There are many organizations around the globe offering attractive and useful web services on the Internet, such as Dropbox, Facebook, Google Docs, etc., which are commonly referred to as Web 2.0 services. Some staff members and departments have expressed interest in adopting these services for teaching, research, administration or departmental purposes.
While there may be perfectly valid reasons for using external web services, it is important that, when making the decision to use such services, the individual and the department concerned recognize the risks involved.
With the assistant of Dr Iain Doherty, Director of eLearning Pedagogical Support Unit (EPSU) of the Centre for the Enhancement of Teaching and Learning, we have prepared the following documents:
- “Guidelines for Using External Web 2.0 Services”
Two Case Study documents illustrating the use of the Guidelines to evaluate the risks of using:
- a Dropbox repository for sharing of files among a teacher and a group of students
- a Facebook Group as a departmental site for dissemination of information.
The input from Mr Joe Poon, the University’s Data Protection Officer, on these documents is greatly appreciated.
The Guidelines document gives guidance to University staff on some of the issues which need to be considered before using external web services. Some issues are related to meeting the legislation and the University’s regulations. A risk assessment template for assessing the risk of using such services is included in the Appendix of the Guidelines document.
A staff member who considers using an external application or service is advised to do the following:
study the Guidelines, paying particular attention to the sections related to meeting the legislation and the University’s regulations;
conduct a risk assessment using the template at the Appendix of the Guidelines document; and
- submit a proposal for adopting the service together with a duly completed risk assessment report for approval of the Department Head concerned.
A department should maintain a Register of all external web services adopted and in use in the Department for university purposes.
Whenever there is any change to the Terms and Conditions of an external web service in use, the staff concerned should re-assess the associated risk; notify the Department Head if there is any increase in the risk, and file the revised risk assessment report in the Department’s Register.
M C Pong
Phone: 3917 6232