A national survey of privacy practices found that only 65 of the top 236 doctoral universities and liberal arts colleges in the U.S. have privacy notices linked to their home page, in spite of the fact that almost all of these schools engage in practices that put individuals' privacy at risk.
Watchfire and Bentley College in Waltham, Mass. revealed the results of the survey today. Researchers from Bentley and Watchfire collaborated to hold higher education accountable to the same level of privacy protection as organizations in the private sector.
As colleges and universities continue to suffer data breaches due to lax security or other problems, an increasing amount of personal information is compromised. In addition to student and applicant information housed by school databases, many institutions use the internet to process e-commerce transactions for items ranging from athletic tickets to online alumni donations.
The researchers who conducted the survey were concerned about the results because, as they put it, "privacy notices represent the public face of an organization's privacy policy." While having one doesn't guarantee that the organization follows industry best practices, it certainly shows that privacy and security are on the institutional radar. Conversely, an organization without a posted privacy notice communicates a lack of institutional regard for security and privacy, whether intentional or not, they said.
"The survey results suggest that online privacy is currently not a strategic priority for higher education, and it should be, especially as higher education embraces e-commerce," said Mary J. Culnan, Bentley Slade professor of management and information technology, who conducted the research with Thomas J. Carlin, a Bentley MBA candidate. "Good privacy notices, backed up by an effective governance process, have been shown to help build trust by reducing the risk of disclosing personal information online."