Educause Security Discussion mailing list archives
Security-Privacy Notices
From: "Rosenthal, Jane E." <jer () KU EDU>
Date: Tue, 12 Mar 2013 15:23:42 +0000
Couple points on the stream I saw this morning on the notices for log-in. 1) I'm interested in what Tracy identified--it may well end up a Contract of Adhesion at some point in the future and if I were defense counsel I would argue that. From what I've seen currently though the click through/shrink wraps remain binding contracts (however I doubt the majority of folks truly understand the implication of that and thus we might want to educate our audience). Whether a 40 page agreement (e.g. terms of service from Apple) compares to a short-direct notice in a log-in may have some impact. Obviously reading a 40-page document is not going to happen for most folks, but recognizing and reading a paragraph is not too onerous on anyone. 2) I think if anyone in our communities are logging in to our data systems, then we have an obligation to Notify them up-front of the impending action and potential issues. The challenge may be to keep it "fresh" and avoid the reader from becoming flat or assuming they know what is in there. If we suggested to our community changing the appearance (and perhaps verbiage) on an annual basis, or if we could create a rotating log-in that would provide different look, feel, and expression, perhaps it would impact better. I just don't know what is technically available for that. 3) Privacy demands that we provide Notice, Consent, Opt-out/in, Redress, Monitoring, Accountability--do we really do this? I wonder how many folks do a spot audit on this type of thing for understanding? Or even a follow-up email that notifies the person what they actually agreed to? Apple does email you the terms if you request it--perhaps we need to consider this extra step. Thoughts? Jane Rosenthal Director | Privacy Office Custodian of Public Records 785.864.9528 | Fax 785.864.4463 jer () ku edu | www.privacy.ku.edu Respect Privacy | Safeguard Data | Enable Trust @beseKUre Please consider this as a KU business communication and handle according to policy. If this was message was received in error please delete all copies and attachments. Consider the environment before printing this note. Thank you.
Attachment:
smime.p7s
Description:
Current thread:
- Security-Privacy Notices Rosenthal, Jane E. (Mar 12)