Security-Privacy Notices

["Rosenthal, Jane E." <jer () KU EDU>]

Couple points on the stream I saw this morning on the notices for log-in.

1)  I'm interested in what Tracy identified--it may well end up a Contract of Adhesion at some point in the future and 
if I were defense counsel I would argue that.  From what I've seen currently though the click through/shrink wraps 
remain binding contracts (however I doubt the majority of folks truly understand the implication of that and thus we 
might want to educate our audience).  Whether a 40 page agreement (e.g. terms of service from Apple) compares to a 
short-direct notice in a log-in may have some impact.  Obviously reading a 40-page document is not going to happen for 
most folks, but recognizing and reading a paragraph is not too onerous on anyone.

2)  I think if anyone in our communities are logging in to our data systems, then we have an obligation to Notify them 
up-front of the impending action and potential issues.  The challenge may be to keep it "fresh" and avoid the reader 
from becoming flat or assuming they know what is in there.  If we suggested to our community changing the appearance 
(and perhaps verbiage) on an annual basis, or if we could create a rotating log-in that would provide different look, 
feel, and expression, perhaps it would impact better.  I just don't know what is technically available for that.

3)  Privacy demands that we provide Notice, Consent, Opt-out/in, Redress, Monitoring, Accountability--do we really do 
this?  I wonder how many folks do a spot audit on this type of thing for understanding?  Or even a follow-up email that 
notifies the person what they actually agreed to?  Apple does email you the terms if you request it--perhaps we need to 
consider this extra step.

Thoughts?





Jane Rosenthal
Director | Privacy Office
Custodian of Public Records
785.864.9528 | Fax 785.864.4463 
jer () ku edu | www.privacy.ku.edu 

Respect Privacy | Safeguard Data | Enable Trust
@beseKUre

Please consider this as a KU business communication and handle according to policy.  If this was message was received 
in error please delete all copies and attachments. Consider the environment before printing this note. Thank you.

Attachment: smime.p7s
Description: