risk management checklist: how prepared is your youth ... · 1 club executives must understand...
TRANSCRIPT
How Prepared is Your Youth Soccer Club in the Digital Age?
Risk Management Checklist:
a whitepaper presented by
Find out if you’re 100% compliant with new 2019 rules and regulations.!
“Safe Sport Authorization Act,” “COPPA,” and “KidSafe
Program” don’t strike a chord with you right now, they
will very soon. That goes for every single owner,
executive, director, coach, and volunteer in your youth
soccer club. Updated laws, rules, and regulations in the
United States have caused a fundamental shift in the
way youth sports organizations manage player safety,
both on and off the field.
The potential risks and liabilities loom large over the
entire sport and the leaders of every soccer club.
In this whitepaper we’ll take a close look at the digital
components of these laws, rules, and regulations, and
highlight the steps your club can take today to ensure
you are on the path to being fully compliant and
protected. Technology has undoubtedly altered the way
we interact with each other on a daily basis. Now, in
2019, data privacy and adult-to-minor conduct
concerns need to be dealt with head-on by every youth
soccer club, large or small.
!
If the terms
1learn more at playmetrics.com
learn more at playmetrics.com
We are not lawyers nor
regulators. We encourage you to do your own research
on the below topics, discuss with your in-house counsel,
and contact your governing soccer associations before
taking any action.
OBLIGATORY NOTE:
2
Laws,Rules & Regulations
Recently updated U.S. laws require youth sports clubs to follow
strict guidelines for overseeing player data and interactions
between minors and adult staff.
1
Club executives must understand these laws and policies before
creating Risk Management Plans that hold their staff accountable
for everyday interactions with minors.
3
National and local youth soccer associations have instituted
policies that hold clubs directly responsible for the ways in which
adult staff members and volunteers electronically communicate
with players under the age of 18. For example, no adult staff
member should ever send a digital communication to a minor
without a legal guardian copied.
2
3learn more at playmetrics.com
Key TakeawaysLaws, Rules & Regulations
Consider the "chain of custody" involving your players' data.If one of your coaches decides to sign up for a messaging app on his own, then sends an email to a player, your club has instantly lost control of its member data and oversight of its usage. Without standardized, club-approved technology, you could be facing a host of issues with legal risks involved.
same national and local associations that govern your club’s official status
in youth soccer have implemented new player safety protocols that require close attention
and proactive behavior. Based on federal laws like the Protecting Young Victims from
Sexual Abuse and Safe Sport Authorization Act, along with state privacy and civil liability
laws, these policies are designed to ensure youth sports organizations have measures in
place to prevent and report inappropriate behavior between adults and minors.
The
Are you able to audit the history of every message a
coach sends and receives to players?
Do these third party tools have controls in place to
prevent coaches from messaging minors one-on-one?
Are legal consents being captured when data is
uploaded and shared within messaging apps?
Is there a way to automatically add legal guardians to
any message sent from a coach to a minor?
Adding another level of complexity into the mix, if the player in this situation is under the
age of 13, the club may be in violation of The Children’s Online Privacy Protection Act, or
COPPA as it is commonly known, which imposes certain requirements on the use of data
specifically regarding children under 13 years of age.
4learn more at playmetrics.com
Each “Organization Member [who] has adult
members who are in regular contact with
amateur athletes who are minors” must
maintain a “risk management program.”
— U.S. Soccer Federation Policy Manual
“...promulgating risk management guidelines
for youth websites [and] encouraging and
facilitating compliance with the Children’s
Online Privacy Protection Act (COPPA).”
— U.S. Youth Soccer KidSafe Program
“Keep barriers in place. If communication
occurs by text or emails, send group
messages to the entire team, including
parents. Don’t use these means to
communicate on an individual basis.”
— U.S. Youth Soccer KidSafe Program
5
“Organizations are required to establish
reasonable procedures to limit one-on-one
interactions between individual Youth
Participants and any Adult participant who is
not their legal guardian.” This includes via
“social media and electronic communications.”
— U.S. Soccer Federation Policy Manual
“Participating adults are not permitted to
communicate privately via electronic
communications with amateur athletes who
are minors, except under emergency
circumstances. If a participating adult needs to
communicate directly with an amateur athlete
who is a minor via electronic communications,
another participating adult or the minor’s legal
guardian will be copied.”
— U.S. Youth Soccer’s Code of Conduct Policy
!
!
!
The policies and regulations established by youth soccer’s governing bodies inform the building blocks for a club’s Risk Management Plans (RMPs). RMPs encompass the methods a club utilizes to avert issues, actively manage potentially libelous activities, and report details around suspected incidents.
Below is just a sampling of these policies:
!
!
learn more at playmetrics.com
learn more at playmetrics.com
6
Getting Your Club Risk Management Ready
Clubs are responsible - and may be legally liable - for the actions of
their staff and volunteers, and the ways in which they use
technology to communicate with players who are minors.
1
Third party technology can be your friend or your foe. Clubs are
responsible for all software tools that coaches, parents, and players
use on a daily basis. Sourcing and implementing standardized, club-
approved technology will go a long way in ensuring compliance
through efficient oversight and transparency.
3
7learn more at playmetrics.com
The manner in which player data is captured, shared, and
accessed by staff members and volunteers plays a significant role
in how compliant clubs might be with privacy laws. Let’s say a
coach asks a player for her cell phone number so he can text her a
drill video link; that coach is legally required to get and record
consent from the player’s legal guardian to use her phone number
in official club communication.
2
Key TakeawaysGetting Your Club Risk Management Ready
through the policies mentioned above,
certain themes emerge that should form the foundation of your club’s
Risk Management strategy:
Reading
How would you know if one
of your coaches violated
regulations by, as an example,
inviting a minor player into a
mobile chat? If a player levied
an accusation against a coach,
how would you track down
the digital footprint of their
interactions? Without the
right set-up, monitoring, and
oversight capabilities, clubs
are in constant danger of
running afoul of the law and
may not even know it.
We often see coaches within
the same club using different
messaging tools to
communicate with their
players and player families.
Most youth soccer clubs we
speak to are using upwards of
8-10 different software tools
to run daily operations:
Gmail, iMessage, Dropbox,
spreadsheets, team
registration...the list goes on
and on. This makes it
extremely difficult to enforce
standards and safeguards to
adequately protect the club
and all of its members.
Can you recall how - exactly -
contact information for every
player in your club was uploaded
into your system, and by whom?
Your club is responsible for
managing all data according to
the law, from having consent
language in place when someone
hands over their email to
ensuring only approved staff
members can access this
information at any given time.
This goes beyond your own
club’s member database; any
third party technology your club
employs must also be fully
compliant with laws and policies.
8learn more at playmetrics.com
Transparency& Oversight
ClubStandardization
DataManagement
At PlayMetrics, we’ve built safety and security measures right into our Club Operating
System to help clubs mitigate risk and, should an incident occur, quickly follow the digital
breadcrumbs of any questionable interaction.
Maintain clear records of club members accepting Terms &
Conditions and Privacy Policies and consenting to the use of
their contact information, including the date and time.
Prevent collection of data from players under the age of 13.
By default, a player’s primary contact (adult/guardian) will be
automatically added to all messages sent to that player and will
be included when the player is invited to group chats. This is a
significant safeguard that stops potentially libelous activity
before it can become a problem.
Hide all contact information for players who are minors, unless
the staff member has approved access to it.
Track all messages sent to minors and store for quick access at
any time by club executives and administrators.
An admin interface allowing club representatives to filter and
review messages and chats involving minors. Messages can be
tagged with a “level of risk” to make the review process easier.
Club representatives are able to flag messages that require
additional analysis
These measures include:
9learn more at playmetrics.com
With the right technology partners, you can arm your whole club with the tools it requires to stop potentially troublesome activities before they happen.
we’ve covered in this paper can be downright scary for youth soccer clubs, but they don’t need to be. With the right mindset - and the right tools - your approach to risk management can be a significant
factor in your club’s success.
A solid Risk Management Plan shields coaches from dangerous activities, protects club officials from landing on the wrong side of the law, and
provides comfort to players and families who desire safety above all else.
The topics
10learn more at playmetrics.com
What can you expect of the technology that your club uses every day?
Before you answer that, we recommend you perform a tech audit using the
checklist provided below. Evaluate your chosen software through the lens
of risk management, aiming to identify and mitigate areas of concern.
Review COPPA
Review the Safe Sport Authorization Act
Review your state soccer association’s rules and recommendations regarding child safety, including required staff training
Official Regulations
Review your club’s privacy policy to ensure it reflects updated data privacy and consent best practices
Check to see which members of your staff have access to player information in your member database, such as email address, age, photo, and more.
Check to see which members of your staff have the ability to edit player information in your member database.
Club Data Collection & Management
Risk Management Checklist
Technology Partner Audit
Make a list of all third party software your club uses for registration and/or member contact management
Make a list of every third party tool your staff uses to communicate with players and parents
Review the privacy policies for all active third party software and communication tools to ensure they are processing data in accordance with current privacy laws
Determine if it’s possible for an adult staff member to communicate digitally with a minor one-on-one using those third party tools
Determine if there are any built-in restrictions in your third party tools that automatically prevent adults from having one-on-one communication with minors
Find out if you have access to messages sent via those third party tools for auditing purposes
learn more at playmetrics.com
learn more at playmetrics.com
Trusted by:
PlayMetrics is youth soccer’s first fully integrated Club Operating System, connecting all your coaches, teams, tools, and data in one easy-to-manage hub.