Thursday, January 28, 2010

Data Privacy Day 2010: Some further thoughts

January 28th is Data Privacy Day. The concept of International Data Privacy Day is an annual observance to raise awareness and generate discussion about information privacy issues. I wrote a post about it for promotional and education purposes over in my library's blog here. When I write post for work, it is a little different than when I write in my professional blog. There are certain things I can say in here that I cannot say over there for various reasons. So, in addition to sharing the link from my library's blog with my four readers, I am using this post to add a few additional thoughts that did not make it into "the official version."

For one, I also wanted to speak about our university's online privacy policies. It is not something that folks talk about very often, and it is also something that I think more people need to be aware of. I work for the University of Texas at Tyler, and as such, I am considered a state employee. With that label comes a good amount of bureaucratic baggage. Again, it is the reason that I can say some things here that I would never say over there. For one, I don't want someone from Campus News and Information calling me because I said something they may perceive as less than flattering to the university. It's the nature of how things work, and I have learned to just work with it for now. I wanted to speak about the policies in the library post because students are often not aware of how the university handles online privacy.

Before I go on, here are a couple of items for reference purposes:

  • this is the policy about the website privacy policy for the public that explains what the university does with information they obtain from the public.
  • and this is the section from the UT System Policies for System Information Resources Use and Security.
The second item above is more for employees, but it still applies to students since they make use of the computers and networks that the university provides. The bottom line, and what I wanted to point out, is that there is no expectation of privacy. The networks are monitored. I should clarify this is not necessarily for nefarious purposes (we can debate fairness, due process, so on later). But I wanted to mention it because students often are not aware of this. Also the policy explains some common questions. One such common question is why they have to change their passwords for the system every so often. That is a basic security issue (it is for their protection). The only issue I have with the requirement is that IT does not always time the resetting of passwords at the best times during a semester. We have had students get expiration of their passwords at about a week or two before an academic semester ends, which creates all sorts of headaches in the library. Pointing that little "faux pas" out is often met with,I shall say, a little resistance. But what I wanted to point out to students is that they need to be aware that such policies exist. Often, they get to see the policy as they set up their campus e-mail, but they just skip through it, much like they skip through the Terms of Service in Facebook when they sign up. It boils down once again to awareness. You need to be aware and you need to be informed. It's not that IT is consistently sweeping and monitoring everyone; they don't realistically have the time for that, but in theory, they could, and they do check randomly once in a while. For us employees, it is more readily apparent. Also for us, things like e-mails using the campus system are considered public information. I wonder how many of our employees are actually fully aware of that.

The other thing I want to add to this post are some notes I took from the afternoon presentation they did at Indiana University for their Data Privacy Day event. They had a full day of events, and the presentations were made available online. They were recorded, so as I understand it, you should be able to view them later. I was able to watch the afternoon presentation by Scott Z. Wilson on "How Facebook, MySpace, Twitter, and Privacy Can All Coexist." These are some quick notes I took:

  • In social networking, the data we put out there is up to us, unlike other contexts where you may have little choice about what gets done with your private data (say a credit card company selling their list to a third party). This means that in a social network like Facebook you control your privacy (to an extent). You have to strive for a balance between your social networking activities and your privacy.
  • Social networking is here to stay, so you may as well embrace it. I think at times Mr. Wilson is a little too optimistic or cheery about the whole thing (reminds me of some L2 librarians).
  • Keep in mind that you can control what you share initially. Once you publish it and put it out there, you lose some control.
  • Think about what you do and use privacy settings when available. However, it is important to note that privacy settings are not everything. Privacy settings can change; just look at all the recent changes Facebook has been implementing on their privacy settings and policies. Why do they do it? Well, bottom line is because they can. In the end, privacy settings are passive measures. Ask yourself how often do you evaluate your privacy settings? Facebook, and most other social networking sites, do not want you checking them every day. Personally, I would say I check them at least once a week as of late to make sure they are working the way I want them. Yes, this does take some work, but you need to do it.
  • To strike a balance then you have to be active. You have to incorporate privacy into your decision-making process, and you may have to adopt new habits (like me checking the privacy settings on FB a little more often). Think about what you post or reveal, even if it is for something as simple as making a comment in a forum others may see. And if you do say or reveal something, do be aware in the tone in which you express it. Again, to use myself as an illustration, there are things I can say on this blog I would not say in my library's blog. And even if I did say something in both places, the tone in which I say it can be very different (probably more neutral over there, less passionate, less risky).
  • Privacy is elastic. It is not one-size-fits-all. What works for you is probably not going to work for me. I am comfortable with things like blogging and expressing my views and opinions both professionally and personally. Others out there might not be as comfortable, or they may wish to use a pseudonym or be anonymous (another issue of privacy). Find your comfort level and be thoughtful and mindful of your actions and expressions.
On a final note, I jotted down some additional thoughts on Facebook and privacy over at Alchemical Thoughts, my scratch pad. It's mostly some links and some small comments in light of Mark Zuckerberg's recent remarks about privacy online.

No comments: