From: Tony Sanfilippo <[log in to unmask]> Date: Thu, 13 Feb 2014 11:29:12 -0500 As a data point, at the Penn State Press we do monitor some behavior, and use cookies, but I think the key is just how far you're willing to go in collecting this information, and if you've gone that far, is what you're collecting really that useful. Sure, we have to follow some University policies, but we do get a bit more rope and I think it's because they understand we need it as a commercial enterprise. We actually don't have to follow quite a few University rules, like their web style requirements, or some of their purchasing policies, and we don't have a privacy policy on our site, and have never been asked about it by a customer or the University. The University's privacy policy is interesting in that its only two rules that really impact us are: Don't collect personal information without permission, and don't sell any information you do collect. The actual policy is long (http://www.psu.edu/web-privacy-statement), but as for what really applies to us, that first paragraph seems most relevant. And thus far they've been pretty hands-off. If we wanted to appeal for an exemption to collecting personal information, we might get it, if we could define its scope and the purpose we'd have for it. But I'm not sure I have a good use for what we might collect, at least not more than what I might be able to infer from other sources, like the demographics of the marketing lead/mail/email lists that the peddlers of such information offer us, or what we might learn from print ad venues we've had success with, and their target demographics which they typically share with us, or the information that some scholarly societies offer in their conference marketing materials. Within the marketing and sales department we frequently ask ourselves about both the utility and the ethics of gathering some kinds of data. For example, we're already measuring traffic to our site using Google Analytics, and we're using Analytic tracking codes in the URLs we use in social media and email campaigns. And we count those who come to our site and then leave using our links to Amazon, or Powell's or other book sites, however none of that is personal data. But with a couple of slight modifications we could be collecting information on where these visitors live, their probable income, education level, or gender. But is it worth taking that ethical and bureaucratic leap just to refine the income level of a typical visitor? We already know a bit about their education level just by their interest in our books, and I'd like to think our products are for the most part gender-neutral, so what do we gain by collecting that data? Another issue to consider is the demographic of the typical university press marketer. Chances are they themselves are blocking cookies, and/or have JavaScript turned off, and/or use ad-blockers, so their interest in collecting this information is a bit colored by their own preferences and awareness of the issues involved. They probably find some of this tracking a bit creepy, and probably want to only do what they themselves are comfortable with, maybe a little bit more when pushed. But they don't like what they find on the web in terms of information gathering, and they don't want to be a part of that problem. All that said, there are some questions I'd like to know, if I could gather unlimited amounts of data about our web visitors and our direct-to-consumer customers. First, how many are librarians and from where? Next, what book pages do those with a low income look at and then leave without making a purchase? And finally, we know who left a book page and then went to Amazon, but we can't easily or confidently match that exit with a sale at Amazon, or any other number of associate programs we work with. We can make inferences, but I'd really like to know what happens after they leave. I'd like to see that kind of information, but I would want to seek the University's blessing before I collected it, and I'm not sure my educated guesses about those questions are so inaccurate that it's worth it, or that it would significantly change how we do things. Anyway, yes, I'd love more quality data, but I don't want or need to know everything. A lot of data isn't the same as useful data. Hope that's helpful, Tony Sanfilippo Penn State Press On Wed, Feb 12, 2014 at 10:57 AM, LIBLICENSE <[log in to unmask]> wrote: > > From: Joseph Esposito <[log in to unmask]> > Date: Wed, 12 Feb 2014 08:49:37 -0500 > > Ken, > > No quarrel with anything you have here, but you are looking at this > from the point of view of the end-user, which is only part of the > equation. What has caught my attention is that some organizations > (and I am thinking in particular of universities and university > presses) may be collecting data without knowing it or at least without > their staff knowing all the implications. That's how I interpret Eric > Hellman's earlier comment. I am still investigating this and would > certainly like to know if anyone can cite instances of tracking and > data collection by such organizations. > > Joe Esposito > > > On Tue, Feb 11, 2014 at 6:52 PM, LIBLICENSE <[log in to unmask]> wrote: > > > > From: Ken Masters <[log in to unmask]> > > Date: Tue, 11 Feb 2014 08:59:43 +0100 > > > > Hi All > > > > Eric is quite right. There are, though, several problems: > > > > 1. Not everyone knows that Google Analytics is running (how many > > people on this list knew it?). > > 2. Not everyone knows how to disable it. (how many people on this > > list knew it?). > > 3. Experience of social media has taught us that privacy policies are > > not cast in stone, and can change at any moment. (Google and Facebook > > are prime examples of this.) > > 4. The data collected are not 100% safe. (No-one can guarantee that). > > 5. While many information-gatherers anonymise data, there is no set > > procedure or protocol for doing so, and the process of de-anonymising > > data is advanced. There there are several studies showing how > > successful this process is (and it requires nothing illegal, no > > hacking, etc). > > 6. Google Analytics is only one. There are hundreds. > > > > Unfortunately, the bottom line is simple. If you're doing any of these: > > - using a standard browser (e.g. Firefox, IE, Chrome), without any blockers > > - using a standard email account (e.g. gmail, yahoo, or your > > university or company account) > > - using your standard email address to access ANY public discussion > > group (including this one), social networking site, blog or newspaper > > comment page, etc. > > - not using a secure virtual private network (VPN) > > - not frequently and regularly running anti-virus and anti-spyware > > software (ignore your institutional safeguards - install your own), > > > > Then you can safely assume that your activities are being tracked and > > archived, either by the service providers (and then passed on to third > > parties) or by third parties directly. > > > > George Orwell was an optimist. Be careful what you type next :-) > > > > > > Regards > > > > Ken > > > > ------ > > > > Dr. Ken Masters > > Asst. Professor: Medical Informatics > > Medical Education Unit > > College of Medicine & Health Sciences > > Sultan Qaboos University > > Sultanate of Oman > > E-i-C: The Internet Journal of Medical Education