© The Higher Ed CIO, 2011

Bishop, J. (2011)  Facebook Privacy Policy: Will Changes End Facebook for Colleges? The Higher Ed CIO, October 4

This article discusses the risks to institutions in using Facebook, following Facebook’s recent addition of Timeline and Open Graph. The article deliberately looks at Facebook from an institutional risk context, rather than the implications for individuals. The article makes some interesting points:

  • privacy is different from security, in that security is primarily a technical, hence mainly an IT, issue. Privacy needs a different set of policies that involves a much wider range of stakeholders within an institution, and hence different (and more complex) governance from security;
  • many institutions do not have a simple, transparent set of policies for privacy, but different policies set by different parts of the institution. This will inevitably lead to confusion and difficulties in compliance;
  • there is a whole range of laws and regulations at state and federal level that aim to protect privacy, that covers not only students but also staff; privacy policy needs to be consistent across the institution and be compliant with such laws and regulation. (Note: the article refers mainly to US laws and regulation; a different set of laws and regulation apply in Canada, whose Privacy Commissioner already has a record of challenging Facebook’s privacy policies).
  • Facebook’s current privacy policy (especially with the new additions) leaves many institutions using Facebook at a high level of risk of infringing or violating privacy laws – merely writing some kind of disclaimer will in many cases not be sufficient to avoid  breaking the law.

It seems to me that even if one argues that online privacy is irrelevant in the 21st century, nevertheless until the law changes, institutions need to be careful to stay within the law. What I take away from this article is that if you are using Facebook for institutional purposes, be afraid – very afraid, unless you have very good lawyers and a comprehensive and coherent set of privacy policies.

Thanks to Academic Impressions for directing me to this article


  1. This is very important and often overlooked in the rush to use hosted services of any sort not just Facebook. Unfortunately frontline academic staff are generally not adequately prepared to deal with issues of privacy and security and the responsibility for preparing staff is not being shouldered within institutions.

    Interesting times.


Please enter your comment!
Please enter your name here