Friday, June 29, 2012

An evolving relationship – data and privacy

In the last week or so a conversation has been underway in a listerv of which I am a member, related to the gnarly question of where the data about students is stored. Should it be locally in schools or cloud computing?

There has been a full on discussion of the ethics of a school using cloud computing services that may well have blanket policies (often underpinned by US law, rather than a specific country's law), as well as around what happens to the data once it is in the cloud. The members of the listserv unpacked the pros and cons of cloud computing, the fuzziness of the policies often used in relation to data stored in the cloud, and their own responsibility.

I've included below my contribution to the conversation, as the subject is of concern to a wide range of fact, pretty much anyone who has data stored in the cloud. One of the key strategies I'd like to suggest is raising awareness so that folk know the questions they need to ask to find out about what is happening to their (or their child's) data, and do not abdicate responsibility to 'someone else'...or at least are given the choice to abdicate this responsibility (see this Educause initiative for example). Informed consent seems to me to be the way to go, but sometimes you may need to ask for the information to inform your decisions, and may also need to ask for assistance in figuring out what that information actually means in practice.

There seems to be a couple of underlying assumptions that I'd like to look at...
Absolutely - young children should have parents involved in decisions around where their data is shared, and have a say in what data is collected. This is in my mind the responsibility of the school policies to ensure that this communication happens. However, who decides on what data is 'essential' to be kept about a child attending a school? And who can guarantee absolutely that, even if kept on a local server, the data won't be hacked or lost? Perhaps it feels safer as their is a sense that there is greater control...but is there?

To step back, there appears to be a 'myth of privacy'. What is privacy? Good old Wikipedia has the following:
"The right not to be subjected to unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries' privacy laws, and in some cases, constitutions. Almost all countries have laws which in some way limit privacy; an example of this would be law concerning taxation, which normally require the sharing of information about personal income or earnings. In some countries individual privacy may conflict with freedom of speech laws and some laws may require public disclosure of information which would be considered private in other countries and cultures. Privacy may be voluntarily sacrificed, normally in exchange for perceived benefits and very often with specific dangers and losses, although this is a very strategic view of human relationships. ....Privacy, as the term is generally understood in the West, is not a universal concept and remained virtually unknown in some cultures until recent times. Most cultures, however, recognize the ability of individuals to withhold certain parts of their personal information from wider society..." (source).

When have we ever really had privacy (in a western construct of the term)? Once you are living in a society things will come to the fore that you have preferred not to share...images someone else takes, letters removed from your post box or rubbish bin, eavesdropping on your conversations, etc etc.

I am most definitely not an advocate of putting it all out there for everyone to access, unless you have made a (informed) choice to do so. However, I do feel that some reactions are underpinned by media hype and scaremongering.
"How many of us have paused during conversation in the past four-and-a-half years, suddenly aware that we might be eavesdropped on? Probably it was a phone conversation, although maybe it was an e-mail or instant-message exchange or a conversation in a public place. Maybe the topic was terrorism, or politics, or Islam. We stop suddenly, momentarily afraid that our words might be taken out of context, then we laugh at our paranoia and go on. But our demeanor has changed, and our words are subtly altered" (source)

So, back to the students in our schools. The government already has access to a raft of information about those students, purely by them being born in NZ, much of it I am sure parents are unaware of, and much is already stored on computers / networks / databases / emails / documents. This data is will sometimes be shared in a collated format in reports etc... So, is it a case of 1) educating and empowering parents about issues around cybersecurity, data sharing, transparency, and their rights? 2) Where the parents and community ask for it (after being included in a consultative process) could a selective process be put in place whereby more sensitive data is kept on a local server in a school??? (or wherever is deemed most 'safe')...but it should be an informed decision made by parents?

Would be great to hear your thoughts :-)


No comments: