Higher Education ...
Follow
Find
2.1K views | +0 today
Higher Education & Privacy
Data Privacy and Online Privacy in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Why Schools Are Flunking Privacy and How They Can Improve

Why Schools Are Flunking Privacy and How They Can Improve | Higher Education & Privacy | Scoop.it

Fordham School of Law’s Center on Law and Information Policy (CLIP), headed by Joel Reidenberg, has released an eye-opening and sobering study of how public schools are handling privacy issues with regard to cloud computing. The study is called "Privacy and Cloud Computing in Public Schools."

Higher Ed InfoSec Council's insight:

Although this report focuses on the use of cloud computing services by K-12 public schools, some of the recommendations for irmprovement could be used by institutions of higher education as they plan and coordinate campus cloud computing services.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

An Open Letter Urging Universities To Encourage Conversation About Online Privacy

An Open Letter Urging Universities To Encourage Conversation About Online Privacy | Higher Education & Privacy | Scoop.it

When a group of students from Iowa State University (ISU) contacted us earlier this month about forming an ISU Digital Freedom group, they were facing an unexpected problem: despite their simple goal of fostering a healthy conversation around freedom-enhancing software, the university administration denied them official recognition. The university has since granted the Digital Freedom group the green-light to meet on campus, but under unduly restrictive conditions. These students’ story is instructive to students around the country and the world who are concerned about online privacy.

 

The administration initially denied the Digital Freedom Group's proposal because it did not want ISU students either to advocate for or participate in the “secrecy network” Tor, and would not permit the student group to use any “free software designed to enable online anonymity.” The students had not proposed that a Tor node be established on campus. Rather they asked that they be able to provide a forum to “discuss, learn and practice techniques to anonymize and protect digital communication.”

 

The students were told they had to gain clearance from the Iowa State University attorneys and security clearance from the university's Chief Information Officer. They were ultimately successful, and Iowa State University is now home to its very own Digital Freedom Group.

Higher Ed InfoSec Council's insight:

Related article from Inside Higher Ed: http://www.insidehighered.com/news/2013/12/10/digital-freedom-groups-road-recognition-sparks-legal-debate-iowa-state-u

more...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Bosses may use social-media data they find on job applicants to discriminate, study says

Bosses may use social-media data  they find on job applicants to discriminate, study says | Higher Education & Privacy | Scoop.it
A new study suggests bosses may use social-media data to discriminate against job seekers.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Have We Taken Exam Security Too Far?

Have We Taken Exam Security Too Far? | Higher Education & Privacy | Scoop.it

What’s the difference between a medical student and a convict? The answer: A convict doesn’t pay $50,000 a year for the privilege of being fingerprinted and patted down.

 

I am referring, of course, to the increasingly stringent security measures that have come to characterize modern educational testing. As student-evaluation techniques have migrated from face-to-face assessment to computer-based exams administered in dedicated testing centers, evaluators have become less and less likely to know examinees, leading to heightened precautions around exam security.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Are Notice and Consent Possible with the Internet of Things?

Are Notice and Consent Possible with the Internet of Things? | Higher Education & Privacy | Scoop.it

Stakeholders met in Washington, DC, on November 19 to explore and hash out the privacy and security implications of the Internet of Things (IoT). The rapidly emerging landscape of connected sensors and embedded technology has garnered the attention of the Federal Trade Commission (FTC) of late, but the complexity of the IoT ecosystem was readily apparent during the proceedings. 

 

Called for and led by the FTC, the roundtable was broken into four main panels—the smart home, connected health and fitness, connected cars and connected privacy and security—and featured remarks from FTC Chairwoman Edith Ramirez, Commissioner Maureen Ohlhausen and Bureau of Consumer Protection Director Jessica Rich.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Instead of waiting for lawmakers, IT officials say higher education should lead on privacy rules

Instead of waiting for lawmakers, IT officials say higher education should lead on privacy rules | Higher Education & Privacy | Scoop.it

As long as federal and state-level authorities drag their feet on updating privacy standards, higher education institutions and their private sector partners have an opportunity to lead on the issue and drag governments to the negotiating table.

 

Privacy experts and IT officials delivered that call to action on Thursday during a roundtable discussion that also explored privacy issues in health care and K-12 education. Once the topic turned to higher education, however, panelists were quick to express their frustrations with the aging Family Educational Rights and Privacy Act and the concerns posed by technologies such as cloud storage solutions.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Losing the Spotlight: A Study of California's Shine the Light Law

Losing the Spotlight: A Study of California's Shine the Light Law | Higher Education & Privacy | Scoop.it

[ACLU's] new policy paper, Losing the Spotlight: A Study of California’s Shine the Light Law, takes a close look at California’s landmark transparency law, why its important and whether current law is doing enough to protect our personal information.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

Big data blues: The dangers of data mining

Big data blues: The dangers of data mining | Higher Education & Privacy | Scoop.it
Companies are taking matters into their own hands with internal controls, open privacy policies, ethical codes and greater candor over how they're collecting and parsing personal data.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Mining Student Data Could Save Lives

Mining Student Data Could Save Lives | Higher Education & Privacy | Scoop.it

[Note: This article from The Chronicle of Higher Education is from October 2, 2011. However, it raises campus privacy issues that are still relevant today.]

 

Because campuses can be prime targets for large-scale acts of violence, they should use technology to identify threats.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

LinkedIn 'Intro'duces Insecurity by Bishop Fox

LinkedIn 'Intro'duces Insecurity by Bishop Fox | Higher Education & Privacy | Scoop.it

LinkedIn released a new product today called Intro.  They call it “doing the impossible”, but some might call it “hijacking email”.  Why do we say this?  Consider the following:

 

Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn’s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn’s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to…whatever they feel like.

 

“But that sounds like a man-in-the-middle attack!” I hear you cry. Yes. Yes it does. Because it is. That’s exactly what it is. And this is a bad thing. If your employees are checking their company email, it’s an especially bad thing.

 

Why is this so bad?  Here’s a list of 10 reasons to start...

more...
Higher Ed InfoSec Council's comment, October 25, 2013 2:43 PM
Related articles of interest include one from Forbes (http://www.forbes.com/sites/jameslyne/2013/10/25/linkedin-intro-hack-here-for-juicy-data/) and one from TechCrunch (http://techcrunch.com/2013/10/24/do-not-want/).
Scooped by Higher Ed InfoSec Council
Scoop.it!

IAPP : Roundup: October Shaping Up To Be the Month of Innumerable Breaches

IAPP : Roundup: October Shaping Up To Be the Month of Innumerable Breaches | Higher Education & Privacy | Scoop.it

Headline after headline, the news is similar if not the same: PII lost, stolen or compromised through human error. And amidst October’s onslaught of breach reports from across the globe, the world’s premiere search engine is acknowledging just how devastating a breach of its data could be.

 

“If Google were to have a significant data breach today, of any kind, it would be terrible for the company,” Google Executive Chairman Eric Schmidt has said.

 

However, as The Wall Street Journal reports, he has also indicated Google CEO Larry Page “is ‘so wired’ to the risks that it is ‘inconceivable’ that a major data loss would occur.”

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Harvard group creating privacy recommendations after secret email searches seeks feedback

A Harvard task force this month will hold meetings to gather feedback as it develops recommendations on the university’s e-mail privacy policies in the wake of the recent revelation that administrators secretly searched about 14,000 e-mail accounts looking for a leak to the media about the school’s cheating scandal.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Deciding Who Sees Students’ Data

Deciding Who Sees Students’ Data | Higher Education & Privacy | Scoop.it
Schools across the country are looking at new online ways to integrate and analyze information about their students. But privacy advocates remain wary.

---------

When Cynthia Stevenson, the superintendent of Jefferson County, Colo., public schools, heard about a data repository called inBloom, she thought it sounded like a technological fix for one of her bigger headaches. Over the years, the Jeffco school system, as it is known, which lies west of Denver, had invested in a couple of dozen student data systems, many of which were incompatible.


In fact, there were so many information systems — for things like contact information, grades and disciplinary data, test scores and curriculum planning for the district’s 86,000 students — that teachers had taken to scribbling the various passwords on sticky notes and posting them, insecurely, around classrooms and teachers’ rooms.

 

There must be a more effective way, Dr. Stevenson felt.

 

InBloom, a nonprofit corporation based in Atlanta, seemed to offer a solution: it could collect information from the district’s many databases and store it in the cloud, making access easier, and protect it with high-level encryption.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

An Immodest Proposal | Inside Higher Ed

An Immodest Proposal | Inside Higher Ed | Higher Education & Privacy | Scoop.it

Iowa State’s wrestling with a student group that advocated the use of an anonymizing technology, Tor, is a model in how higher education can address the complex questions of technology, law and policy.  Everyone involved in the event deserves a gold star: the students who formed the association, the administration that was willing to change its mind and the CIO and staff who provided solid information and facilitated the education.   Athena – i.e. law, philosophy and justice – in the Internet Age does not materialize out of the head of Zeus, unless we deconstruct this myth to appreciate that balance and understanding of the issues will take effort, data, flexibility, patience, communication and good will (remember Athena won the competition with Poseidon to be the patron of Athens with an olive branch, not a sword).  In short, Iowa State did exactly as the MIT Report suggested: educating the entire community on issues of technology, law and policy related to the Internet.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Twitter Implements Perfect Forward Secrecy in Order to Reduce Traffic Snooping

Twitter Implements Perfect Forward Secrecy in Order to Reduce Traffic Snooping | Higher Education & Privacy | Scoop.it

Twitter has implemented perfect forward secrecy on traffic to its website, in order to prevent communications from easily being captured and decrypted en masse. The new measure is one that clearly takes aim at the bulk data collection being done by the NSA.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Data Privacy Month 2014: January 28-February 28

Data Privacy Month 2014: January 28-February 28 | Higher Education & Privacy | Scoop.it

Did you know that Data Privacy Month (January 28-February 28, 2014) is just 2 months away? Use our free resources to start planning your campus activities and events.

 

Tip: Save the date for a free webinar with special guest speaker Robert Ellis Smith on January 30, 2014 (1-2 pm ET).

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Google's chief internet evangelist says 'privacy may actually be an anomaly'

Google's chief internet evangelist says 'privacy may actually be an anomaly' | Higher Education & Privacy | Scoop.it

Google's chief internet evangelist, Vint Cerf, suggests that privacy is a fairly new development that may not be sustainable. "Privacy may actually be an anomaly," Cerf said at an FTC event yesterday while taking questions. Elaborating, he explained that privacy wasn't even guaranteed a few decades ago: he used to live in a small town without home phones where the postmaster saw who everyone was getting mail from. "In a town of 3,000 people there is no privacy. Everybody knows what everybody is doing."

 

Rather than privacy being an inherent part of society that's been stripped away by new technology, Cerf says that technology actually created it in the first place. "It’s the industrial revolution and the growth of urban concentrations that led to a sense of anonymity," Cerf said. Cerf warned that he was simplifying his views — "I don't want you to go away thinking I am that shallow about it" — but overall, he believes "it will be increasingly difficult for us to achieve privacy."

Higher Ed InfoSec Council's insight:

Another viewpoint: "Vint Cerf is Wrong. Privacy Is Not An Anomaly" 

https://www.privacyassociation.org/privacy_perspectives/post/privacy_is_not_an_anomaly

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

People's ignorance of online privacy puts employers at risk

People's ignorance of online privacy puts employers at risk | Higher Education & Privacy | Scoop.it
People say they are responsible for their own online safety, yet do very little to protect the information they share on social media, which increases the risks to themselves and employers, a study shows.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Blogs | StaySafeOnline.org

Blogs | StaySafeOnline.org | Higher Education & Privacy | Scoop.it

iKeepSafe is pleased to present a new paper intended to spearhead conversation around the ever-growing challenges related to managing data privacy and security in schools.

 

In the world of digital and mobile product development for children, this has been the year of privacy. Federal Trade Commission scrutiny and new Children’s Online Privacy Protection Act (COPPA) regulations have put a spotlight on industry, and products are being examined and revamped to ensure that they are compliant. The concepts behind the law include minimization of data collected from children, parental consent and control over data that industry might want to collect, and transparency around data collection and handling practices. But what about data collected from and about children in schools?

Higher Ed InfoSec Council's insight:

Although this paper does not specifically address data privacy issues for institutions of higher education, colleges and universities often deal with COPPA, FERPA, and other privacy laws. This paper may provide another perspective as privacy officers host conversations about data privacy on campus.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

What Privacy Professionals Should Know About the NIST Cybersecurity Framework

What Privacy Professionals Should Know About the NIST Cybersecurity Framework | Higher Education & Privacy | Scoop.it

In February of this year, President Obama issued an Executive Order on Improving Critical Infrastructure Cybersecurity. The Executive Order directed the National Institute of Standards and Technology (NIST) to develop a Cybersecurity Framework to assist owners and operators of critical infrastructure in addressing cybersecurity risks. On October 29, NIST published a preliminary version of the Framework (the “Preliminary Framework”), which is open for public comment through December 13. NIST intends to issue a final version in February 2014. The creation of the framework has, of course, been a major development in the information security community – according to NIST Director Patrick Gallagher, approximately three thousand individuals have been involved to date in the development of the Preliminary Framework. But privacy professionals should be paying attention to the framework as well.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

How Snowden is returning privacy to a social norm

How Snowden is returning privacy to a social norm | Higher Education & Privacy | Scoop.it

The steady trickle of revelations of government snooping that continues to seep from the Edward Snowden documents is serving to keep attention riveted on how privacy in the digital age ought to be defined.

 

That' most probably not to the liking of Google and Facebook. In January 2010, Facebook founder and CEO Mark Zuckerberg infamously declared that the expectation of privacy was no longer a social norm, and, in October 2010, then Google chairman Eric Schmidt said "Google policy is to get right up to the creepy line and not cross it."

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

PGP – Reliable Privacy, Security and Authentication For Everyone

PGP – Reliable Privacy, Security and Authentication For Everyone | Higher Education & Privacy | Scoop.it

If you have been following the latest in news, you’ve probably heard a lot of stories talking about privacy, information leakage, espionage and such. Given that most of our communications nowadays take place online, or at the very least, via an electronic device, we should all be aware of how to protect our valuable information. This is not only applicable to large organizations, but for everyone that uses a computer on a regular basis. We all have information we want to keep private and protected and we all need to communicate online. With PGP, you can add a very strong yet easy to use layer of security to your online communications.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Evgeny Morozov on Why Our Privacy Problem is a Democracy Problem in Disguise | MIT Technology Review

Evgeny Morozov on Why Our Privacy Problem is a Democracy Problem in Disguise | MIT Technology Review | Higher Education & Privacy | Scoop.it
As Web companies and government agencies analyze ever more information about our lives, it’s tempting to respond by passing new privacy laws or creating mechanisms that pay us for our data.
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

IAPP : He Protects the Data ... By Destroying It

IAPP : He Protects the Data ... By Destroying It | Higher Education & Privacy | Scoop.it

You might call Ken Clupp a privacy professional by proxy. While he doesn’t draft privacy policies or model contracts, he’s certainly on the defensive line when it comes to protecting data. How does he protect it? He makes sure the important stuff is shredded into such tiny pieces it couldn’t ever be put back together again.

 

Clupp works for the Royal Canadian Mounted Police (RCMP) as its lead physical and technical security equipment evaluation engineer. Shorthand? He runs a shredder-testing program, amongst many other things. He’s tasked with ensuring that sensitive information stays safe, based on standards developed by the federal government.

 

“Canada is one of the few jurisdictions in the world that has a formal classifications and standards program for protecting sensitive information that’s not classified,” Clupp said. “It’s unique.”

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

Touch ID: Net Benefit or Net Loss?

Touch ID: Net Benefit or Net Loss? | Higher Education & Privacy | Scoop.it

EDUCAUSE Guest Blogger Joshua Wright (@joswr1ght) shares his thoughts on Touch ID, the Apple fingerprint authentication system. 

 

Stay tuned for more guest blogs in honor of National Cyber Security Awareness Month (NCSAM) 2013.

more...
No comment yet.