Online Focus Groups:  Privacy and Security  Alfonso Sintjago & Caryn E. Lindsay        AEA Conference              Oct. 26...
Colleagues Have Discussed●   Benefits●   Utility●   Selecting a platform●   Making connections
Issues of ConcernData Privacy●   “Many Internet users fail to realize that something once put online    more or less stays...
Security Considerations for    Platform Selection     unrecognized vulnerabilities within software        capabilities to ...
Relevant Online Security Elements to Consider               Services are as vulnerable               to hacking as their w...
The Unique Environment of an         Online Focus Group●   If participants do not trust a system, it is less likely    tha...
Figure 1.2 – Traditional Focus Group (Flow                                             of Data – Parties with Access to Da...
Sen. Al Franken - (D-MN)                on Social Media                                 Remember to ask:                  ...
Careful Analysis and          ConsiderationDespite the benefits of the platforms for socialnetworking, Facebo , Twitter, a...
Overview of Major Risks - # 1Data Transferability●   Information in the Cloud is hard to delete and/or access●   Increased...
Overview of Major Risks - # 2Hacking and Password Vulnerability●   Many well known organizations have been hacked (LinkedI...
Overview of Major Risks - #3Provider Practices●   Average Security Policy is Too Long (2000+ Words)    1200 websites visit...
Examples●   Comcast retains users’ data for over 180 days;●   AOL previously released the partially    anonymized data of ...
Options●   Use and visit trusted secure sites, applications.●   TRUSTe, WOT, McAfee SiteAdvisor, Haute Secure, etc.●   HTT...
Elements to Consider                  When Selecting a Platform - 1    Conducting an Online                               ...
Elements to Consider                 When Selecting a Platform - 2    Conducting an Online                                ...
RecommendationsChoosing the ‘best’ platform depends upon many factors  Data may be used by companies in unexpected ways   ...
PRIMARY ONLINE PROGRAMSCONSIDERED BY UMN’S ONLINEFOCUS GROUP RESEARCH TEAM
Skype                       More Information: http://www.skype.com/intl/en-us/security/                                  h...
Adobe Connect         (available since 2003)Privacy Policy Last Updated: May 2012Overview: Multiple deployment options. We...
Ning                     More Information: http://www.ning.com/about/legal/privacy/                              http://ww...
More Information: http://docs.moodle.org/23/en/Security_FAQ   Moodle                           http://docs.moodle.org/23/e...
Internet Start Up Companies                                     (Varies by Start Up)Privacy Policy Last Updated: Will vary...
Upcoming SlideShare
Loading in …5
×

Online Focus Groups Privacy and Security Considerations

656 views

Published on

This presentation highlights some of the considerations moderators and research team should make when planning on hosting an online focus group in terms of security and privacy. Privacy varies by individual, country and culture, and our perception of security may always match reality as closely as we would like to imagine.

Published in: Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
656
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Online Focus Groups Privacy and Security Considerations

  1. 1. Online Focus Groups: Privacy and Security Alfonso Sintjago & Caryn E. Lindsay AEA Conference Oct. 26, 2012 Minneapolis, MN
  2. 2. Colleagues Have Discussed● Benefits● Utility● Selecting a platform● Making connections
  3. 3. Issues of ConcernData Privacy● “Many Internet users fail to realize that something once put online more or less stays online and may be retrieved by others and replicated” (Walther, 2011, pg. 4). (High Levels of Variability)Data Security● The policies enacted by third parties, which could be the internet service provider (ISP), the cookies on the browser, web beacons, the server(s) where the data is stored, or the online service(s) utilized, may result in the legal or illegal selling and purchase of research data by additional parties (Craig & Ludloff, 2011).
  4. 4. Security Considerations for Platform Selection unrecognized vulnerabilities within software capabilities to address vulnerabilities hosting internally or hosting externally security level utilized by servers online programs allow for interaction complexity can increase weaknesses data could be not digitized limiting copies of the information May be subject to IRB, FERPA, or HIPAA regulations
  5. 5. Relevant Online Security Elements to Consider Services are as vulnerable to hacking as their weakest line of code (Bailey, 2012; Stuttard & Pinto, 2011)
  6. 6. The Unique Environment of an Online Focus Group● If participants do not trust a system, it is less likely that the focus group will gain the valuable data it hopes to obtain (Gottman, 2011; Metzger, 2004).● Trust is also an essential element for the effective functioning of a society (Schneier, 2012).● As a qualitative research method, a focus group “explicitly use[s] interaction as part of the method” (Kitzinger, 1995, pg. 299).
  7. 7. Figure 1.2 – Traditional Focus Group (Flow of Data – Parties with Access to Data)Figure 1.1 – Internet Focus Group (Flow of Data – Parties with Access to Data) When selecting platforms, considersigning business associate agreements
  8. 8. Sen. Al Franken - (D-MN) on Social Media Remember to ask: What is the revenue model? How does the business make a profit?“You [users] are not their client, you are their product.”
  9. 9. Careful Analysis and ConsiderationDespite the benefits of the platforms for socialnetworking, Facebo , Twitter, and Google maynot provide users with the privacy that may bedesired by a research-oriented focus group,particularly when dealing with delicate subjectmatters such as traumatic experiences, sociallyunacceptable opinions, and other confidentialinformation.
  10. 10. Overview of Major Risks - # 1Data Transferability● Information in the Cloud is hard to delete and/or access● Increased smartphone use + recording capability (50%+ own smart phones)● Multiple copies of Cloud data (Reliability vs. Security)● Data accessible through more devices
  11. 11. Overview of Major Risks - # 2Hacking and Password Vulnerability● Many well known organizations have been hacked (LinkedIn, New York Times, DOJ, Bank of America, Google, etc)● Importance of longer passwords (7+ Digits) Increased understanding of user choices● Use of different passwords (10%+ use 1234) (database of 3.4million four-digit passwords)
  12. 12. Overview of Major Risks - #3Provider Practices● Average Security Policy is Too Long (2000+ Words) 1200 websites visited, requiring an average of 201 hours a year● Privacy Implications May be Difficult to Understand● Many Organizations Collect and Sell Data● Privacy Policies Can be Suddenly Modified
  13. 13. Examples● Comcast retains users’ data for over 180 days;● AOL previously released the partially anonymized data of over 600,000 users;● Sonic.net only retains users’ clickstream data for two weeks (Kirk, 2006; Greenberg, 2012).
  14. 14. Options● Use and visit trusted secure sites, applications.● TRUSTe, WOT, McAfee SiteAdvisor, Haute Secure, etc.● HTTPS and Encrypted Comm, Encrypted Drives● Virtual Private Network (VPN) and Proxies in countries with laws with the better privacy protection● TOR (https://www.torproject.org/)
  15. 15. Elements to Consider When Selecting a Platform - 1 Conducting an Online Questions for Moderator Focus Group1- Requirements of the Study Must it meet HIPAA privacy standards? Is the data sensitive?2- Concerns of the Participant Will the participant feel comfortable in this environment?3- Anonymity of participants Can participants participate without being identified?4- Data encryption Must the data be encrypted? Is the data encrypted?5- Server Location Must the data be stored locally, can it be stored on the cloud?6- Selection of Participants Are there benefits from having access to social network data?7- Terms of Agreement Are the terms of agreement acceptable and favorable?8- Control over Change Can the platform privacy be modified without your input?9- Notification of Changes How will the service provider notify you of policy changes?10- History of the Company Is the site trusted (TRUSTe, etc)? Recent misuses of data?
  16. 16. Elements to Consider When Selecting a Platform - 2 Conducting an Online Questions for Moderator Focus Group11- Ownership of Data Is the data owned or shared by the service provider?12- Access to the Data Is the data accessible to anyone on the Internet?13- Security from Users Can the data be easily copied and distributed by users?14- Security from Outsiders Could the data be stolen by a third party?15- Anonymity of Data Will the provider anonymize the data?16- Selling of Data Can the service provider sell the focus group data?17- Modifications to Platform Can the platform be modified? Can its security be enhanced?18- Access to the Source Code Do you have access to the source code? Can you modify it?19- Linking of Participant Data Can the data be easily linked to other data from that user?
  17. 17. RecommendationsChoosing the ‘best’ platform depends upon many factors Data may be used by companies in unexpected ways Data may be accessed illegally by third parties Digitized data can be easily duplicated and transferred Misuses of data can have serious consequences A sincere attempt to protect privacy must be takenDecide whether or not you trust any third parties involved Online or Offline, focus groups are based on trust!
  18. 18. PRIMARY ONLINE PROGRAMSCONSIDERED BY UMN’S ONLINEFOCUS GROUP RESEARCH TEAM
  19. 19. Skype More Information: http://www.skype.com/intl/en-us/security/ http://www.skype.com/intl/en/legal/privacy/general/ (available since 2003)Privacy Policy Last Updated: June 2012Overview: Video and voice over IP Software, High Bandwidth, Real-Time, Multi-PlatformWith over 650 million users, Skype is the largest Voice Over Internet Protocol (VOIP)Skype uses secure algorithms and standards (RSA and AES) to protect users fromhackers and phishing.EDUCAUSE experts were concerned in 2007 about the level of access to networkports that Skype required from computers that utilized the software“Skype will not sell, rent, trade or otherwise transfer any personal and/or traffic dataor communications content outside of Microsoft and its controlled subsidiaries andaffiliates without your explicit permission, unless it is obliged to do so underapplicable laws or by order of the competent authorities.”
  20. 20. Adobe Connect (available since 2003)Privacy Policy Last Updated: May 2012Overview: Multiple deployment options. Web Presentations and Video ConferencingAdobe Connect can be customized and hosted locally allowing for the incorporation ofadditional security features if required by HIPAA or FERPA.Since 2011, Adobe allows Adobe Connect to be licensed in three waysSecurity functions include the ability to disable undesired functionalities, control overaccess to meeting rooms, allows for SSL encryption, best practices for passwordmanagement policies, easy-to-use administration console that enables for theconfiguration of LDAP (Lightweight Directory Access Protocol) server details,authentication methods, query page-size limits, and other valuable security features. More Information: http://www.adobe.com/privacy/policy.edu.html http://www.adobe.com/products/adobeconnect/features.edu.html
  21. 21. Ning More Information: http://www.ning.com/about/legal/privacy/ http://www.ning.com/about/safety/ (available since 2003)Privacy Policy Last Updated: December 2010Overview: Private social network. Cloud-based environment.Does not profit from the sale of data - requires users to pay for the cost of maintainingtheir space.Ning allows an organization to purchase their own Ning installationUtilized by a large number of educational communitiesUsers cannot host Ning within their own servers (must be hosted by Ning)Does not utilize https and not HIPAA Compliant
  22. 22. More Information: http://docs.moodle.org/23/en/Security_FAQ Moodle http://docs.moodle.org/23/en/Security_recommendations (available since 2002) http://moodle.org/security/Privacy Policy Last Updated: Will vary depending on the installationOverview: Modular Object-Oriented Dynamic Learning Environment. OSS LearningManagement System (LMS).Moodle is a highly customizable platform that can be hosted on most servers.Currently used in 220 countries, in over 65 thousand sites (http://moodle.org/stats/).Moodlerooms.com offers Moodle hosting services that are HIPAA and FERPA compliantLarge community of developers working to improve the platform.As an open source software, anyone could find its vulnerabilities. (No Backdoor Access)Installations may or may not utilize https and robust user authorization systems.
  23. 23. Internet Start Up Companies (Varies by Start Up)Privacy Policy Last Updated: Will vary depending on the start up.Overview: Large number of programs with multiple advantages.May be more willing to meet HIPAA and other security requirements than a larger companyPrivacy could increased for participants if an internal product is developedA start up could change its business plan or fail to secure data properlyWith the exception of Moodle all other discussed sites have been awarded a TRUSTe sealCarefully consider a partnership with a start up, especially if the data is of delicate natureAdapting software that is already available to meet a different function can be complicatedNo online environment addressed all of the elements discussed by other team members

×