Does Higher Education Make the Grade for Online Privacy?
 |
 |
 |
 |
|
|
|
|
|
 |
   |
| Does Higher Education Make the Grade for Online Privacy? By Mary J. Culnan Today, most commercial Web sites post some form of privacy notice. While nonprofits also engage in online practices that potentially pose privacy risks if not managed effectively, little attention has been paid to these organizations. The “Bentley-Watchfire Survey of Online Privacy Practices in Higher Education,” whose findings were publicly released in April 2006, is the first benchmark study of the extent to which higher education observes best practices for privacy. (You can download a PDF of the full survey report from the Bentley College Web site.) Why is privacy important to institutions of higher education? Today, most schools process electronic applications, engage in relationship marketing, accept donations, and sell T-shirts, textbooks, and athletic tickets online -- the same types of commercial activities that raise privacy concerns in the private sector. Many schools retain -- indefinitely -- educational records containing sensitive personal information. Yet higher education is also responsible for a significant proportion of recent security breaches. If you attended college or have current or prospective college students in your family, your personal information may be at risk. The Bentley-Watchfire study surveyed the top 236 schools from the U.S. News and World Report’s 2004 list of best colleges, which included 129 national doctoral universities and 107 liberal arts colleges. The research team collected three types of data: an automated scan for common privacy risks, a manual search for privacy notices, and a content analysis and readability assessment of any home page privacy notices we found. Identifying Privacy Risks Using its WebXM Privacy Module, Watchfire scanned each school’s home page and other sections of its Web site where the institution would most likely collect personal information -- a total of 174,291 pages. The scans looked for three types of privacy risks: use of privacy notices, nonsecure data-collection forms and use of cookies. Key results for all 236 schools include:
Analyzing the Schools’ Privacy Notices Next, we searched for home-page privacy notices. Only 65 schools (28%) linked to a privacy notice from their home pages. We analyzed each of these notices to determine the extent to which it reflected fair information practices. Key results:
We also collected three forms of readability data for these 65 notices. The average Flesch-Kincaid grade level score was 9.35, which is appropriate for the Web site’s audience. While the average length of the notices was 736 words, which is a rather substantial amount of text, only 14 percent of them contained links to facilitate navigation. The results indicate that higher education can -- and should -- do better in terms of managing privacy. Privacy notices are the public face of privacy governance, and failure to post a privacy notice suggests the school may not have implemented policies to manage privacy and security. What can you do to improve privacy practices at these institutions? Visit your alma mater’s Web site. If it doesn’t have a privacy notice, or if the notice doesn’t reflect best practices, offer to help. Contact the president or one or more members of the board of trustees, and point out that privacy represents an exposure risk for the school. Volunteer your expertise, and offer to help the school develop a proper privacy notice. Who better than the privacy community to provide leadership on this important issue? Mary Culnan is Slade Professor of Management & Information Technology at Bentley College. She led the team that developed and administered the Bentley-WatchFire survey. | | 
|
| © 1997 - 2008 TRUSTe. All Rights Reserved. |
