Privacy and Security

Digital technologies realize fantastic functionalities and produce opportunities that are
often unique in orientation. When considering the use of these tools it is important to
consider how data is captured within the application and in what ways that information is
protected and secured. Often, this information is of a private orientation whereby one’s
username, email address, given names, and other information are maintained within the
system.

Security refers to the means used to ensure that an application protects stored
information, assures users that information contained within it is not open to breach
and/or viewable by unauthorized users.

Privacy is concerned with the type of information being asked for by the application. By
being vigilant about data privacy, we can question whether or not certain data are
necessary for the application. Privacy is also concerned with how, should a data breach
occur, the application’s vendor notifies their clients and whether or not the information
within the dataset can identify a user in specific terms.

Privacy and Security, within the context of the eLearning Toolkit, is concerned with
understanding an application’s use of data and whether or not security configurations
are embedded within.

The purpose of Privacy and Security within this context, and within the context of
Western University as a whole, is to better protect our students, faculty, staff, and
researchers as applications are procured and used within our organization.
How to think about Privacy and Security
When considering an application for your class, it is important to think about a few
items. As seen below, these items are framed as questions:

  • Is the application cloud-based or is it an on-premise (local) installation?
  • Does the application require an account to be created?
  • If an account is required, how is this accomplished?
  • Will information about users, or produced by users, be stored within this
    application?
  • Where will this information be stored?
  • In what ways does the application guarantee security? Encrypted storage?
    Secure transfer of information?
  • What are the terms for agreeing to use the application in question? Are there
    references to data ownership, security, and privacy within the terms and
    conditions?
  • Can you end the relationship with the vendor?
  • Can the application fulfill a request to delete information about a user? Does the
    vendor guarantee this functionality?
  • Is the application AODA and GDPR compliant? If containing certain forms of
    information, does the application commit to the conditions of FIPPA, PHIPA,
    and PIPEDA?