On Monday, I attended a meeting hosted by BCcampus on issues related to the use of social media and other “cloud” based services in BC’s post-secondary institutions. The intended goal (actually there was more than one) was to bring people together in discussion with representatives from BC’s Office of the Privacy Commissioner to get some clarity on policy so that we can move towards operating reasonably within the boundaries imposed by BC’s privacy legislation.
Why do we care?
Clearly, from those I talked to at the meeting, we care because we use social media and we’re pretty sure the CIO’s office probably has no idea the extent to which cloud based applications have infiltrated our teaching and learning practices at various institutions across the province. And, while we are not intentionally turning a blind eye to the privacy implications, we turn to these services because they work and they help us to do what we need to do – share perspectives and stories, collaborate, select who we learn from, communicate,etc, etc. ! They are easy to use and allow us to integrate our learning activities with daily life – and that’s what we want – right? Of course it’s not that easy, which is why we are talking about this. Institutions have a role in “protecting” the personal data of those who entrust it to us. And we are trying to figure out what it means to protect while (at the same time) ensuring that individual’s have the capacity to manage their own digital content and identities.
I worked out some visual notes during the session (a beginning attempt at using Brushes with my iPad). Click on the diagram for a larger view. Here are a few of my additional observations from the discussion.
- What constitutes a reasonable attempt for institutions to get informed consent from students for the use of specific services (where their personal data will be stored outside of the country)? Some helpful Guidelines have been developed, but they may be perceived as onerous for an already overworked prof just trying to engage students in process of learning.
- Where is the CIO’s office in all of this? What role do they play in helping institutions to developing some guidelines for using social media and cloud-based services?
- B.C.’s privacy office has a role in investigating complaints and mediating in those instances, so they perceive a conflict of interest in providing guidelines.
- We are not lawyers – interpreting the Act and legislation is often difficult.
- some institutions don’t have access to a Privacy Manager to help them with decision making.
- How does policy change? Is it keeping up with social change?
- It’s difficult to be at the begiining of something, people want answers guidance, where it doesn’t really exist yet. This makes us angry – but maybe that will lead to action? (Hope).
The way forward? (these are a few suggestions that came from our group):
- bring case examples (based on real teaching/learning activities) to the CIO through our institution’s privacy manager (if we have one).
- discuss, learn together, provide avenues for students to think about matters of privacy, the services they use and the privacy laws that may affect theirs or others access to their content.
I am still working my way through the fog on all of these issues. If you are too and want some more background, BCcampus is developing a great resource list as a place to start. I also found this white paper from the Information and Privacy Commissioner of Ontario very helpful in understanding the broad themes. I appreciated their use of the term “digital ecosystem” to describe the complexity of our new reality. From the digital microcosm of a single institution to the digital ecosystem of the entire world…no wonder we are struggling!