the right to access, request their data to be kept up to date and or be removed from the systems. Furthermore, if there are data breaches these have to be investigated and reported to the Information Commissioner's Office (ICO). The website for ICO is a great source of information about the regulation and implementation of it.

At UCEM we have to take GDPR training every year.

When sharing files outside the organisation, whether they contain sensitive data or not I use an agreed password to encrypt the file. This way it provides more security.

I remember there was an incident about three years ago where a member of the executive support staff had CCed me in a post sent to an external company asking me to provide additional information to which I responded. However, the external organisation came back to say that they were not the intended recipient of the email. As soon as I got to know this I reported it to the Data Protection Officer at UCEM and forwarded her the email trail for investigation. Thankfully, there was no user data shared as it was a request for a quotation (or similar). However, under the GDPR we have to report any incidents and being aware of the regulation and what to do in such situations is very important.

The accessibility awareness course I run is not compulsory. I wanted to recognise the staff members who put in an effort to follow the Accessibility Awareness course as a way of recognising, encouragement as well as raising awareness within the institution. However, I make sure to ask them and get their permission prior to including their names in the institutional bulletin. This is a common curtsy but also under GDPR we have to get consent.

Being aware of GDPR is also important for your life beyond the professional sphere. For example, as evidence for Financial Ombudsman and Parliamentary Ombudsman cases, I have requested my data held by various organisations under the Right of Access where an individual can ask for the information held by an organisation by making a "Subject Access Request".

The Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018

The Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018 is a relatively new regulation that only applies to public sector institutions. UCEM is a registered university with the Office for Students comes under the category of a public sector institution. Therefore, the regulation applies to the institution.

There are two main things required under this regulation:

• Have an accessibility statement displaying clearly which components do not meet the required standard and what alternatives are provided

• Make sure all websites and apps used by the institution (internal and external) are accessible to WCAG 2.1 AA standard

I have worked tirelessly to test our websites and create accessibility statements. All accessibility statements at UCEM were authored by me and approved by a team. You can view the outward-facing accessibility statements from the links I have shared:

• UCEM Online Education Blog Accessibility Statement

• UCEM Website Accessibility Statement

• VLE Accessibility Statement

You can view the section on Core Area 1: Operational Issues > 1b) Technical knowledge and ability in the use of Learning Technology > Accessibility Testing Tools to view the accessibility testing (with evidence) I have carried out in preparation for writing accessibility statements.

When creating content, I try to adhere to WCAG 2.1 AA accessibility guidelines as much as possible. There is a government accessibility checklist for content creators. However, this is huge and I don't believe it is practical. Instead, we have introduced a good practice for accessibility poster which can be used as a reminder of the important accessibility-related points to keep in mind when creating content.

I use accessibility checkers available for example, in Microsoft Office products and Adobe Acrobat Pro DC, to check the content I create. However, knowing the limitations of these checkers I manually check and follow what I preach to achieve a truly accessible output.

Copyright and Intellectual Property Rights

As an institution offering online courses, UCEM is very aware of the copyright issues and how this can affect the organisation. In the UK, the principal legislation on copyright is the Copyright, Designs and Patents Act 1988. A staff member could download an image from the web to use in one of their webinar slides without considering the copyrights. This is an everyday situation for UCEM. There is guidance provided to staff and especially the Core Services team and the Digital Education team members are fully made aware of the need to check the copyright of images etc.

Analysis and Reflection

Out of the three regulations I have discussed above, I think I am more intimately acquainted with the Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018. I have driven the UCEM compliance with this regulation. It was a struggle to get the organisation to investigate whether it comes under the regulations as it is a charity and at the time it had just registered under the Office for Students but had not received public money. This had to go to the institution's legal representatives for clarification and once it was agreed that the organisation comes under the regulation again I had to get various departments on board to create accessibility statements. At this point, UCEM created an Accessibility Working Group under the leadership of the Deputy Principal.

Despite running workshops for accessibility testing and writing statements, it was clear that most system admins did not have the capacity to create such a technical document. Therefore, I and my colleague Graham tested the systems and I wrote the first version of all accessibility statements. Even after two years, when the time comes for the annual updating of the statement still the owners are unsure of what to do. I think this has much to do with the terminology used in WCAG 2.1 guidelines as well as the unfamiliarity with ARIA, HTML, and CSS. Even after testing so many systems for accessibility, I still would not say I am an expert as there are so many new things to learn.

On the other hand, regulations like GDPR and Copyright are much easier for people to understand and comprehend given that it is less technical than the Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018 because of the success criterion definition etc attached to WCAG guidelines.

I think this is why as learning technology professionals we should step in to support our colleagues by translating the technicalities and difficult to comprehend language into more manageable and understandable concepts. I believe I have been able to do this at UCEM with the accessibility awareness course I have created.

However, the fact that it is easy to understand does not mean that everyone adheres to GDPR or Copyright laws. What is important is to keep it current in one's memory. This is supported by the yearly, compulsory GDPR training that we have to undergo. On the other hand, when it comes to copyright laws there isn't such yearly mandatory training. Therefore, we as learning technology professionals should help our colleagues by asking the correct questions.

Whenever there is any doubt about accessibility compliance any question from any part of the institution lands on my desk. This shows the trust they have placed in my expertise. However, I have taught accessibility myself. My spark for accessibility was meeting a colour blind learner on the Begin Programming: Build your first mobile game (I referred to this incident in my reflection of Core Area 2: Teaching, Learning and or Assessment > b) Understanding of my target Learners). This means that I do not hold a formal qualification for accessibility. What I have are some open badges offered by MOOCs.

• Professional Web Accessibility Auditing Made Easy - Ryerson University

• Accessibility: Designing and Teaching Courses for All Learners - Buffalo State University

• Digital Accessibility: Enabling Participation in the Information Society - University of Southampton

• Teaching Online: Reflections on Practice - Kirkwood Community College Iowa

• Web Accessibility MOOC for Educators -Colorado Community College

• Web Design for Everybody Specialization - University of Michigan

• Accessibility of eLearning - OpenLearn (the Open University)

• Digital Accessibility for Educators by AHEAD (completed April 2022)

Therefore, I battle with this imposter syndrome where I fear I am not up to the level with accessibility despite knowing that I have already done so much and learned a lot over the years. Whenever I feel like an imposter, I tell myself that I have done enough to be considered an expert though it is easier said than done.

I have learned so much with free online courses and this is a reason why I want to offer the Accessibility Awareness Course I have created as an open online course. It is to give back to the community which I gained the knowledge from.

3b) Understanding and engaging with policies and standards

Information Security: Remote Working Policy

In this section, I thought I will discuss UCEM's Information Security: Remote Working Policy and how I have engaged with this policy given how relevant it has been over the past two and a half years. This policy was first introduced in 2017 by UCEM identifying the need to give guidance to the staff who work from home. At the time UCEM had mainly associate tutors who worked remotely but also some other staff members.

Under the policy, we are given direction in using managed devices (UCEM supplied devices) and unmanaged devices (mobile phones and personal computers/laptops) for UCEM work.

In Core Area 1b) I discussed how I used my personal laptop to program a script using R programming language until I received authorisation to install the software on my UCEM managed laptop. I also mentioned that despite having the program script ready I did not test it (run the program) on my personal device because I did not want to copy UCEM data files into my personal device. This is because I was following the policy that was in place. It states:

Do not copy UCEM information (files etc.) to the hard disk/internal storage of the unmanaged device. They may be discovered by others or when it is disposed of.

Despite there being policies and guidelines to help staff, as the learning technology team, we face instances where there are possible breaches. For example, in one instance when I was acting for my manager during his annual leave, one of the VLE team members reported a webinar being run into the early hours which seemed suspicious. I then informed the data protection officer and the IT department of the suspicious activity and started investigating. It was later discovered that a member of staff had accidentally used their UCEM Zoom account instead of using their own personal Zoom account for a personal Zoom session. Therefore there were no concerns about privacy or data protection and the IT department provided training to the staff member concerned. In this instance, it was a happy ending with no harm done. However, it could have been a different situation had there been any data breach. Whenever there are suspicious activities it is our duty to inform the relevant parties in the organisation and help them in the investigation.

During the first lockdown when everyone was trying to adapt to the "new normal" of working from home while children were being remote schooled parents faced the challenge of finding enough devices for all their children. Generally, children share devices at home. But when remote schooling came along, they each needed their own device to take part in the lessons. Despite policies and guidelines, it is inevitable that some parents lacking devices may allow children to use their work devices for remote education. UCEM's IT department came up with the idea of providing old laptops on loan to UCEM staff who needed additional devices for their children. This was announced in an all-staff email where the devices were offered on a first-come-first-served basis. I thought this was a brilliant idea where the organisation is using its existing but unused resources to support its staff during a difficult period. On the flip side, it is likely to increase staff productivity (if they were sharing devices before), staff mental health, and staff loyalty.

Web Content Accessibility Guidelines (WCAG) 2.1

Web Content Accessibility Guidelines have been developed by the World Wide Web Consortium (W3C) in cooperation with individuals and organisations around the world to provide a shared standard to support accessibility needs internationally. The current standard (as of May 2022) is WCAG 2.1, which came into effect on 5th June 2018. The standard can be accessed online and is available freely WCAG 2.1 Standard.

The guidelines are categorised under three levels: Level A, Level AA, and Level AAA which is also the golden standard of accessibility. In order to achieve the AA standard, you have to achieve all criteria under Level A and the criteria under AA. To achieve the AAA standard, you have to achieve all criteria under Level A, Level AA, and Level AAA.

WCAG standard is based on the four principles that are the foundation for Web accessibility: perceivable, operable, understandable, and robust. Under these principles, there are guidelines that provide the goals that authors of content should work toward. For each guideline, there are testable success criteria provided. For each guideline and success criteria, there are also sufficient, and advisory techniques listed.

I have been intimately acquainted with the WCAG 2.1 guidelines as I created accessibility statements for each of UCEM's systems.

Please view these email conversations as evidence (Password Protected password provided to ALT Assessors)

• Conversation disputing external accessibility report with 100% compliance

• Conversation clarifying WCAG 2.1 AA standard around video caption

Analysis and Reflection

UCEM is a small institution compared to other universities. UCEM employed 296 members of staff as of 31st March 2022. Given that there are 43 members of staff earning Web Accessibility and Standards badge, it comes to a little over 14% of the staff. Altogether there were 54 users (18% of UCEM staff) attempting the Web Accessibility and Standards quiz with 43 achieving 100% required to earn the badge in the given three attempts (as of 5th May 2022). Considering that the accessibility awareness course is not compulsory, I think this shows a really good uptake. Also, to earn the badge you have to get 100% in the associated quiz and not everyone will be able to achieve this in the given three attempts.

What I see as a major problem with Web Content Accessibility Guidelines is the sheer amount of technical information bundled together with the standard. Some colleagues who wanted to author accessibility statements for their systems gave up when the accessibility statement template contained specific links to WCAG guidelines and criteria. For example, if an issue with colour contrast was identified, you would have to say which exact WCAG 2.1 AA standard guideline it failed. There are three WCAG 2.1 guidelines relating to colour contrast. These are: 1.4.3 Contrast (Minimum), 1.4.6 Contrast (Enhanced), and 1.4.11 Non-text Contrast. Without knowing the exact details of each of these guidelines, it is difficult for people who just "know about WCAG 2.1 AA standard" to get on with the task of writing an accessibility statement adhering to the government template. Even after being intimately acquainted with WCAG 2.1 for some time, and coming from a programming background, I still find there are sections that I do not understand. In order for more people to be aware of the guidelines, they have to be easy to understand. A lot of technical information in the guidelines will help web developers but it will turn many others completely off.

Many employers now have acceptable use policies in place. Remote working policy too can be viewed as an extension of the acceptable use policy. However, in dire situations employees may ignore such policies. Thinking back at the remote schooling period that started in March 2020, if a parent was faced with the situation of not having a device for their exam-year child/children it is likely that they will try to make use of the office laptop for remote schooling. Given that there were no laptops at a reasonable price to buy due to the huge demand for laptops and printers, parents would have faced a dilemma. As a responsible employer, UCEM took the bold decision to loan old laptops to staff and I think this showed that "we are all in it together". Helping each other during that difficult period assisted many parents (especially those with more than one child) to both do their work as well as to educate their children. One of the priciest assets any organisation has is its human asset. By providing a small help I think UCEM created a more pleasant environment to work for parents who would otherwise think of how they are going to share the limited resources with the children. Despite not needing the help of loaned laptops, the gesture by my organisation made me feel good about working for an institution that cares about its staff.