Web Applications: Get a Grip on Privacy

About This Presentation

Title:

Description:

Number of Views:123

Avg rating:3.0/5.0

Slides: 14

Provided by: netEdu

Category:

Tags: applications | grip | privacy | web

Transcript and Presenter's Notes

Title: Web Applications: Get a Grip on Privacy

1
Web Applications Get a Grip on Privacy
Michael Corn CAMP 2008
2
Outline

3
Relationship to Identity Management

4
Privacy

5
Privacy II

6
Free Speech

Understand the limits on the use of your
resources
Political campaigning (policy and Illinois State
law)
Commercial activity
All forms of communication can be construed as
part of the educational environment - but not
everywhere
Define the purpose and scope of a service

7
Free Speech II

Creating a Terms of Use (ToU) statement
Communicating the ToU to the consumers and
ensuring they acknowledge its receipt and
Responding to violations in a timely yet
transparent fashion

Guidelines for creating a Terms of
Use http//www.uiuc.edu/alwaysillinois/terms https
//agora.cs.uiuc.edu/x/AR
8
Censorship Concerns

Before deploying a Wiki or blog, consider the
following
Are you concerned that individuals will use your
forums to disparage your unit?
Are you prepared to face individuals whose
content you have removed and explain why said
content is unprofessional and/or inappropriate?
Are you prepared to sanction individuals who
consistently violate your ToU by prohibiting
their use of the resource?
What is your comfort level for critical speech or
aggressive disagreement being displayed on your
resource?

9
Visibility and Public use of Resources

Electronic resources should be made visible only
to those population using those resources.
Require authentication to your resource (a login
and password) and limit access and visibility
Control search engines
If your resource is open to the public Internet
by design, then it is even more critical to
address the issue of a Terms of Use statement
before users can access the resource.

10
Hosting or Linking to External Content

Scenario Faculty/staff/student/alumni is doing
fieldwork and blogging about it using a
commercial service your public affairs office
(or the department) wants to feature the blog on
their web site - what issues are you facing?
Permission to include content
Appropriateness of content (watch for commercial
sponsorship)
Privacy of individuals in photos
Use of departure flag for links to
non-University resources

11
Outsourcing

General Principles
Data stored on third-party servers or systems
must be secured to at least the same degree as
the Campus or University would meet.
Student data and access to systems by students
will require vetting by the Campus Security
Office and the Office of Admissions and Records
to ensure compliance with FERPA and other campus
security and privacy related policies.
The burden this brings to vendors is non-trivial
many vendors simply will not be able to comply
with the high-standard the Campus has for
security and confidential or high-risk data.
See Sample Procurement Language

12
Summary

Create a service description document (SDD) that
identifies the users of the service (both
participants and observers) and a description of
what the purpose of the service is (e.g., "to
build a sense of community among our graduate
students" or "to discuss topics relevant to
rocket science").
Create a Terms of Use document.
Place a link to the ToU on every web page or in
the 'signature block' of any auto-generated email
messages.
Place a link to your Universitys Privacy Policy
on the main pages of your service.
Create a mechanism for users to report
inappropriate usage. This can be as simple as the
email address for the individual responsible for
the service or a form that permits anonymous
reporting.
Be very careful about outsourcing arrangements.