safe to store - safe to share: privacy & e-portfolios
TRANSCRIPT
Chris Cowper
Safe to Store – Safe to Share Privacy and e-portfolios
Melbourne 4 November 2010
“people no longer have an expectation of privacy online”
www.guardian.co.uk/technology/2010/jan/11/facebook-privacy
“Privacy” – Outdated? Incompatible? A problem?
Google’s Eric Schmidt: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place”
Sun Microsystems’
Scott McNealy: “You have zero
privacy anyway..
get over it.”
Facebook’s Mark Zuckerberg:“The Age of Privacy is Over”
Louis Freech former
Director FBI:“the American
people must be willing to give up a
degree of personal
privacy in exchange
for safety and security”
Explosion in new Technology…
• Electronic Health Records• Social Networking• Smart grids & other networks• Location based services• Mobile banking• The Cloud
And of course
E-portfolios
A collection of electronic evidence assembled and managed by a user,
usually on the Web.
A complex issue & getting more complex www.priv.gc.ca/resource/consultations/report_2010_e.cfm
Draft Report on the 2010 Office of the Privacy Commissioner of Canada's Consultations on Online Tracking, Profiling and Targeting and Cloud Computing
• “In terms of general privacy concerns, the blurring of the public/private divide and its effects on reputation was seen as a significant issue”.
• “jurisdiction [which country law applies] and availability of personal information to third-parties; safeguards; new uses for the personal information and retention; and access.”
Privacy – what it isn’t …
Keeping everything about yourself secret
or
Simply having something to hide
Privacy – what it IS …• Control
– deciding what to reveal and when– ‘You can choose your friends, but you
can’t choose your relatives’– solitude, reserve, autonomy, intimacy
• Creepiness factor – big brother, too much information,
too intrusive• Risk
– who bears it…
Privacy -Scope
• Body• Territory/place• Communications
• Personal Information S.6 Privacy Act 1988
information or opinion about an individual whose identity is apparent or can be ascertained
Privacy laws – how they work • Privacy principles (in the law)
Transparency – user informed, policy, practices, right of access
Use/disclosure limitationsSafe-keeping – reasonable protections, policies, training
• Safety net – monitoring, complaints, restitution
Institution
•Infrastructure decisions•Legal compliance•Policies and training •Monitoring & governance
Users
•What to include•How to protect information •Rights
E-portfolio developers and providers
•Design decisions – e.g. privacy default• Transparency•Legal compliance (if law applies)
Teachers/Assessors/employers
•Which e-portfolio and why•Purpose and rules•Privacy education and support
E-portfolios and privacy – responsibilities
Reviewing the evidence• Surveys
www.privacy.gov.auZogby poll - 15- to 18-year-olds are just as worried
• ALRC inquiry2008 “more likely than older people to disclose personal
information about themselves on the internet…. also have a strong desire to exercise control”
• Actual behavior
E-portfolio users’ views• “If I thought it wasn’t safe and secure I
wouldn’t really put in anything about me, I would just keep it very generic “
• Issueswho sees what personal reflections – sensitive contact details, leisure activities –
sensitive Assignments – theft? copying?
E-portfolios – Privacy risks • User generated content • Unintentional user-driven data leaks – student “oops”• Lack of controls/ protections by institutions (Unis, RTOs etc)
• Prying• Unexpected use• Loss
• Lack of controls or Intentional leaks by third party service provider e.g. Mahara or Elgg
• External hacking or ID theft
E-portfolios – A continuum of risks• Institution E-portfolio hosted internally v external service
provider
• Purpose – narrow or broad
• Content – limited or unlimited
• Internal network v Internet access
E-portfolios – a continuum of risks cont.• Access limited to teacher/class or unlimited access
E-portfolios – a continuum of risks cont.• E-portfolio/provider privacy experience and expertise
• Scale – time/no. of users time limited for a group of learners v lifelong multi purpose
• Which privacy laws, if any, apply
Privacy failures – the consequences • Take up less than expected
• Learning outcomes not achieved
• Possible regulator action – complaints, compensation, reputation loss
The solution
• The Google answer move or change your name!!!
• Comply with the law necessary but probably not sufficient
Plenty of evidence that Privacy interests not always well considered • Road travel
– E-tags track movements
• Online purchasing– ID theft, behavioural
targeting
• Social Networking – Facebook’s recent woes
• Govt. efficiency– Australia Card/Access
Card
• Privacy v security– 9/11, anti-terrorism,
surveillance
• Entering a pub or club– increasingly ID scanned
“Layered Defence” essential
We can develop privacy safe e-portfolios Safety Net
Governance
Technology
Business as usual Privacy
► AccountabilityTrust RiskControl ► ► ►
?Law
“There has to be a better way”“Unsafe at Any Speed”
▼Car safety by design
http://en.wikipedia.org/wiki/Unsafe_at_Any_Speed
Why Not:
“Privacy by Design (PBD)”
Privacy by Design:The 7 Foundational Principles
1. Proactive not Reactive; Preventative not Remedial
2. Privacy as the Default
3. Privacy Embedded into Design
4. Full Functionality: Positive-Sum, not Zero-Sum
5. End-to-End Lifecycle Protection
6. Visibility and Transparency
7. Respect for User Privacy
www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
Another Perspective• Education - Enabling better-informed risk decision-making. • Experimentation – Learning through doing. • Restitution Measures – Provide a positive impact on personal
perceived risk.• Guarantees – Provide assurance and improve confidence
guarantees of restitution.. • Control – Increased transparency = confidence. • Openness – trust built when claims of security and protection
are backed up.
Designing privacy into e-portfolios• Purpose
Reflections, Vocational Assessment, Accreditation, RPL• How used – content, ownership, access• Risk assessment• Legal obligations• “Trust” objectives
Institution
•Infrastructure decisions•Legal compliance•Policies and training •Monitoring & governance
Users
•What to include•How to protect information •Rights
E-portfolio developers and providers
•Design decisions – e.g. privacy default• Transparency•Legal compliance (if law applies)
Teachers/Assessors/employers
•Which e-portfolio and why•Purpose and rules•Privacy education and support
E-portfolios and privacy – responsibilities
Resources
• E-portfolios & Privacy Brochures: http://www.flexiblelearning.net.au/content/e-portfolios-resources
• The Draft VET E-portfolios Guidelines: http://www.flexiblelearning.net.au/content/e-portfolios-resources#VET_EP_Privacy_Guidelines
• Link to provide feedback on these Guidelines: https://www.surveymonkey.com/s/7TDX2RY
Privacy Safe E-PORTFOLIOs - its doable - its worth it
• Don’t settle for any thing less for yourself
• Don’t settle for anything less from others