Web Privacy Policies in Higher Education: How Are Content and Design Used to Provide Notice (Or a Lack Thereof) to Users?

  • Anna L. Langhorne
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)


This paper explores the content themes and provision structures of the website privacy policies of a nonrandom sample of comparable universities across the United States. Because these organizations collect, analyze, and manage personal information via digital media, it is important to evaluate the legal content and usability of their privacy policies. The issue is complex, because technology continues to advance, privacy policy standards continue to evolve, and the law is unclear on many aspects of privacy. Furthermore, the education sector lags industry in its implementation of privacy and security programs. A content analysis was conducted to identify patterns in legal provisions, general usability, and communication of sixteen university web privacy policies. This approach revealed what universities disclose about their information practices and user rights. The results reveal the commonalities of how web privacy policies are structured, what concepts are presented, and what information is absent. Additionally, recommendations are shared regarding how to develop comprehensive online privacy policies appropriate for higher education.


Privacy privacy policy privacy law information practices security usability higher education information sharing communication cyber security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    DeSantis, N.: U. of Iowa Shares Data With Local Sheriff on Students Seeking Gun Permits. The Chronicle of Higher Education (December 17, 2013)Google Scholar
  2. 2.
    Culnan, M., Carlin, T.: Online Privacy Practices in Higher Education: Making the Grade? Communications of the ACM 52(2), 126–130 (2009)CrossRefGoogle Scholar
  3. 3.
    Loh, W.: UMD Data Breach (2014),
  4. 4.
    Cox, J.: Are Colleges and Universities at Greater Risk of Data Breaches? Network World (2010),
  5. 5.
  6. 6.
    FERPA, 34 C.F.R. section 99.3 (2011)Google Scholar
  7. 7.
    California Social Media Privacy Law S.B. 1394 (2012)Google Scholar
  8. 8.
    Jensen, C., Potts, C.: Privacy Policies as Decision-making Tools: An Evaluation of Online Privacy Notices. Paper presented at the CHI 2004, Vienna, Austria (2004)Google Scholar
  9. 9.
    Cranor, L., Guduru, P., Arjula, M.: User Interfaces for Privacy Agents. ACM Transactions on Computer-Human Interaction 13(2), 135–178 (2006)CrossRefGoogle Scholar
  10. 10.
    McDonald, A.M., Reeder, R.W., Kelley, P.G., Cranor, L.F.: A Comparative Study of Online Privacy Policies and Formats. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 37–55. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Au, N., Law, R.: Presentation Formats of Policy Statements On Hotel Websites and Privacy Concerns: A Multimedia Learning Theory Perspective. Journal of Hospitality & Tourism Research (2012)Google Scholar
  12. 12.
    Goel, S., Chengalur-Smith, I.N.: Metrics for Characterizing the Form of Security Policies. The Journal of Strategic Information Systems 19(4), 281–295 (2010)CrossRefGoogle Scholar
  13. 13.
    Vail, M.W., Earp, J.B., Antón, A.I.: An Empirical Study of Consumer Perceptions and Comprehension of Web Site Privacy Policies. IEEE Transactions on Engineering Management 55(3), 442–454 (2008)CrossRefGoogle Scholar
  14. 14.
    Article 29 Data protection Working Party, Opinion on More Harmonised Information Provisions 1198704/EN WP 100, European Commission (2004)Google Scholar
  15. 15.
    Kelley, P., Cesca, L., Bresee, J., Cranor, L.: Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach. In: Proceedings of the 28th International Conference on Human Factors in Computing Systems, p. 1573. ACM, New York (2010)Google Scholar
  16. 16.
    Angulo, J., Fishcer-Hübner, S., Wästlund, E., Pulls, T.: Toward Usable Privacy Policy Display and Management. Information Management & Computer Security 20(1), 4–17 (2012)CrossRefGoogle Scholar
  17. 17.
    Leon, P., Cranshaw, J., Cranor, L., Graves, J., Hastak, M., Ur, B., Guzi, X.: What Do Online Behavioral Advertising Disclosures Communicat to Users? Carnegie Mellon University CyLab (2012)Google Scholar
  18. 18.
    Heng, X., Dinev, T., Smith, J., Hart, P.: Information privacy Concerns: Linking Indivdiual Perceptions with Institutional Privacy Assurances. Journal of the Association for Information Systems 12(12), 798–824 (2011)Google Scholar
  19. 19.
    Flavián, C., Guinalíu, M.: Consumer Trust, Perceived Security and Privacy Policy: Three Basic Elements of Loyalty to a Web Site. Industrial Management & Data Systems 106(5), 601–620 (2006)CrossRefGoogle Scholar
  20. 20.
    McRobb, S., Rogerson, S.: Are They Really Listening? An Investigation Into Published Online Privacy Policies at The Beginning of The Third Millennium. Information Technology & People 17(4), 442–461 (2004)CrossRefGoogle Scholar
  21. 21.
    Reay, I., Beatty, P., Dick, S., Miller, J.: Privacy Policies and National Culture on the Internet. Inf. Syst. Front. 15, 279–292 (2013)CrossRefGoogle Scholar
  22. 22.
    Jensen, C., Potts, C.: Private Policies Examined: Fair Warning or Fair Game? (2003)Google Scholar
  23. 23.
    Earp, J.B., Antón, A.I., Aiman-Smith, L., Stufflebeam, W.H.: Examining Internet Privacy Policies within the Context of User Privacy Values. IEEE Transactions on Engineering Management 52(2), 227–237 (2005)CrossRefGoogle Scholar
  24. 24.
    Meinert, D., Peterson, D., Criswell, J., Crossland, M.: Privacy Policy Statements and Consumer Willingness to Provide Persona Information. Journal of Electronic Commerce in Organizations 4, 1–17 (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Anna L. Langhorne
    • 1
  1. 1.Department of CommunicationUniversity of DaytonDaytonUSA

Personalised recommendations