| My Office | 7.23 |
|
lee (at unimelb etc) |
|
| Phone | 8344 1343 |
| Fax (department) | 9349 4596 |
If you don't trust me, you may like to contact the head of department, the University Privacy Officer (see also the University privacy page) or the Victorian Privacy Commissioner.
If you don't trust the system administrators (I have reasonable trust in them) or the security of the system (which is not high), and/or want to remain anonymous, you should not send sensitive e-mail from a local machine. Use another account, for example, go to a cyber cafe, create a web-based e-mail account for yourself using a fake name and send e-mail from that. You may also send me e-mail encrypted with this PGP (or GPG) public key. Note that despite the 2048 bit "military grade" encryption, I'm likely to decrypt the message on a department machine and its possible (though not likely) the plain text may be seen by a sysadmin or hacker. Alternatively, somebody may have hacked the file containing the public key, allowing only them to decrypt your e-mail instead of me. Or the locally installed version of pgp might contain a key logger trojan, et cetera. Communicating by phone or letter is probably more secure. I am not disclosing my home address or phone number - thats private!
In 2011 a different external service provider was used by the university for flu vaccination bookings, which was even worse in some respects. For example, there was no privacy policy displayed on the site and the site used Google Analytics, so Google could track people who registered for a flu shot. I complained again and was assured that the provider had signed the appropriate contract with the universty so our personal information would not be divulged by the service provider, and that the company would be asked to put a privacy policy on their site. In 2012 yet another external service provider was used, but this time they finally got it right - there was what I considered to be a very reasonable privacy policy linked to the booking page. I sent a congratulatory e-mail.
In October 2012 the university lauched the Melbourne School of Information (organised by the Melbourne School of Engineering). In order to attend, personal information had to be entered into a web form of a company which manages events. Under their privacy policy it said "We may use your Personal Data to contact you in the future for our marketing and advertising purposes" and by default, booking for the launch signed up attendees to their newsletter, which you could only avoid by creating an account with them and changing your e-mail preferences. I registered using a false name and e-mail address, and complained.
In January 2004 staff in Information Systems arranged for a massuer to visit our building for the benefit of staff and students. An web-based booking system was implemented on a .com.au web site run by a DIS staff member. The massage booking web site was designed to collect e-mail addresses and phone numbers but there was no information about who runs the web site, the purpose of collecting the information, how securely it is stored, who is given access to it et cetera. I don't think our students (or staff) should be encouraged to provide personal information to such a web site and requested that the site be updated to provide more information. A privacy page was added to the site quite promptly, providing information and the ability for users to view all information stored about them (password protected). The ability to book a massage by phone was also introduced.
In August 2004 I was approached about privacy aspects of requirements for a casual staff management system. Its is nice that the Department was pro-active on this matter rather than implementing the system then have someone mention there are privacy implications. There were some discussions in 2007 about what to do with comments made by students about individual casual staff.
In September 2005 I was approached about privacy aspects of testing a network intrusion detection system which collects data packets within the CSSE computer network. Some effort was put in place to ensure no personally identifiable information was retained.
In January 2006 I was approached about privacy aspects of collecting information from our web proxy. Information retrieval researchers in the department wanted to capture information about queries to search engines such as Google, and subsequent user behaviour (for example, which links they followed). Substantial thought was put into designing a system of filtering potentially sensitive queries, anonymising information, obtaining informed consent of users and allowing opt-out provisions. For example, it was initially considered that obtaining informed consent from undergraduates was impossible so only data from staff and postgraduates should be collected (I believe data from students may now be collected; I had some input into simplifying the language in the notice to students). Also any query containing a name of anyone in the department, plus various other key words, would be filtered out. The system has now been set up. In March an e-mail was sent reminding people of the system; the opt in/out part of the system appeared to still work.
After the University Open Day in 2007 staff were asked to complete a survey, and privacy issues were addressed in the request.
The final package of documentation for the 2009 ACS/EA accreditation of our courses was labelled
Confidential, may not be copied or circulated or used for any purpose other than the 2009 EA Accreditation Visit to the University of Melbourne.
In late 2008 a UoM academic asked a sysadmin to provide all student files from a first year Informatics subject (not just files submitted for assessment), to look for evidence of plagiarism. After discussion with me and the HoD the request was refused.
There has long been a practice of publishing lists of academic results using enrollment numbers (rather than names). In our department it is common for project marks to be published on Web pages using enrollment numbers and in at least one subject in 2003 final results were published in this way. The (unstated) assumptions are that students have a right to privacy with respect to their results and enrollment numbers are also private. In contrast, "unimelb" e-mail addresses are not considered private, at least within the University (the university web site has an e-mail directory). The "private" nature of enrollment numbers is important and should be explicitly stated to all staff and students. This would reduce the chance of enrollment numbers being linked to other identifying information. For example, in the past I have seen lists of names, enrollment numbers and tutorial allocations displayed. In February 2004 I spotted such a list for one tutorial in our department, online in a place where all students could read it (it had been there for six months). Such lists were created routinely and still had enrollment numbers in second semester 2004 (and some were probably passed around classes so people could tick off their names). I reminded staff that they must be treated with care and requested enrollment numbers not be included in the future (I asked academics if they wanted them included and nobody replied). This has been done. However, there are now photo lists available as well, and as of March 2006 they included enrollment numbers. E-mail was sent to all academics requesting that this information be blacked out before distribution to tutors etc. and I hope the information can be avoided in the future (I even wrote a little shell script to doctor the Postscript files).
In May 2003 I also noted that the Computer Students Association required enrollment number and various personal information to join their mailing list. I suggested that this be discontinued and student IDs collected previously be deleted. The request for enrollment numbers was, thankfully, immediately removed and MU-CSA members have requested further discussions with me concerning privacy. In December 2003, a student also alerted me to the fact that for some group projects in CSSE students are requested to provide enrollment numbers of all students in the submission, allowing students to obtain enrollment numbers of other students. There are many subjects which have group projects, and in some the groups are quite large. Since academics in the department can easily convert from CSSE login ids to enrollment numbers, I see no strong reason for weakening privacy by asking for enrollment numbers instead. This issue was taken up with the department, eventually resulting in an official Department policy (a rare thing indeed), in March 2004. In September 2004 a brief audit revealed a couple of subjects which violated the policy and an e-mail was sent to all academic staff.
I have also raised some of these matters briefly with the University Privacy Officer. It was pointed out that as of September 1, 2002, forms requesting personal information need to state the purposes to which it will be put. However, this does not address the question of what happens to the information the University generates, such as academic results, for which privacy is expected.
The relationship between casual staff in our department and their concurrent or previous role as students has also been raised. There has been at least one instance in 2004 of an enrollment number being requested for the creation of an account for a casual, and the form requesting an account for casual staff asked for either student enrollment number or staff number. The form now asks for staff number and mentions enrollment numbers should be avoided for privacy reasons.
In June 2004 staff were again requested to provided CVs and required fill in a survey for the purpose of gaining ACS and IEAust accreditation for our courses. As well as not using the information for other purposes, some staff queried the University collecting personal information such as "membership of professional or other bodies" and "consulting work", despite arguably being at odds with the University privacy policy. Staff were (at least initially) given no assurances as to what would be done with the information. Some staff refused to supply some information. Some senior staff expressed disappointment - below is an extract of an e-mail response I made.
I agree the process and outcome have been disappointing from some perspectives. I have always favoured strongly encouraging people to provide as much information as they are comfortable with. However, people have been told they are required to supply certain information and some requested information includes such things as membership of organisations (not just professional organisations) and there were no assurances given concerning privacy. It wasn't as blunt as asking about race, religion, union membership or "are you a member of the communist party" (though the latter two are implicit in membership of organisations) but it was out of line with accepted community and university standards wrt privacy.Discussions about the whole process were initiated with the hope that such exercises would be more sensitive to staff privacy in the future. Ideally, accreditation bodies should be more pro-active in this respect. They are open to suggestions for their accreditation manuals and I have suggested that a section on privacy should be included. They should attempt to only request relevant information, make assurances regarding confidentiality and destruction of data and suggest that institutions do the same and communicate the policies and procedures to the staff whose privacy is at stake. Happily, we passed both accreditations with flying colours.Some of our staff are rather sensitive about privacy (for reasonable reasons I believe) - certainly more sensitive than me, and they probably reacted negatively to this. I feel I have a duty to support their right to withhold such information, no matter what the reaction is at the faculty level or elsewhere.
...
I am proud our department is actively defending privacy! I'm not a member of ACS, but I have read their code of ethics. It would be ironic indeed if they deny us accreditation because we are adhering to their code of ethics! I imagine that raising these issues with them would be seen as a positive rather than a negative. I'm not sure about IEAust - they probably have less interest in privacy because engineers have done less to erode privacy (though the IEEE code of ethics mentions privacy I'm pretty sure). Both ACS and IEAust say they welcome feedback on their accreditation processes. It is my hope than we gain accreditation from both bodies and help them improve their processes.
In March 2006 academics were again asked by the Faculty to supply their CVs, so preparations could be made for the transition to the Research Quality Framework. Concern was again expressed; CVs typically contain more than the necessary information. Some also noted that the University already expends considerable effort collecting and collating information about research output of all academic staff, so the request was questionable even ignoring privacy considerations.
In late 2008 the ACS and EA accreditation process began again. I e-mailed the following to CSSE academics and the person in charge of the process for the MSE:
Last time we did this, in 2004, there was a degree of insensitivity wrt privacy, and we have not had a great track record with collection of staff CVs in our department/Faculty - see http://people.eng.unimelb.edu.au/lee/privacy/This instigated a long discussion; here are a couple of snippets. From someone in the MSE:Let me make some suggestions to try to avoid any more unpleasantness this time around.
First, the School should undertake to only use this information for the purpose of this accreditation. Ideally the data should be destroyed once accreditation is granted, and Engineers Australia, at the request of the School, should do the same with any copies they have.
Second, academics should be encouraged *but not required* to include information which may be beneficial for the accreditation outcome but is not directly related to employment by the University. The memo as it is currently worded *requires* "Consulting record (2004 onwards)". Wearing my Privacy Liaison Officer hat, I think this is way out of line, especially considering there is nothing said about where the data might end up. To those academics who are sensitive about such information, I suggest you simply omit it (the same applies to Experience in professional practice and some of the other categories mentioned). The bottom line is that you should not feel compelled to include information not directly related to employment by the University.
I had not thought of the privacy angle and am sorry to hear that some people find some of the requests providing CV's as a concern. We have never had an issue about this in our department so this comes to me as a surprise.From the Head of CSSE:
The critical requirement of a good privacy policy is to have in place assurances that data collected for one purpose -- the one for which it was supplied -- is not then deliberately or even inadvertentlt used for a different purpose. And, of course, dealing with information is an area of engineering the CSSE does have particular expertise in, which is why I am pleased that Lee thought to inject his comments...
With the strong support of the Head of CSSE (but apparently very little from the rest of the MSE) the eventual outcome was reasonable - see the good news section.
The matter was discussed with the University Privacy Officer, the University copyright officer, state and federal privacy offices and state and federal union offices. The response of the University Privacy Officer was disappointing. He said it was an issue for A C Neilsen to deal with, not him. According to the 2003 edition of the Melbourne University Magazine
The University of Melbourne is committed to protecting and using personal information about students, staff, alumni and benefactors in accordance with all relevant privacy laws.This is a post-script to an article by Victorian Privacy Commissioner Paul Chadwick, in which he states
One of the most striking features of Privacy is the way is is over-venerated in summary form and then undervalued in the detail.
Privacy Victoria was helpful, but also somewhat disappointing. They have the power to act on a matter if someone complains that their privacy rights have been violated (and then the first step is conciliation), but can't be pro-active to avoid privacy violations. The union was not up to speed on privacy issues and was not able to be pro-active either.
Our department initially withheld all forms from A C Neilson. Eventually they were returned, though some staff chose to not to participate, or provided partial or imprecise information. There is a chance that our input will make the process better in the future.
The department has also installed (at least one) camera. I have been involved with discussions about its orientation, to avoid the offices of staff-members being in the field of view, and appropriate signs.