Higher Education ...
Follow
Find
2.3K views | +0 today
Higher Education & Privacy
Data Privacy and Online Privacy in Higher Education
Your new post is loading...
Your new post is loading...
Scooped by Higher Ed InfoSec Council
Scoop.it!

Deciding Who Sees Students’ Data

Deciding Who Sees Students’ Data | Higher Education & Privacy | Scoop.it
Schools across the country are looking at new online ways to integrate and analyze information about their students. But privacy advocates remain wary.

---------

When Cynthia Stevenson, the superintendent of Jefferson County, Colo., public schools, heard about a data repository called inBloom, she thought it sounded like a technological fix for one of her bigger headaches. Over the years, the Jeffco school system, as it is known, which lies west of Denver, had invested in a couple of dozen student data systems, many of which were incompatible.


In fact, there were so many information systems — for things like contact information, grades and disciplinary data, test scores and curriculum planning for the district’s 86,000 students — that teachers had taken to scribbling the various passwords on sticky notes and posting them, insecurely, around classrooms and teachers’ rooms.

 

There must be a more effective way, Dr. Stevenson felt.

 

InBloom, a nonprofit corporation based in Atlanta, seemed to offer a solution: it could collect information from the district’s many databases and store it in the cloud, making access easier, and protect it with high-level encryption.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

California Teens Get "Digital Erasers" To Wipe Embarassing Facebook And Tumblr Posts

California Teens Get "Digital Erasers" To Wipe Embarassing Facebook And Tumblr Posts | Higher Education & Privacy | Scoop.it

Teenage social media users in California are in luck: A new Internet regulatory bill requires Facebook, Tumblr, Twitter, and other services to offer users under 18-years-old "digital erasers" that permanently scrub any posting they've made previously. The measure is designed to ensure that teens' college, career, and personal prospects aren't harmed by digital indiscretions. According to Melanie Mason and Patrick McGreevy of the Los Angeles Times, the measure requires websites to give underage users tools to permanently delete text, photo, and video postings from sites.

 

Senate leader Darrell Steinberg told the paper the bill is "a groundbreaking protection for our kids who often act impetuously with postings of ill-advised pictures or messages before they think through the consequences." The regulations jibe with Google chief Eric Schmidt's recent public musings about how the Internet records teens' activities forever in a way prior forms of media and communication didn't. Google, of course, is based in California.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

This App Uses Your Inbox to Make a Scarily Detailed Map of Your Life

This App Uses Your Inbox to Make a Scarily Detailed Map of Your Life | Higher Education & Privacy | Scoop.it

It’s clear at this point that the NSA is basically a bunch of hoarders, stockpiling our personal data with the same “well what if I need this three months from now!” mentality that compels the rest of us to save old buttons and kitchen gadgets and unread copies of The New Yorker. But amassing the data is only half of the equation. The government also needs tools for processing and analyzing its collection. Perhaps the subscriber metadata that Verizon has been passing to the NSA — not the actual contents of your phone calls but the times, durations, and locations surrounding them — is fairly innocuous on a case by case basis. But when you look at it through software dedicated to the job, you can get something far more polished than you might expect. To see for yourself, just run your inbox through a little web app called Immersion.


The app, built by a group of researchers at MIT, visualizes your social life by peeking at your inbox. “Once you log in,” the site explains, “Immersion will use only the From, To, Cc and Timestamp fields of the emails in the account you are signing in with. It will not access the subject or the body content of any of your emails.” In other words, it ignores all the juicy stuff. And yet, when you see what an accurate map it spits out, it’s hard not to help from feeling a little bit violated.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms

Big Data and Due Process: Toward a Framework to Redress Predictive Privacy Harms | Higher Education & Privacy | Scoop.it

The rise of “big data” analytics in the private sector poses new challenges for privacy advocates. Unlike previous computational models that exploit personally identifiable information (PII) directly, such as behavioral targeting, big data has exploded the definition of PII to make many more sources of data personally identifiable. 

...

While some current privacy regimes offer nominal due process-like mechanisms in relation to closely defined types of data, these rarely include all of the necessary components to guarantee fair outcomes and arguably do not apply to many kinds of big data systems (Terry 2012). A more rigorous framework is needed, particularly given the inherent analytical assumptions and methodological biases built into many big data systems (boyd and Crawford 2012). Building on previous thinking about due process for public administrative computer systems (Steinbock 2005; Citron 2010), we argue that individuals who are privately and often secretly “judged” by big data should have similar rights to those judged by the courts with respect to how their personal data has been used in such adjudications. Using procedural due process principles, we analogize a system of regulation that would provide such rights against private big data actors.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Anonymity, Privacy, and Security Online | Pew Research Center

Anonymity, Privacy, and Security Online | Pew Research Center | Higher Education & Privacy | Scoop.it

A new survey finds that most internet users would like to be anonymous online, but many think it is not possible to be completely anonymous online. Some of the key findings:

 

* 86% of internet users have taken steps online to remove or mask their digital footprints—ranging from clearing cookies to encrypting their email.

 

* 55% of internet users have taken steps to avoid observation by specific people, organizations, or the government.

 

The representative survey of 792 internet users also finds that notable numbers of internet users say they have experienced problems because others stole their personal information or otherwise took advantage of their visibility online.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

New Jersey's "More Properly Balanced" Social Media Law Signed by Governor Christie

On March 21, 2013, New Jersey's state legislature passed A2878 to prohibit employers from requiring or requesting that prospective and current employees disclose their user names and passwords to their personal social media accounts. Governor Chris Christie conditionally vetoed the bill on May 6, 2013, proposing a series of modifications to "more properly balance" the plaintiff-friendly legislation. On August 19, 2013, the legislature agreed to the Governor's changes and passed the amended bill, which Christie signed into law on August 29, 2013.

 

New Jersey joins eleven other states granting similar social media protections: Maryland, Illinois, California, Michigan, Utah, New Mexico (which seemingly covers prospective employees only), Arkansas, Colorado, Washington, Oregon, and Nevada. What is more, dozens of other states and the U.S. Congress are considering comparable legislation. To help employers navigate through New Jersey's new law, which takes effect on December 1, 2013, this alert discusses its coverage, prohibitions, exceptions, and remedies.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

A Data Broker Offers a Peek Behind the Curtain

A Data Broker Offers a Peek Behind the Curtain | Higher Education & Privacy | Scoop.it
The Acxiom Corporation plans to open a Web site that will allow individual consumers to see some of the information that the company has collected about them.

 

The data on the site, called AbouttheData.com, includes biographical facts, like education level, marital status and number of children in a household; homeownership status, including mortgage amount and property size; vehicle details, like the make, model and year; and economic data, like whether a household member is an active investor with a portfolio greater than $150,000. Also available will be the consumer’s recent purchase categories, like plus-size clothing or sports products; and household interests like golf, dogs, text-messaging, cholesterol-related products or charities.


Each entry comes with an icon that visitors can click to learn about the sources behind the data — whether self-reported consumer surveys, warranty registrations or public records like voter files. The program also lets people correct or suppress individual data elements, or to opt out entirely of having Acxiom collect and store marketing data about them.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Surgeon livestreams operation using Google Glass

Surgeon livestreams operation using Google Glass | Higher Education & Privacy | Scoop.it

Google Glass has made its way to the OR. A surgeon from Ohio State University's Wexner Medical Center donned the new headset during a routine surgery last week, and streamed point-of-view footage live to a group of students on the other side of town. "I can start to appreciate the connectivity it gave me," says Dr. Christopher Kaeding, the surgeon who wore Glass. During surgery, Kaeding also consulted with a separate colleague through the headset, which Ohio State says is the first time that a live point-of-view collaboration has ever occurred during an operation using Glass.

 

Kaeding was performing ACL surgery on a woman who had hurt her knee while playing softball. Glass apparently didn't hinder Kaeding's performance or concentration in any way. "To be honest, once we got into the surgery, I often forgot the device was there," he says.

 
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Addicted to Apps

Addicted to Apps | Higher Education & Privacy | Scoop.it

"We cannot rely on the makers of new technology to think about the moral and privacy implications."

...

In Silicon Valley, that fairy-tale land of robots and driverless cars, a deeply held belief motivates all: If you build it, they will come.

 

If engineers can build something, the thinking goes, they do. Whether they should is beside the point. People will eventually adapt, engineers believe, just as they always have.

 

And they do adapt, most of the time. That uneasy feeling that often accompanies our first experience with a new technology quickly subsides, and we are won over. Sure, smartphones track us everywhere we go, but who worries about that when they’re so cool and useful?

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Sept. 23 deadline looms for business compliance with HITECH Act on patient privacy

Sept. 23 deadline looms for business compliance with HITECH Act on patient privacy | Higher Education & Privacy | Scoop.it
Organizations handling protected health information have until Sept. 23 to comply with new security and privacy requirements that were included as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

 

After Sept. 23, all covered entities, including online storage vendors and cloud service providers, will be subject to new breach notification standards and limitations on how they can use and disclose PHI. They will also be required to ensure that their business associates and subcontractors are compliant with the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA). The HITECH Act amended portions of HIPAA by adding new security and privacy provisions on patient information.


In addition, covered entities will be required to have updated patient privacy notices in place that state the patient's rights over the data and how the data can be used and shared.

 

Unlike the original HIPAA privacy and security rules, which primarily applied to healthcare organizations and insurance companies, the new HIPAA Omnibus rules apply to business associates and their subcontractors. Under the omnibus rules, a business associate of a healthcare provider, such as a cloud service provider, is directly liable for protecting any patient data it handles, even if the vendor is just storing the data.


more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Mobile (Post-PC) in Higher Education
Scoop.it!

Teens and Mobile Apps Privacy | Pew Research Center's Internet & American Life Project

Teens and Mobile Apps Privacy | Pew Research Center's Internet & American Life Project | Higher Education & Privacy | Scoop.it
58% of American teens have downloaded an app to a cell phone or tablet. More than half of teen apps users have avoided an app due to concerns about sharing their personal information.

Via Stephen diFilipo
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

What Does Data Privacy Mean to You? — iKeepSafe

What Does Data Privacy Mean to You? — iKeepSafe | Higher Education & Privacy | Scoop.it

It is important to periodically stop and reflect on our privacy over the past year, decide what aspects of our life we want to keep private, and identify areas where we may want to increase our privacy.

 

A quick look at this infographic titled 2011 Data Privacy in Review; the Good, the Bad, and the breached shows it was a bumpy ride for personal data privacy last year. Tens of millions of consumers had personal information exposed by corporate and medical data breaches, and you may have been one of them. Last year also saw the highest volumes of malware and cybercrime in history, and you may have exposed your information if you fell for one of those exploits.


Fortunately, last year also saw some privacy gains. Global spam volumes dropped, several companies strengthened and simplified their data privacy policies, and there was an increase in regulatory agencies monitoring companies and setting privacy guidelines.

 

Perhaps even more importantly, data privacy is now being discussed broadly by governments, companies, in public conversations and in homes as families realize that a child’s profile now has two meanings, and both meanings may clearly identify them.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Terms and Conditions: A movie about privacy policies you’ll actually want to watch

Terms and Conditions: A movie about privacy policies you’ll actually want to watch | Higher Education & Privacy | Scoop.it

An 80 minute documentary makes the case for data access and privacy rights.

 

The documentary, released last week, will particularly interest your smart (but less tech-savvy) friends who shrug at things like the most recent NSA metadata surveillance scandal. American technology law and policy can often feel too niche, despite the fact that the issues in question apply in some way to nearly everyone on the Internet, as American companies are so dominant online. But this film might just be the most fun and accessible way to learn about what’s been happening to all of us, online, over the last 15 years.

Filmmaker Cullen Hoback adeptly uses a combination of cutesy animation, archival footage, and even guerilla journalism to make a movie that’s informative, frightening, and compelling to watch. 

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Wearable tech such as Google Glass, Galaxy Gear raises alarms for privacy advocates

Wearable tech such as Google Glass, Galaxy Gear raises alarms for privacy advocates | Higher Education & Privacy | Scoop.it
Consumers may not understand how much sensitive data these devices can collect, privacy experts say.

 

Samsung’s Galaxy Gear smart watch is set to hit U.S. stores this week, part of a new wave ofwearable technology that some fear could open a largely unregulated door into users’ private lives. The 1.6-inch, $300 watch will be able to make calls, take pictures and send texts — collecting troves of data on users along the way.

 

The massive amount of data these new wearable devices stand to collect, the sensitive nature of the content and the uncertainty about how the information can be used have all raised concerns that consumers are being lured into uncharted territory that will compromise their privacy. Exacerbating the problem, some privacy advocates say, are recent Food and Drug Administration guidelines on medical apps that make no mention of privacy — making it unclear who should regulate health data pulled from wearable devices.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

Yahoo Responds To Recycled Email Security Problem

Yahoo Responds To Recycled Email Security Problem | Higher Education & Privacy | Scoop.it

Yahoo will launch a "Not My Email" button to return old account-holders' email and help former users reclaim their accounts.

 

According to Kevin Casey, Yahoo's senior director of platforms, the company monitored systems for claims about mistaken deliveries and were able to identify the problem with some of the accounts. The email bounce method, he said, was insufficient for senders to see that the email was no longer valid. Casey maintained that the email problem has affected only a small number of Yahoo users.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

I Spy With My Corporate Eye: The Employee Services Conundrum

I Spy With My Corporate Eye: The Employee Services Conundrum | Higher Education & Privacy | Scoop.it

It’s a conundrum: Companies want employees to be satisfied with their corporate services, but great user experiences in this context can require a certain amount of employee tracking that could affect employees’ views about workplace privacy. Even M doesn’t really want to know whether James Bond prefers his martini shaken, not stirred, but it may be incidental to the CCTV cameras in the MI6 café that keep assassins at bay! Companies have to manage potentially complex trade-offs between employee privacy, company security and user experience, including services such as BYOD programs, context-aware apps and even call monitoring for quality assurance.

 

Why do companies track employee data and behaviors?

 

In some instances, they have legal obligations to do so—safety and security, for example. But companies also want to prevent data/IP loss, improve productivity (are we cyberloafing AGAIN? Of course we are!), set appropriate cost standards, avoid liability for employee malfeasance, investigate misconduct and improve—or even predict—user experiences. In addition, a recent study by Aruba Networks states that 40 percent of Middle Easterners, 45 percent of Europeans and 66 percent of Americans fear loss of personal data from their employer, which leads them to try and hide their use of personal devices at work, and fail to report data loss or breaches. So we can’t necessarily trust all employees to appropriately manage their own behaviors.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

Researchers Struggle to Secure Data in an Insecure Age

Researchers Struggle to Secure Data in an Insecure Age | Higher Education & Privacy | Scoop.it

When it comes to protecting research from hackers, many universities' policies have changed little from the days when sensitive information was locked in a cabinet.

 

"Back in 2009, the technical staff of Chapel Hill's medical school discovered spyware on a server housing the medical records of some 180,000 women, participants in a study analyzing mammography results. Though no evidence existed that hackers copied the files, the breach caused a painful feud between the university and the project's principal investigator, each blaming the other for failing to secure the private information.

 

Turns out that they were both right: No one was doing enough."

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Scott Adams Blog: The Cost of Privacy 08/30/2013

Scott Adams Blog: The Cost of Privacy 08/30/2013 | Higher Education & Privacy | Scoop.it

Privacy is a good thing, right? Almost everyone agrees with that statement.

Assuming the majority is correct - and privacy is a good thing - you probably have examples from your own law-abiding life in which losing your privacy created a lasting problem for you...


...We tend to fear losing our privacy until it's gone. Then we wonder what all the fuss was about. It turns out that the bigger challenge than retaining privacy is getting anyone to care about you at all.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

Apple Patents iOS Unlocking Methods That Determine Level Of User Access To Device Features And Software | TechCrunch

Apple Patents iOS Unlocking Methods That Determine Level Of User Access To Device Features And Software | TechCrunch | Higher Education & Privacy | Scoop.it
A big request from parents regarding iOS has been that Apple implement user accounts on its mobile devices, in order to make it so that a parent can sign in with greater access to device features and apps than a child, for instance.

Via Stephen diFilipo, Higher Ed InfoSec Council
more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

The FTC and the New Common Law of Privacy

The FTC and the New Common Law of Privacy | Higher Education & Privacy | Scoop.it

One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite more than fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States – more so than nearly any privacy statute and any common law tort. 

In this article, we contend that the FTC’s privacy jurisprudence is the functional equivalent to a body of common law, and we examine it as such. We explore how and why the FTC, and not contract law, came to dominate the enforcement of privacy policies. A common view of the FTC’s privacy jurisprudence is that it is thin, merely focusing on enforcing privacy promises. In contrast, a deeper look at the principles that emerge from FTC privacy “common law” demonstrates that the FTC’s privacy jurisprudence is quite thick. The FTC has codified certain norms and best practices and has developed some baseline privacy protections. Standards have become so specific they resemble rules. We contend that the foundations exist to develop this “common law” into a robust privacy regulatory regime, one that focuses on consumer expectations of privacy, that extends far beyond privacy policies, and that involves a full suite of substantive rules that exist independently from a company’s privacy representations.

more...
No comment yet.
Scooped by Higher Ed InfoSec Council
Scoop.it!

Move-In Day at Lehigh U., Seen Through Google Glass

Move-In Day at Lehigh U., Seen Through Google Glass | Higher Education & Privacy | Scoop.it

Patrick V. Farrell, provost and vice president for academic affairs at Lehigh University, donned Google’s latest accessory, a pair of high-tech glasses, to document freshman move-in day.

 

Known formally as Google Glass, the spectacles are a wearable computer that presents information via a hands-free, voice-command display. Features include the ability to take still photographs and video.

 

Lehigh’s first “glassumentary” shows Mr. Farrell—or his voice and hands, at least—as he greets eager freshmen, talks room keys, and navigates a cart laden with dorm-room décor through the parking lot.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

Cybersecurity And Privacy Specialists In Short Supply

Cybersecurity And Privacy Specialists In Short Supply | Higher Education & Privacy | Scoop.it

A cover story in the Los Angeles Daily Journal (subscription required) reported that the need for privacy and cybersecurity legal specialists has exploded in California, yet general counsel say there is a shortage of qualified practitioners who can do the job.  LinkedIn Corp.’s General Counsel Erika Rottenberg was featured in the story, she speculated that technology companies in Silicon Valley were hiring most of the qualified attorneys, leaving less talent for law firms.  Amidst a legal job market in which law graduates are clamoring to find jobs, the demand for privacy and cybersecurity specialists may present an opportunity for the law schools that are nimble enough to respond to the demand.

 

The demand for lawyers who understand technology isn’t limited to general counsel positions, even sophisticated technology companies say they need outside counsel.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

World's Biggest Data Breaches & Hacks [Visualization]

World's Biggest Data Breaches & Hacks [Visualization] | Higher Education & Privacy | Scoop.it

Data visualization of the world biggest data breaches, leaks and hacks. (Selected losses greater than 30,000 records. Constantly updated.)

 

Note that this visualization allows you to filter by organization (e.g, academic, financial, government, healthcare) and method of leak (e.g., hacked, accidentally published, poor security).

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

NSF invests $20 million in large projects to keep the nation's cyberspace secure and trustworthy

NSF invests $20 million in large projects to keep the nation's cyberspace secure and trustworthy | Higher Education & Privacy | Scoop.it

With researchers from more than a dozen universities, three large "Frontier" collaborative projects highlight efforts to tackle fundamental challenges in cybersecurity and privacy.

more...
No comment yet.
Rescooped by Higher Ed InfoSec Council from Higher Education & Information Security
Scoop.it!

White House considers incentives for cybersecurity

White House considers incentives for cybersecurity | Higher Education & Privacy | Scoop.it

The White House is considering incentives, including cybersecurity insurance, grants, and liability limits, in order to get organizations in the private sector onboard with investing in cybersecurity.

 

The goal of the initiative, and the program itself, is information sharing and the establishment of best practices and guidelines that will ensure organizations (both public and private) are better prepared to deal with cybersecurity issues.

 

While all of this takes place, the underlying goal of maintaining clear privacy policies that protect the information held by most of these organizations from external and internal risks, forms the third layer of the program — one that government watchdogs say is the most important.

more...
Higher Ed InfoSec Council's comment, August 8, 2013 11:25 AM
Here is a link to the White House blog mentioned in the article: Incentives to Support Adoption of the Cybersecurity Framework, http://m.whitehouse.gov/blog/2013/08/06/incentives-support-adoption-cybersecurity-framework