Consider this scenario – and the risks
In joining new platforms and utilizing new services, we often give up more data than we realize, and may even be putting ourselves at risk. In an article for Data Privacy Week, security evangelist Tony Ascombe provided a hypothetical example of what the consequences:
“An engineer turns up at your home to install devices that monitor your internet activity, what TV programs, movies, radio and music you consume, keep track of the temperature you like in your home, when you turn off the lights, log who you are calling and connecting with, track what products you purchase and how frequently, monitor where you travel in the car, and even opens your mail, and scans the content before you have the opportunity to read it yourself. Your partner is freaking out at the surveillance being installed in your home and questions if this invasion for access to a free service is worth it.”
At MSU Denver, we have a shared responsibility to protect data per FERPA, HIPAA, PCI and University policy.
If you are considering using a new tool or service as part of your work (especially if it’s free) consider the following before agreeing to policies:
- Will you be sharing content you developed yourself through this service?
- A common stipulation in service agreements is that the service provider gains full rights to all content shared in the tool. Many people sign away the rights to their hard work without realizing it.
- Will users of the service get added to marketing lists?
- If you are engaging with teammates or students through the service, you may inadvertently be exposing them to unwanted advertising, profiling, data mining and more.
- Non-educational service providers are under no obligation to meet FERPA requirements for student data privacy, and most standard terms of service don’t even mention FERPA.
- MSU Denver only shares data with services that can meet FERPA requirements.
- As a state-funded institution, MSU Denver is bound by state procurement rules, which are often contrary to the default terms and conditions presented by free online services.
Before procuring any technology hardware, software or service, open a ticket with Information Technology Services to investigate the technology. This gives ITS a chance to perform a risk analysis, avoid potential pitfalls, and identify safer and simpler alternative solutions.
For personal use, check https://tosdr.org/, which provides a simple, comprehensible breakdown of many major websites’ terms of service.
If you have any questions or concerns, please contact the ITS Service Desk at 303-352-7548 or support.msudenver.edu.