1 post tagged “site”

View other items tagged “site:” Photos, Audio, Videos, Books or Links. View “site” on Vox.

Privacy of information and enabling user choices

The Problem
 I am graduating from Washington State University (WSU) in December of this year with a B.S. in Computer Science. During 2006-2007 I received an unwanted call on my cell phone and discovered that my phone number (and possibly my address) was published in a public-facing part of the WSU website/directory. Anyone who had my name and knew I was attending WSU could find my cell phone and call me. Unacceptable.
 To that end, I restricted my directory information.
 WSU informed me that I needed to sign and return a document in order to have my name appear in the commencement program distributed during graduation ceremonies. The letter also informed me that WSU would not verify my degree to potential employers unless I removed the restriction!
 

directoryRestrictionNoticeCutAndAnonymized
directoryRestrictionNoticeCutAndAnonymized
 
  After all I've done to get to this point in my life, it is absolutely unacceptable to not appear in the commencement program. Worse yet that WSU would not verify my degree to employers. That's ludicrous.
 

Washington State University:
Let's examine their web interface and see what my options are to fix this:

wsuDirectoryRestrictionPage
wsuDirectoryRestrictionPage
   I blacked out my address & phone. The red highlighting around the "restriction" option is the only choice for modifying that option. It's binary: restrict or not. Given the problem space, that seems a little restrictive! What if I want to expose my name and email, but not my phone number? What if I want to hide all my information from the public, but allow employers to request information about my degree? Nope!
  WSU's web interface (and background software) forces me to choose between being invisible or being fully exposed, with no in-betweens. Given I'm a user and that I have given them quite a lot of money to obtain my degree, it makes no sense that I have only those options. I pay for services, I should have options.
 
  Let's examine the behavior of other sites for which I don't pay directly for services: Facebook and LinkedIn.

Facebook
  Facebook allows me to choose whether I display any contact information at all. If I choose to display information, I can limit accessibility to it by groups that make sense in the context of Facebook.

facebookContactPage
facebookContactPage
   What you're seeing in this picture is that I have chosen not to show my mobile phone number at all. If I chose to show it, I could choose to show it to "all my networks and all my friends", to "all my friends" or to "all my networks". That covers all the bases. I have full control over my privacy. You can see that those options pertain to all of my contact information.
  You could argue that Facebook is unlike Washington State University in that it doesn't provide some of the services a university might. You're right. The university has more stringent requirements and more real-world effect on the lives of its high-paying (student) customers. So why doesn't the university offer the options that a social website does? At the very least, there should be options that allow users to classify acceptable uses for their data.


LinkedIn
  LinkedIn is a site for professional networking. You can view my profile here.
  Notice that none of my private contact information is exposed. I've chosen to allow anyone to contact me, but to have my email remain anonymous. I've chosen to allow people in my network to see my email information. When I edit my profile, those options are explicitly called out:

linkedinContactOptions
linkedinContactOptions

   LinkedIn appropriately hides everything else. The management pages allow me an appropriate level of choice based on the problem space.
  This is quality behavior that Washington State University's site should emulate.

The Solution
  Washington State University is not exactly at the top of it's game with respect to use of technology. As an example, many students of Computer Science consistently have issues with wireless connectivity in the Computer Science classrooms. But I digress. In this case, the problem is that it has multiple uses for personal data, and is attempting to smash the numerous possible privacy options down into a single yes/no option. 
  When there are multiple uses of a single set of data, those uses should be categorized (hierarchically) into permissions, and users should be provided with intelligible and intelligent management options for those permissions. In this case, the settings around public directory listings should not be coupled to either the settings related to the commencement program or the settings related to the confirmation of degree completion.
  As an example, you might allow a global "do not show" setting that restricts directory listings, appearance in the commencement program and verification of degree completion. The other option would be to enable user choice for each of the sub-settings.
  The user would then choose which to enable. If they chose to appear in the directory, they should also be able to select what is displayed and what is not. The same goes for the commencement program and for degree verification.
  Degree verification is a suitably complex space that another system should exist to manage it. In particular, users should be able to specify whether their degree is verified without question, or whether they receive email notices of verification requests which contain links to a management page that allows them to confirm or deny such requests.
  




2 comments Tags: privacy, site, facebook, website, linkedin, washington state university, contact information, pii
williampower

About Me

williampower
United States
View my profile

My Groups

View my groups

Neighborhood

Explore friends, family, friends & family, or entire neighborhood.

View my neighbors

Tags

View my tags

Archives