RollCall

Driver Field App Acceptable Use Policy

Last Updated: 2 March 2026

1. Purpose

The App exists to support safe, accurate student transport operations by enabling drivers to:

  • Log in / log out
  • Record student tap-on / tap-off events
  • View and follow the run manifest (student names and required operational notes)
  • Follow safety prompts and safety functions provided within the App

Use of the App for any other purpose is not permitted.

2. Acceptable Use (What You May Do)

Drivers may only use the App to:

  • Authenticate using your assigned credentials
  • Confirm route/run selection (where applicable)
  • Record student boarding/alighting via tap-on/tap-off workflows
  • View the manifest for the run you are currently operating (and only for as long as required)
  • Act on App safety prompts (e.g., alerts, checklists, incident prompts) as part of safe operations

3. Prohibited Use (What You Must Not Do)

You must not:

  • Use the App for personal purposes, web browsing, messaging, or entertainment
  • Access any run/manifest you are not rostered to operate
  • Search for, view, or disclose student information out of curiosity
  • Take photos, screenshots, screen recordings, or copy/transpose student names into any other system (paper lists, notes apps, messages, etc.), unless specifically authorised by procedure
  • Share your login, device passcode, or allow any unauthorised person (including other drivers, family, students, or school staff) to use your session
  • Leave the App open and unattended where others can view student information
  • Attempt to bypass security controls, disable protections, or use "workarounds" that reduce safety or privacy
  • Export, print, or re-distribute student information in any form unless explicitly approved and required by a documented process

4. Safety-First Operation Requirements

Because the App is used in a live transport environment:

  • Do not interact with the App while the vehicle is moving, except where hands-free/approved workflows exist and local road rules permit.
  • If a safety prompt requires action, follow the App's instructions and your operational procedures (e.g., stop safely before interacting if needed).
  • If the App indicates a safety risk (e.g., "student still on board" prompt), treat it as an operational priority and follow the escalation steps in the App/procedure.

5. Privacy and Confidentiality Obligations

Student names and trip events are personal information. You must handle this information lawfully and respectfully under the Privacy Act and APPs.

Drivers must:

  • Access only the minimum information required to do the job (manifest for the active run)
  • Keep student information confidential and not discuss it in public, with other passengers, or with unauthorised persons
  • Never disclose student information to anyone unless authorised by procedure (e.g., to designated operations staff or emergency services where required)

The organisation will take reasonable steps to protect personal information (security, access controls, retention rules). Drivers must also do their part by following this policy and security practices.

6. Device and Account Security Requirements

You must:

  • Use only authorised devices/accounts as instructed
  • Keep your device secured with PIN/biometric lock where provided
  • Log out at end of shift/run and whenever leaving the device unattended
  • Immediately report:
    • Lost or stolen device
    • Suspected unauthorised access
    • Any mistaken tap-on/tap-off or manifest issue that could impact student safety

Security of personal information requires "reasonable steps" to prevent misuse, loss, and unauthorised access/disclosure.

7. Data Breach and Incident Reporting

If you suspect student information has been exposed (e.g., device lost, screenshots shared, wrong person accessed the manifest), report it immediately to your designated Manager.

Where the organisation is covered by the Notifiable Data Breaches (NDB) scheme, certain breaches may require notification to affected individuals and the OAIC. Prompt internal reporting enables assessment and action.

8. Monitoring, Audit, and Logging

To protect students and ensure operational integrity, the organisation may:

  • Log access (logins, manifest access, tap events, timestamps)
  • Audit usage for safety, privacy, and compliance purposes
  • Investigate suspected misuse or incidents

9. Non-Compliance

Breaches of this policy may result in:

  • Removal of App access
  • Reporting to relevant authorities where required (e.g., serious privacy incidents)