Wednesday, April 26, 2006

Do As We Say, Not As We Do

Many universities struggle with Online Privacy 101.

Among the findings in a survey of 236 institutions appearing on the 2004 U.S. News and World Report ranking of America's best colleges:

• Practically 100 percent of doctoral universities and liberal arts colleges had at least one data collection form on a Web page without a link to a privacy notice.

• Almost 100 percent of doctoral universities and liberal arts colleges had at least one data collection form that used the GET method to submit data, which poses identity theft risks because sensitive information is stored in Web server log files that can be accessed under certain circumstances by hackers. (The GET method refers to a form submission where the form input consists of a query string which is appended to the URL of the requested page.)

• A full 100 percent of doctoral universities and liberal arts colleges had a least one non-secure page with a data collection form.


There's no excuse for any of these things, and the fact that such issues appear to be so widespread suggests a rather, let's say, cavalier attitude.

I'm shocked, shocked (not!).

Hat tip.