Any of us who have a credit card, online social media profile, or anything else that stores personal data has received one of those “we respect your privacy” notices, which are typically several pages of fine print telling what they will actually do to share your information. Similarly, every time we sign up for an online contest we always do a cost analysis — is the free t-shirt that they’re giving away worth the hassle of dealing with all the spam we will surely get as a consequence?
We are not immune here at the university. It is a matter of state law that our web sites have to post a privacy statement informing users what we do with the information we collect about them. In most cases this is just server logs, and most of the time we don’t do much with them. Privacy statements, then, have become considered more of a nuisance that we have to bear with rather than — to refer back to my previous post — a matter of hospitality aimed at making a better user experience.
We have even made it easy, creating a generic statements page on the university site that you across campus can link to. Most of us do so without thinking. Have we actually read the privacy statement there? If so does the information that our webservers collect actually match up with what is disclosed there? Given the number of different environments on campus I suspect not.
While this practice might be understandable [I can’t legally say excused] for generic log information, we are equally lax when it comes to forms which collect personally identifiable information. That is not excusable, either from a legal perspective or from providing a good customer experience. The latest Noel Levitz e-expectations report for the first time contains an entire section examining the issue of student and parent attitudes toward privacy, and it shows that both groups are concerned about how their personal information is treated.
Even sharing contact information on an official application for admission was rated as a concern to many students and the majority of parents. Things like signing up to “receive more information” or signing up for an online event were concerns for over half of both groups. If there is concern over even these more official channels, then we certainly need to be more visible in our day-to-day contact forms.
We have many ways of requesting information from visitors here on campus. I will make the assumption that all of them have legitimate purposes. I also know that we have been asked several times by various groups on campus to share the information that we collect. I am not a lawyer so I can’t say whether we could legally do so, but doing so without disclosing it to the visitor would certainly be unethical. In the spirit of “hospitality” instead of “service” we need to go further, though, and be very up-front and transparent to our users. They are trusting us with their personal information, so it is our responsibility to let them know we deserve that trust.
No comments yet.