Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.

Slides:

Advertisements

Similar presentations

Leon County Schools Teacher Website Guidelines

Advertisements

A Guide to INCTR s Portal Enhancing international communication in the service of global cancer control.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.

UDDI, Discovery and Web Services Registries. Introduction To facilitate e-commerce, companies needed a way to locate one another and exchange information.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

CLIL WEBSITE BLOG FORUM NETIQUETTE. What is CLIL? It means Content and Language Integrated Learning and it is a methodology which aims at having students.

Dr. Michael Stachiw - Format International, Inc. 1 Beginning Web Pages Designing a Website for Your Farm Dr. Michael Stachiw Format International, Inc.

1 of 4 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

FERPA 2008 New regulations enact updates from over a decade of interpretations.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.

Copyright Shanna Smith & Tom Bohman (2003). This work is the intellectual property of the authors. Permission is granted for this material to be shared.

E-Commerce: Regulatory, Ethical, and Social Environments

Dhananjay Bhole, Coordinator, Accessibility Research Group, Department of Education and Extension, University of Pune.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Standards and Guidelines for Web Page Publishing December 9, 2009.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Turkey IDA Info-Day PM Session, September 25, 2003 CIRCA 1 CIRCA : The IDA Collaborative Software Tool Grzegorz Ambroziewicz European Commission - DG Enterprise.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Moodle: using an open learning management system to support student learning Keith Landa Purchase College

CPS Acceptable Use Policy Day 2 – Technology Session.

Direct and Online Marketing: The New Marketing Model

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Electronic Use Policies.   Social Media  Internet.

 Board Policy GBEAA (The Internet Acceptable Use Policy): › “Employees will have access to the Internet for the purpose of instruction, resources and.

Creating an Effective Policy Central Missouri Chapter Jesse Wilkins April 16, 2009.

Systems Used for Collaboration When to achieve a common goal, result or work product.

Improving the Visibility and Marketability of Your Web Site Giovanna Genard, marketing.

Privacy and the University Press Joseph J. Esposito CNI 2014.

Working Effectively with Law Enforcement: How to Protect the Privacy of Your University Community Without Going to Jail Michael Corn Director, Security.

Number 10: To Respond or Not to DMCA Notices Pro –Good faith effort towards content owner concerns. –As a matter of policy and citizenship obligations.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Transnational Studies IRB’s evaluation of a researcher’s plan for complying with local laws and customs when conducting transnational research.

Performance Development at The Cathedral of the Incarnation A Supervisor’s Guide.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Web Policy Ensuring the Integrity, Consistency and Protection of UWI’s online brand Nazir Alladin Director Campus IT Services University of the West Indies.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

E-P RAGUE AND THE P ROSPECTS OF E-G OVERNMENT : D ISCUSSION P ANELS James Melitski, PhD and Tony Carrizales, PhD E-governance Institute National Center.

Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.

Section 12.1 Discuss the functions of a Web site Create a feedback form Compare and contrast option buttons and check boxes Section 12.2 Explain the use.

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

FIRMA April 2010 SOCIAL NETWORKING Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

Policies and Guidelines IPer Forum January 15, 2013.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

Lee County’s intent is to provide free and equal access to resources via the internet. All school rules for appropriate use of technology also apply.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Connecting for Health Common Framework: the Model Contract for Health Information Exchange Gerry Hinkley com July 18, 2006 Davis Wright.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Montgomery College Acceptable Use Policy (AUP). 2 This Acceptable Use Policy (AUP) PowerPoint presentation was developed by the Office of the Information.

Understanding Privacy An Overview of our Responsibilities.

ARMA Boston Spring Seminar 2011 Jesse Wilkins, CRM.

Understanding Privacy An Overview of our Responsibilities.

Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.

Technical Communication: Concepts and Features

Acceptable Use Policy (Draft)

Internet Business Associate v2.0

Office of Information Technology October 18, 2016

Web Applications: Get a Grip on Privacy

Guidance for Patient Interactions

Presentation transcript:

Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008

Outline  Relationship to Identity Management  Free Speech  Privacy  Censorship Concerns  Visibility and Public use of Resources  Outsourcing  Hosting or Linking to External Content

Relationship to Identity Management  Relatively few unique challenges –Most content is user generated –Students are surprisingly savvy about privacy matters  _SNS_Report_Final.pdf _SNS_Report_Final.pdf  Greatest challenges are –the demand for “opaque authentication” –desire for public visibility –desire for public interaction (esp. blogs) –faculty expectations of technology

Privacy  Privacy and the Web do not have to be orthogonal, but try very hard to be so  FERPA, FERPA, FERPA –Misinformation  Faculty behavior implies that pedagogical concerns trump personal privacy  Opaque authentication - few (if any) tools  See FERPA Scenarios

Privacy II  Link to your campus Privacy policy or whatever serves that purpose  It should include: –What data web sites may collect –Survey's that take place on the web –Public discussion forums –eCommerce –FERPA, SSNs, Cookies, and other security matters –Legal conditions (warranties and liability).  Illinois’s Web Privacy Notice:

Free Speech  Understand the ‘limits’ on the use of your resources –Political campaigning (policy and Illinois State law) –Commercial activity  All forms of communication can be construed as part of the educational environment - but not everywhere  Define the purpose and scope of a service

Free Speech II  Creating a Terms of Use (ToU) statement;  Communicating the ToU to the consumers and ensuring they acknowledge its receipt; and  Responding to violations in a timely yet transparent fashion Guidelines for creating a Terms of Use

Censorship Concerns  Before deploying a Wiki or blog, consider the following: –Are you concerned that individuals will use your forums to disparage your unit? –Are you prepared to face individuals whose content you have removed and explain why said content is unprofessional and/or inappropriate? –Are you prepared to sanction individuals who consistently violate your ToU by prohibiting their use of the resource? –What is your comfort level for critical speech or aggressive disagreement being displayed on your resource?

Visibility and Public use of Resources  Electronic resources should be made visible only to those population using those resources. –Require authentication to your resource (a login and password) and limit access and visibility –Control search engines  If your resource is open to the public Internet by design, then it is even more critical to address the issue of a Terms of Use statement before users can access the resource.

Hosting or Linking to External Content  Scenario: Faculty/staff/student/alumni is doing fieldwork and blogging about it using a commercial service; your public affairs office (or the department) wants to feature the blog on their web site - what issues are you facing? –Permission to include content –Appropriateness of content (watch for commercial sponsorship) –Privacy of individuals in photos –Use of ‘departure flag’ for links to non-University resources

Outsourcing  General Principles: –Data stored on third-party servers or systems must be secured to at least the same degree as the Campus or University would meet. –Student data and access to systems by students will require vetting by the Campus Security Office and the Office of Admissions and Records to ensure compliance with FERPA and other campus security and privacy related policies. –The burden this brings to vendors is non-trivial; many vendors simply will not be able to comply with the high-standard the Campus has for security and confidential or high-risk data.  See Sample Procurement Language

Summary  Create a service description document (SDD) that identifies the users of the service (both participants and observers) and a description of what the purpose of the service is (e.g., "to build a sense of community among our graduate students" or "to discuss topics relevant to rocket science").  Create a Terms of Use document.  Place a link to the ToU on every web page or in the 'signature block' of any auto-generated messages.  Place a link to your University’s Privacy Policy on the main pages of your service.  Create a mechanism for users to report inappropriate usage. This can be as simple as the address for the individual responsible for the service or a form that permits anonymous reporting.  Be very careful about outsourcing arrangements.

Resources  Guidelines for Writing a Terms of Use –  Sample Procurement Language –  Guidelines for Wikis and Blogs (written version of this presentation) –  FERPA Scenarios –  Feel free to contact me: Mike Corn