Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Applications: Get a Grip on Privacy

Published byLambert Cobb Modified over 6 years ago

Similar presentations

Presentation on theme: "Web Applications: Get a Grip on Privacy"— Presentation transcript:

1 Web Applications: Get a Grip on Privacy
Michael Corn CAMP 2008

2 Outline Relationship to Identity Management Free Speech Privacy
Censorship Concerns Visibility and Public use of Resources Outsourcing Hosting or Linking to External Content

3 Relationship to Identity Management
Relatively few unique challenges Most content is user generated Students are surprisingly savvy about privacy matters Greatest challenges are the demand for “opaque authentication” desire for public visibility desire for public interaction (esp. blogs) faculty expectations of technology

4 Privacy Privacy and the Web do not have to be orthogonal, but try very hard to be so FERPA, FERPA, FERPA Misinformation Faculty behavior implies that pedagogical concerns trump personal privacy Opaque authentication - few (if any) tools See FERPA Scenarios Backup your opaque or anonymous authentication processes with effective policy w/regard to the access to system or application level logs.

5 Privacy II Link to your campus Privacy policy or whatever serves that purpose It should include: What data web sites may collect Survey's that take place on the web Public discussion forums eCommerce FERPA, SSNs, Cookies, and other security matters Legal conditions (warranties and liability). Illinois’s Web Privacy Notice:

6 Free Speech Understand the ‘limits’ on the use of your resources
Political campaigning (policy and Illinois State law) Commercial activity All forms of communication can be construed as part of the educational environment - but not everywhere Define the purpose and scope of a service

7 Free Speech II Creating a Terms of Use (ToU) statement;
Communicating the ToU to the consumers and ensuring they acknowledge its receipt; and Responding to violations in a timely yet transparent fashion Guidelines for creating a Terms of Use

8 Censorship Concerns Before deploying a Wiki or blog, consider the following: Are you concerned that individuals will use your forums to disparage your unit? Are you prepared to face individuals whose content you have removed and explain why said content is unprofessional and/or inappropriate? Are you prepared to sanction individuals who consistently violate your ToU by prohibiting their use of the resource? What is your comfort level for critical speech or aggressive disagreement being displayed on your resource? some individuals, upon having their content removed, will complain loudly, repeatedly, and publicly, regardless of the degree to which their material was inappropriate. Units should be aware of this and prepared to accept the risk and burden of such incidents.

9 Visibility and Public use of Resources
Electronic resources should be made visible only to those population using those resources. Require authentication to your resource (a login and password) and limit access and visibility Control search engines If your resource is open to the public Internet by design, then it is even more critical to address the issue of a Terms of Use statement before users can access the resource. without taking specific steps every web resource will be indexed by the major search engines such as Yahoo and Google making its content available to the entire Internet. This makes removal of embarrassing or inappropriate material nearly impossible.

10 Hosting or Linking to External Content
Scenario: Faculty/staff/student/alumni is doing fieldwork and blogging about it using a commercial service; your public affairs office (or the department) wants to feature the blog on their web site - what issues are you facing? Permission to include content Appropriateness of content (watch for commercial sponsorship) Privacy of individuals in photos Use of ‘departure flag’ for links to non-University resources If external content is to be included then permission from the author must be obtained and the unit should review existing content to ensure it does not violate Campus or University policy.

11 Outsourcing General Principles:
Data stored on third-party servers or systems must be secured to at least the same degree as the Campus or University would meet. Student data and access to systems by students will require vetting by the Campus Security Office and the Office of Admissions and Records to ensure compliance with FERPA and other campus security and privacy related policies. The burden this brings to vendors is non-trivial; many vendors simply will not be able to comply with the high-standard the Campus has for security and confidential or high-risk data. See Sample Procurement Language

12 Summary Create a service description document (SDD) that identifies the users of the service (both participants and observers) and a description of what the purpose of the service is (e.g., "to build a sense of community among our graduate students" or "to discuss topics relevant to rocket science"). Create a Terms of Use document. Place a link to the ToU on every web page or in the 'signature block' of any auto-generated messages. Place a link to your University’s Privacy Policy on the main pages of your service. Create a mechanism for users to report inappropriate usage. This can be as simple as the address for the individual responsible for the service or a form that permits anonymous reporting. Be very careful about outsourcing arrangements.

13 Resources Guidelines for Writing a Terms of Use
Sample Procurement Language Guidelines for Wikis and Blogs (written version of this presentation) FERPA Scenarios Feel free to contact me: Mike Corn

Download ppt "Web Applications: Get a Grip on Privacy"

Similar presentations

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.

CREATED BY: HMIS Security Awareness Approved 1/10/2012 Revised 1/29/2013 Revised 3/15/2013.
Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.

Web Applications: Get a Grip on Privacy Michael Corn CAMP 2008.
Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.

Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.
5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009
CLIL WEBSITE BLOG FORUM NETIQUETTE. What is CLIL? It means Content and Language Integrated Learning and it is a methodology which aims at having students.

CLIL WEBSITE BLOG FORUM NETIQUETTE. What is CLIL? It means Content and Language Integrated Learning and it is a methodology which aims at having students.
Dr. Michael Stachiw - Format International, Inc. 1 Beginning Web Pages Designing a Website for Your Farm Dr. Michael Stachiw Format International, Inc.

Dr. Michael Stachiw - Format International, Inc. 1 Beginning Web Pages Designing a Website for Your Farm Dr. Michael Stachiw Format International, Inc.
FERPA 2008 New regulations enact updates from over a decade of interpretations.

FERPA 2008 New regulations enact updates from over a decade of interpretations.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.
Standards and Guidelines for Web Page Publishing December 9, 2009.

Standards and Guidelines for Web Page Publishing December 9, 2009.
Security Awareness Norfolk State University Policies.

Security Awareness Norfolk State University Policies.
FERPA Family Educational Rights and Privacy Act and Rebecca Macon Registrar University of Georgia Presentation for GASFAA October.

FERPA Family Educational Rights and Privacy Act and Rebecca Macon Registrar University of Georgia Presentation for GASFAA October.
CPS Acceptable Use Policy Day 2 – Technology Session.

CPS Acceptable Use Policy Day 2 – Technology Session.
Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, 2009 -- Lisa Shickle, MS Analyst, VCU Massey Cancer.

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Electronic Use Policies.  Email  Social Media  Internet.

Electronic Use Policies.   Social Media  Internet.
Creating an Effective Email Policy Central Missouri Chapter Jesse Wilkins April 16, 2009.

Creating an Effective Policy Central Missouri Chapter Jesse Wilkins April 16, 2009.

Similar presentations

Ads by Google