You are here
Bentley College-Watchfire Survey of Online Privacy Practices in Higher Education Reveals Risk Management Issues
April 23, 2006
A first-of-its-kind national survey of online privacy practices in higher education, conducted by Bentley College and Watchfire, reveals that while most schools engage in e-commerce, only 65 of 236 schools surveyed have privacy notices linked from their home page while nearly all schools surveyed engage in practices that potentially pose a privacy risk. The 236 institutions surveyed were top-ranked doctoral universities and national liberal arts colleges from the 2004 U.S. News and World Report list of America's Best Colleges.
The benchmark study comes at a time when most schools are using the Internet to process electronic applications and other types of e-commerce transactions, ranging from online alumni donations to the sale of athletic tickets, clothing and textbooks. These are the same types of commercial activities that raise privacy concerns in the private sector. And with an increasing number of colleges and universities across the U.S. falling victim to data breaches, online privacy has emerged as an important risk management issue in higher education.
"Higher education is not immune from concerns about online privacy," says Mary J. Culnan, Bentley Slade Professor of Management and Information Technology, who conducted the research with Thomas J. Carlin, a Bentley MBA candidate. "Privacy breaches potentially undermine consumer trust and confidence and make people less willing to disclose personal information online; this benchmark survey should be a wake-up call for all institutions of higher education."
Similar to the surveys of online privacy notices posted by .com websites, initiated by the Federal Trade Commission in 1998, the Bentley-Watchfire survey is based on a content analysis of online privacy notices. But it goes one step further than the prior surveys with an automated scan of the websites to measure whether or not these sites also engaged in practices that may pose privacy risks to users such as pages without a link to a privacy notice or non-secure pages with data collection forms. Watchfire, a company specializing in online risk management software and services to help ensure the security and compliance of websites, conducted the automated portion of the survey for Bentley using the Privacy Module of its WebXM™ software.
"This year's litany of stories about security breaches shouldn't be construed as a gloom and doom scenario but a wake-up call for higher education, parents, students and alumni," said Traci Logan, Bentley's vice provost and vice president for information technology, who helped design the study. "For many, the college application process represents the first plunge into the deep end of the pool when it comes to voluntary release of confidential personal data. While most CIO's in higher education identify information privacy and security as a critical challenge, too often this view doesn't permeate organizational culture and spending. But it's clear that with the millennial generation becoming more cavalier about sharing information on sites like Facebook.com and MySpace, we have a deepening obligation not only to protect personal information but to better communicate how it might be used once it leaves the fingertips. The very best strategies integrate that philosophy into institutional culture."
Key findings of the automated portion of the survey include:
For the manual survey, the authors analyzed content for the 65 privacy notices that were linked from the home page of the schools in the sample. They analyzed each notice to determine to what extent it reflected the basic elements of fair information practices. The authors found:
For all 65 privacy notices:
For the 51 schools that disclosed in the notice that they collect personal information:
The study's full report in PDF format is available at:
Watchfire provides Online Risk Management software and services to help ensure the security and compliance of websites. More than 500 enterprises and government agencies, including AXA Financial, SunTrust, Vodafone, Veterans Affairs and Dell rely on Watchfire to audit and report on issues impacting their online business. Watchfire has been the recipient of several industry honors including the HP/IAPP Privacy Innovation Award, InfoSecurity Product Guide's Hot Security Company 2006, Computerworld's Innovative Technology Award, and "Recommended" rating by Computer Reseller News. Watchfire was named by IDC as the worldwide market-share leader in web application vulnerability assessment software. Watchfire's partners include IBM Global Services, Sapient, WebTrends, PricewaterhouseCoopers, TRUSTe, Microsoft, Interwoven, EMC Documentum and Mercury. Watchfire is headquartered in Waltham, MA. For more information, please visit www.watchfire.com.
BENTLEY UNIVERSITY is one of the nation’s leading business schools, dedicated to preparing a new kind of business leader – one with the deep technical skills, broad global perspective, and high ethical standards required to make a difference in an ever-changing world. Our rich, diverse arts and sciences program, combined with an advanced business curriculum, prepares informed professionals who make an impact in their chosen fields. Located on a classic New England campus minutes from Boston, Bentley is a dynamic community of leaders, scholars and creative thinkers. The Graduate School emphasizes the impact of technology on business practice, in offerings that include MBA and Master of Science programs, PhD programs in accountancy and in business, and customized executive education programs. The university enrolls approximately 4,100 full-time undergraduate, 140 adult part-time undergraduate, 1,430 graduate, and 43 doctoral students. Bentley is accredited by the New England Association of Schools and Colleges; AACSB International – The Association to Advance Collegiate Schools of Business; and the European Quality Improvement System, which benchmarks quality in management and business education. For more information, please visit www.bentley.edu.
Type: Latest Headlines