In February, the Office of the Chief Information Officer released guidelines for third-party networks, such as social media sites, that have been generating conversation among Ohio State faculty and staff. According to the guidelines, individuals, not the university, would be held liable if any legal action were to be taken against social media pages for their departments, groups or organizations.
The guidelines, titled “Cloud Computing Guidelines for Teaching, Administrative Support, and Research,” state that “Faculty, staff, and students are not authorized to enter into legal contracts on behalf of OSU, and may not consent to click-through agreements for the purposes of university business. If individuals approve these agreements, they would be personally responsible in any legal actions related to the services.”
Any site that requires a terms-of-service agreement upon registration would put sole responsibility on the individual user if a lawsuit or other legal action were to arise in relation to the site. The problem is that many groups and departments at OSU are encouraged to make social media sites as part of their jobs or to publicize an organization or group they are part of. Many are wondering how these new guidelines will affect the operation of those pages.
Kellie Uhrig, director of Marketing Communications for Student Life, sent out an e-mail in March telling everyone “not to halt social media promotional efforts” as long as they are following the guidelines.
“I greatly encourage everyone NOT TO PANIC about these guidelines,” Uhrig wrote. “You can review the [Office of Chief Information Officer] recommendations to help you use social media as responsibly as possible, if you have concerns.”
Joanne Dehoney, senior director of Learning Technology for the Office of the Chief Information Officer, said these guidelines, which were compiled from 11 existing university policies, were created as a security measure to help students, staff and faculty understand the risks associated with social media and third-party Web sites. They were not created in response to any action taken against the university.
Ted Hattemer, director of New Media for University Communications, who helps run OSU’s social media sites, said he has not received any complaints regarding the university’s YouTube, Facebook, Twitter, LinkedIn or Flickr pages.
The university is working on establishing agreements with these third-party Web sites in order to clear licensing agreements so that in the future, if action were to be taken against a page associated with OSU, the university would be held responsible.
Sites the university is interested in clearing licenses for include Facebook, Twitter, YouTube, Flickr and Google. However, there is no set timeline for when OSU will have cleared these licenses.
One issue the guidelines address is the use of copyrighted images. Margo Garcia-Hunter, the visual-branding lead for the Office of Chief Information Officer, said images such as Brutus, the Block O, the Ohio State University Seal and the Alumni Association Logo, are among some of the university’s most widely recognized images that are under copyright and cannot be used or reproduced without permission from the university. The guidelines encourage users to be cautious with copyrighted images and to consult the university before using them on sites.
Another issue the guidelines address is how to protect sensitive student information, such as grades, social security numbers and other data deemed private by FERPA. According to the guidelines, users are not to use personally identifying information unless the university has deemed the information to be public. Examples of public information include anything listed in the university directory, on “Find People,” or on OSU’s Web site.
One issue the guidelines do not address is the posting of photos. Dehoney said individuals should still use basic photo privacy practice. For example, they should not post photos of students without their permission. However, the issue can still be confusing.
“People are used to operating in the cloud that is very loose,” Dehoney said. “Pictures get posted, you tag them, you have to go through the effort of untagging if you didn’t want your picture out there with your name on it. It can be a little bit tricky, so I think actually it would be something to add to the tips, a specific statement on pictures.”
Dehoney compares the conversation about social media sites to the time when the Internet first emerged and those at the university were encouraged to make Web sites for their departments, organizations and groups.
The difference between making Web sites and using social media pages is that the Web sites, like the university’s page at osu.edu, operate on a university-managed server, whereas on social media sites, the university does not control or manage the servers, Dehoney said. That is why the university, in these guidelines, encourages those who make these sites to be cautious in what information they are putting on non-contracted third-party sites.
Because no legal action has been knowingly taken against any third-party sites associated with OSU, it is unknown how exactly the university would respond if any legal action were to be taken against one of these sites.
“That is the heart of the question right now,” Dehoney said. “How do we address it and in what context? I think this is one of those keep-posted situations, where there is going to be a lot of change over the next year to 18 months probably, where different ways of thinking about it will emerge because it’s such untested grounds.”
To learn more about the Cloud Computing Guidelines, visit cio.osu.edu/policies/cloud.
