Privacy Assessment for risk management at project inception
Writing about web page http://www.ico.gov.uk/upload/documents/pia_handbook_html/html/1-intro.html
Privacy Impact Assessment (PIA) at the initial stage of a project can save you a lot of trouble and cost. This is the idea behind the new PIA Handbook by the office of the Information Commissioner.The objective of the PIA is to avoid the following risks:
loss of public credibility as a result of perceived harm to privacy or a failure to meet expectations with regard to the protection of personal information;
retrospective imposition of regulatory conditions as a response to public concerns, with the inevitable cost that entails;
low adoption rates (or poor participation in the implemented scheme) due to a perception of the scheme as a whole, or particular features of its design, as being inappropriate;
the need for system re-design or feature retrofit, late in the development stage, and at considerable expense;
collapse of the project, or even of the completed system, as a result of adverse publicity and/or withdrawal of support by the organisation or one or more key participating organisations, or
compliance failure, through breach of the letter or the spirit of privacy law (with attendant legal consequences).
This privacy impact assessment tool could not be more timely when privacy concerns for the use of social networking sites have filtered down to the level of BBC news. The HE sector has been weighing the pros and cons of using Web 2.0 services external to the institution and after witnessing the initial jolliness of the early adopters one could be forgiven for remaining wary of any projects involving such services.
It is not only that the operating costs of social software marketing of your academic library services may cancel out any possible benefits, but there could be more to lose than to gain by the institution in terms of reputation if it is seen to engage in activities that compromise user privacy.Of course it is not only projects but also the behaviour of individuals employed by the institution. Would you agree with the following advice reported on the CoHE, 54 (15), p.A1 ?
And so, when undergrads ask to friend her, this professor politely declines. She encourages them to contact her again when they graduate — when there’s no chance of their turning up in another class, or before a judicial panel she is on.
Most faculty members on Facebook keep their profiles professional — nothing racier than would be posted, say, on an office door. The consensus on friending seems to be: Accept students’ requests but don’t initiate any.