Trecx:DataProtectionPrivacy

From Bodington Wiki

Jump to: navigation, search

Back to TReCX

Contents

Data Protection

This is what the University says:

As far as data protection is concerned, the basic principle is that you must inform people when you are collecting their personal information, what it will be used for, whether it will be passed on to third parties etc. You will need to make clear at the login stage what information is being tracked, for what purpose, and who will have access, so that people can then make an informed choice about whether or not they wish to use the service.

From this we surmise that we must inform users that they are being tracked upon login to WebLearn (or any VLE). It is not part of Trecx to deal with any of this.

There is a fairly prominent 'terms and conditions' notice in the LHS panel of weblearn, this links to http://www.weblearn.ox.ac.uk/site/info/docs/terms/ with a further link to http://www.admin.ox.ac.uk/statutes/regulations/196-052.shtml (the Univerity's Terms and Conditions document). We should maybe add some text to the end of this page regarding Trecx tracking once Trecx goes live espicailly as we are intending (one day) to allow tutors to view tutee's data; at the moment it is just resource managers who can see data.

What is also clear is that we must give users access to their own data.

Deleting Data

There are also issues that we should not keep data longer than is necessary.

There is definitely a case for anonymising Trecx data five years after a user leaves the University. This could be a batch job which simply changes or removes the username from the events table. This way we keep the statistics but lose the user details.

Information about DPA at Oxford

Tony Brett has some slides about the DPA and Alan Gay is the OUCS contact person. The University website holds more formal information on the DPA.

Beth says The person to check these things wth is the Data Protecton Officer for the University. Jenny Noon see: http://www.admin.ox.ac.uk/ps/managers/recruit/academic/data.shtml

Normal contact point data.protection@admin.ox.ac.uk .

For a very compact summary (in a student club context but applicable more widely), see http://www.admin.ox.ac.uk/clubs/clubsinfo/otherinfo.shtml.

Privacy

A parallel example: Mobile Phone Tracking

There are some interesting parallels concerning the use of mobile phone tracking to the general issues of tracking and privacy. There are several commonly cited scenarios of where people want to utilize this:

  • employers tracking mobile employees.
  • parents wishing to track their children.
  • lone workers concerned about wanting others to know where they are.

Tracking via mobile phone (specifically reporting of geographical location) is possible by triangulation via signal mast strengths of adjoining cells. Therefore it's accuracy is highly dependent on cell mast density. In the UK this can vary from about 50-100m in urban areas down to several kilometres in rural areas. Basically mobile phone networks have for a long time stored this locational information, it's just that only in the last few years that third-parties have been allowed to commerically benefit from this data. Typically what happens is that the tracker registers with one of these third-parties. They then add a given number to the list of phones that they are tracking. A text message is then sent to that phone which requires a response in order to consent to being tracked. To prevent the scenario of registering a phone when the owner is not present, the guidelines stipulate that follow-up text messages must be sent. However, often these follow-up messages are of the form whereby you must respond to withdraw consent. In practice, it was also found that the first of these follow-up messages could take several days to appear.

Links

Several companies who offer this service.



Back to TReCX