Column by Krish Muralidhar

I welcome Professor Christopher Rice’s commentary in the Kentucky Kernel (August 28) regarding the Big Blue Network. I have had several e-mail conversations with Rice and Assistant Provost Randolph Hollingsworth regarding this matter. I am writing this letter in the interest of fostering a broader conversation regarding privacy issues in the UK community.

Based on the description provided by Rice, I see two distinct purposes for BBN. The first is to create a social network where freshmen students can better connect with the rest of the university and with each other. As with any other network, they are expected to follow a certain code of conduct. When violations occur, the administrator of the network takes the appropriate steps to correct the problem. This is clearly stated in the original privacy policy (which Rice was kind enough to share with me), and everyone who joins the network should be aware of this policy.

The second purpose of BBN is to “ … collect data that helps us to assess the effectiveness of our efforts.” While this is an admirable goal, the participants of the network were not informed of this purpose. Nowhere in the description of BBN or its original privacy policies is this purpose even mentioned. The systematic collection and analysis of the comments posted on BBN without informing the participants is the heart of the problem. My stand on this matter is simple: If one of the intended purposes of BBN was to collect data to help assess effectiveness, then the participants should have been informed of this purpose.

When I raised this issue, I was originally informed that students “opt in” to the collection of data for retention and success efforts when they confirm their admission to the university, and it is perfectly legal to analyze the posted comments. It is true that many commercial organizations use this “fine print” approach when gathering data. However, as an institution dedicated to research and higher learning, I think UK has to hold itself to a higher standard on issues concerning the privacy of its students, faculty and staff. Even if it is legal, the right thing to do would have been to inform all BBN participants that their posted comments will be gathered and analyzed.

Rice has since informed me that the privacy policy has been modified to inform the participants that posted comments will be gathered and analyzed for assessing effectiveness. He has shared the modified policies and I agree that they are indeed very detailed and clear. It is unfortunate that such a statement was not included in the original privacy policy.

There are a couple of issues which remain unresolved. First, what is UK going to do with the comments posted before the privacy policy was modified? I think those who posted comments before the modifications must be able to “opt out” (have their comments excluded from analysis). If this is not possible, then only those comments that are posted after the privacy policy was modified should be analyzed.

Second, UK needs to be very careful to protect student identity once this data is collected. I am sure that student names and identification will be removed. Commonly, there is a mistaken notion that once names and other identifiers are removed, the data is anonymous and can be shared freely. Unfortunately, stripping identifiers does not assure anonymity. Comments posted on social networks typically contain a lot of personal information. In many cases, using the contents of a comment alone, it would be easy to identify the individual who posted the comment. Hence only a few approved individuals should be allowed to access and analyze the data.

Rice says that “Generation Y live their lives more openly than other generations.” We should reciprocate their openness.