Chris Cowper

Safe to Store – Safe to Share Privacy and e-portfolios

Melbourne 4 November 2010

“people no longer have an expectation of privacy online”

www.guardian.co.uk/technology/2010/jan/11/facebook-privacy

“Privacy” – Outdated? Incompatible? A problem?

Google’s Eric Schmidt: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”

Sun Microsystems’

Scott McNealy: “You have zero

privacy anyway..

get over it.”

Facebook’s Mark Zuckerberg:“The Age of Privacy is Over”

Louis Freech former

Director FBI:“the American

people must be willing to give up a

degree of personal

privacy in exchange

for safety and security”

Explosion in new Technology…

• Electronic Health Records• Social Networking• Smart grids & other networks• Location based services• Mobile banking• The Cloud

And of course

E-portfolios

A collection of electronic evidence assembled and managed by a user,

usually on the Web.

A complex issue & getting more complex www.priv.gc.ca/resource/consultations/report_2010_e.cfm

Draft Report on the 2010 Office of the Privacy Commissioner of Canada's Consultations on Online Tracking, Profiling and Targeting and Cloud Computing

• “In terms of general privacy concerns, the blurring of the public/private divide and its effects on reputation was seen as a significant issue”.

• “jurisdiction [which country law applies] and availability of personal information to third-parties; safeguards; new uses for the personal information and retention; and access.”

Privacy – what it isn’t …

Keeping everything about yourself secret

or

Simply having something to hide

Privacy – what it IS …• Control

– deciding what to reveal and when– ‘You can choose your friends, but you

can’t choose your relatives’– solitude, reserve, autonomy, intimacy

• Creepiness factor – big brother, too much information,

too intrusive• Risk

– who bears it…

Privacy -Scope

• Body• Territory/place• Communications

• Personal Information S.6 Privacy Act 1988

information or opinion about an individual whose identity is apparent or can be ascertained

http://www.iispartners.com/

Privacy laws – how they work • Privacy principles (in the law)

Transparency – user informed, policy, practices, right of access

Use/disclosure limitationsSafe-keeping – reasonable protections, policies, training

• Safety net – monitoring, complaints, restitution

Institution

•Infrastructure decisions•Legal compliance•Policies and training •Monitoring & governance

Users

•What to include•How to protect information •Rights

E-portfolio developers and providers

•Design decisions – e.g. privacy default• Transparency•Legal compliance (if law applies)

Teachers/Assessors/employers

•Which e-portfolio and why•Purpose and rules•Privacy education and support

E-portfolios and privacy – responsibilities

Reviewing the evidence• Surveys

www.privacy.gov.auZogby poll - 15- to 18-year-olds are just as worried

• ALRC inquiry2008 “more likely than older people to disclose personal

information about themselves on the internet…. also have a strong desire to exercise control”

• Actual behavior

E-portfolio users’ views• “If I thought it wasn’t safe and secure I

wouldn’t really put in anything about me, I would just keep it very generic “

• Issueswho sees what personal reflections – sensitive contact details, leisure activities –

sensitive Assignments – theft? copying?

E-portfolios – Privacy risks • User generated content • Unintentional user-driven data leaks – student “oops”• Lack of controls/ protections by institutions (Unis, RTOs etc)

• Prying• Unexpected use• Loss

• Lack of controls or Intentional leaks by third party service provider e.g. Mahara or Elgg

• External hacking or ID theft

E-portfolios – A continuum of risks• Institution E-portfolio hosted internally v external service

provider

• Purpose – narrow or broad

• Content – limited or unlimited

• Internal network v Internet access

E-portfolios – a continuum of risks cont.• Access limited to teacher/class or unlimited access

E-portfolios – a continuum of risks cont.• E-portfolio/provider privacy experience and expertise

• Scale – time/no. of users time limited for a group of learners v lifelong multi purpose

• Which privacy laws, if any, apply

Privacy failures – the consequences • Take up less than expected

• Learning outcomes not achieved

• Possible regulator action – complaints, compensation, reputation loss

The solution

• The Google answer move or change your name!!!

• Comply with the law necessary but probably not sufficient

Plenty of evidence that Privacy interests not always well considered • Road travel

– E-tags track movements

• Online purchasing– ID theft, behavioural

targeting

• Social Networking – Facebook’s recent woes

• Govt. efficiency– Australia Card/Access

Card

• Privacy v security– 9/11, anti-terrorism,

surveillance

• Entering a pub or club– increasingly ID scanned

“Layered Defence” essential

We can develop privacy safe e-portfolios Safety Net

Governance

Technology

Business as usual Privacy

► AccountabilityTrust RiskControl ► ► ►

?Law

“There has to be a better way”“Unsafe at Any Speed”

▼Car safety by design

http://en.wikipedia.org/wiki/Unsafe_at_Any_Speed

Why Not:

“Privacy by Design (PBD)”

Privacy by Design:The 7 Foundational Principles

1. Proactive not Reactive; Preventative not Remedial

2. Privacy as the Default

3. Privacy Embedded into Design

4. Full Functionality: Positive-Sum, not Zero-Sum

5. End-to-End Lifecycle Protection

6. Visibility and Transparency

7. Respect for User Privacy

www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf

Another Perspective• Education - Enabling better-informed risk decision-making. • Experimentation – Learning through doing. • Restitution Measures – Provide a positive impact on personal

perceived risk.• Guarantees – Provide assurance and improve confidence

guarantees of restitution.. • Control – Increased transparency = confidence. • Openness – trust built when claims of security and protection

are backed up.

Designing privacy into e-portfolios• Purpose

Reflections, Vocational Assessment, Accreditation, RPL• How used – content, ownership, access• Risk assessment• Legal obligations• “Trust” objectives

Institution

•Infrastructure decisions•Legal compliance•Policies and training •Monitoring & governance

Users

•What to include•How to protect information •Rights

E-portfolio developers and providers

•Design decisions – e.g. privacy default• Transparency•Legal compliance (if law applies)

Teachers/Assessors/employers

•Which e-portfolio and why•Purpose and rules•Privacy education and support

E-portfolios and privacy – responsibilities

Planning Checklist

Resources

• E-portfolios & Privacy Brochures: http://www.flexiblelearning.net.au/content/e-portfolios-resources

• The Draft VET E-portfolios Guidelines: http://www.flexiblelearning.net.au/content/e-portfolios-resources#VET_EP_Privacy_Guidelines

• Link to provide feedback on these Guidelines: https://www.surveymonkey.com/s/7TDX2RY

Privacy Safe E-PORTFOLIOs - its doable - its worth it

• Don’t settle for any thing less for yourself

• Don’t settle for anything less from others

http://www.iispartners.com/