MN30281: Privacy, Trust and Security in Information Systems

Unit Convenor:

Dr Richard Kamm r.m.kamm@bath.ac.uk

School of Management, University of Bath Room – East Building 3.1

Semester 1, 2019/0, Wednesday 11.15-13.05 (room 3E3.5)

Aims and General Principles

The aim of this unit is to examine in-depth current controversies, topics and theories in
the area of privacy in information systems and its relation to the subjects of trust and
security.

As information systems become more social, and personal, in nature, so almost all recent
developments in information technology pose critical questions around privacy, trust
and security issues. This unit begins by examining the nature of privacy and trust, taking
a multi-disciplinary look at how each can be discussed, particularly considering current
technology. A series of case studies (e.g. data mining; surveillance and the workplace,
cyber-crime, tracking of children, economics of privacy and security) are then used to
develop an understanding of the role of privacy, security and trust in the
implementation and acceptance of new technology. The regulatory and legal
environment (e.g. data protection laws) is also considered, alongside potential methods
for organizations to understand the role of privacy and security in their use of
information systems.

Some wide and important questions are addressed along the way, e.g.
 Is privacy an important human right?
 Is privacy over-valued in current debates?
 Is technology fundamentally changing our attitudes towards privacy?
 Are we building organizations that are inherently leak-prone?
 Do attitudes towards privacy vary across cultures, and if so why?
 What makes us vulnerable to scams?
 How does encryption work and is it effective?

It is critical that anyone who works in information technology or information

management has addressed these issues. But also anyone who works in an organization
of any size is likely to have to address some of them at some point. Failure to do so can
lead to failure of the organization.

Students taking the unit are from:

BSc Computer Science with Business; BSc Business Administration; BSc Accounting and
Finance, BSc International Management and Modern Languages; BSc/MSci Chemistry
with Management; BSc Management/Int Management/Mgt with Marketing.

Unit Administration

The Moodle course for the unit will be the site where some reading will be made
available, copies of important documents, like this outline and the assignment
specifications, will be made available and assignments will be submitted and feedback
on them returned. An extended version of this document, including recommended
reading for all topics is included in this.

If you are not a member of the Moodle course, then please contact the unit convener
(contact details at the head of the document).

Week Taught session Comments/external work

1 Introduction to the unit Privacy article (Solove)
Introductory case study – child tracking. Consider privacy harms
Complete skills questionnaire (for
group assignment)
2 Privacy concepts – general definitions. Group formation
Where does trust come in? Social media – are we private?
Privacy and ethics – review privacy harms
work
Some critics of privacy

3 Privacy and technology, including the
impact of big data
Introduction to the group assignment –
what makes a good submission?
4 Privacy and law – the EU’s “right to be
forgotten” and the General Data Protection
Regulation and the US approach
Developments in the rest of the world.
Consider the impact of big data – what
kind of difference (if any) does it make
to privacy.
Consider the organization type that
your group is selecting – what are the
privacy concerns of its
clients/customers?

5 Security – organizational questions – what Consider your response to emails

makes an information security policy?
Social Engineering – what is it and why is it
effective?
6 Trust – principles and frameworks
Trust in social media – the links to privacy
and security
from people you don’t know. Do you
regularly think they are dodgy and
treat them accordingly?
Consider the standard Trust model –
how is it applied to a situation you are
familiar with?

7 Privacy and culture in international Submit a brief proposal for the

perspective. individual essay – article and subject.

8 RK available to discuss group assignment Complete brief feedback for one of

your colleagues’ essay proposals.

9 Security – a brief introduction to Crypto Wars. Why are public

encryption. What is it and why/when is it standards of cryptography more
effective? effective than those developed in
secret?

10 Wider privacy issues for the future

11 No session. Time for you to work on

assignments.

Contacting the Unit Convenor

My office hours are identified in Moodle, but please contact me in advance, via the
booking facility. The IDO group now inhabits an open plan office, so conversations with
students need to take place to a schedule in secluded meeting rooms.
Suggested background reading:

Solove, Daniel (2009), Understanding Privacy.

Baase, Sarah, A Gift of Fire, especially chapters 2, 3 and 10 is a good text on ethics and
computing.
Whitty, M.T. & Joinson, A.N. (2008). Truth, Lies and Trust on the Internet. Taylor and
Francis. The proofs of the book (not for distribution) are available in Moodle. One of the
authors designed this unit.
Schneier, Bruce (2015), Data and Goliath.
Lyon, David (2015), Surveillance after Snowden.
Topic-specific reading for each session is in the expanded version of this document in
Moodle.

Topic-specific reading

1. Privacy – general principles and background.

Solove, Daniel J., "A Taxonomy of Privacy". University of Pennsylvania Law Review, Vol.
154, No. 3, p. 477, January 2006 Available at SSRN: http://ssrn.com/abstract=667622

Morozov, Evgeny (2013), The Real Privacy Problem, MIT Technology Review, October
2013.

Margulis, S.T. (2003). On the status and contribution of Westin’s and Altman’s theories
of privacy. Journal of Social Issues, 59, 411-429.

H.T. Tavani (2007). Philosophical theories of Privacy: Implications for an adequate

online privacy policy, Metaphilosophy, 38, 1-22

Warren, S., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4, 193–
220.

Fuchs, C. (2011). Towards an alternative concept of privacy. Journal of Information,

Communication and Ethics in Society, 9:4 , 220-237.

2. Privacy and Technology

Sparck-Jones, K. (2003). Privacy: What’s different now? Interdisciplinary Science

Reviews, 28, 287–292.

Fromkin, A.M. (2000). The death of privacy? Stanford Law Review, 52, 1461-1543.

N. K. Malhotra, S. S. Kim and J. Agarwal, “Internet users' Information privacy concerns

(IUIPC): The construct, the scale and a causal model”, Information Systems Research, 15,
2004, pp. 336-355.

Berendt, B., Gunther,O., & Spiekermann,S. (2005). Privacy in e-commerce: Stated

preferences vs. actual behavior. Communications of the ACM, 48, 101-106.

danah Boyd and Kate Crawford (2011), Six Provocations of Big Data, A Decade in
Internet Time: Symposium on the Dynamics of the Internet and Society,
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1926431.
Omer Tene & Jules Polonetsky (2012), Privacy in the Age of Big Data, Stanford Law
Review, http://www.stanfordlawreview.org/online/privacy-paradox/big-data

Gideon, J., Cranor, L., Egelman, S., Acquisti, A. (2006). Power strips, prophylactics, and
privacy, oh my! Proceedings of the second symposium on Usable privacy and security,133-
144.

Susan Landau, Making Sense from Snowden: what's significant in the NSA surveillance
revelations? (2013) IEEE Security and Privacy, July/August 2013, 54-63.(available from
http://www.computer.org/cms/Computer.org/ComputingNow/pdfs/MakingSenseFro
mSnowden-IEEESecurityAndPrivacy.pdf)

Maria Tzanou, Is Data Protection the same as Privacy? An analysis of

telecommunications' metadata retention measures, Journal of Internet Law, September
2013, vol17 issue 3, 21-34.

Arvind Narayanan and Dillon Reisman, The Princeton Web Transparency and
Accountability Project, http://randomwalker.info/publications/webtap-chapter.pdf .
Appearing in Cerquitelli, Tania, Quercia, Daniele, Pasquale, Frank (2017) Transparent
Data Mining for Big and Small Data.

Brown, I. And Korff, D. (2009), Terrorism and the proportionality of internet

surveillance, European Journal of Criminology, 6:2, 119-132.

Waldman AE. (2018), Privacy, Notice, And Design, 21 Stan. Tech. L. Rev. 129,
https://law.stanford.edu/wp-content/uploads/2018/01/Waldman_FINAL-Formatted-
011818.pdf

3. Privacy and Law

Bennett, C. and Raab, C. (1997), The Adequacy of Privacy: The European Union Data
Protection Directive and the North American Response, The Information Society Volume
13, Issue 3, pp. 245-64.

Long, W. and Quek, M. (2002), Personal data privacy protection in an age of

globalization: the US-EU safe harbor compromise, Journal of European Public Policy,
Volume 9, Issue 3, pp. 325-44.

Pearce, G. and Platten, N. (1998), Achieving Personal Data Protection in the European
Union. Journal of Common Market Studies, vol. 36 pp. 529–547.

Bergkamp, L. (2002), The Privacy Fallacy: Adverse Effects of Europe's Data Protection
Policy in an Information-Driven Economy, Computer Law & Security Report, 18 (1), pp.
31-47.

Rosen, J. (2012), The Right to Be Forgotten, Stanford Law Review,

http://www.stanfordlawreview.org/online/privacy-paradox/right-to-be-forgotten?
em_x=22

De Hert, P. and Papakonstaninou,V. (2012). The proposed data protection regulation

replacing Directive 95/46/EC: A sound system for the protection of individuals.
Computer Law & Security Report, 28 (2).
Baumer, D.L. et al (2004). Internet privacy law: a comparison between the United States
and the European Union. Computers & Security, 23 (5) 400-412.

Esteve, A. (2017), The business of personal data: Google, Facebook, and privacy issues in
the EU and the USA. International Data Privacy Law, 7(1).

4. Trust: general issues and application to information systems

Whitty and Joinson Ch 9

Waldman, AE (2016). Privacy, Sharing, and Trust: The Facebook Study, 67 Case W. Res.
L. Rev. 193, https://scholarlycommons.law.case.edu/caselrev/vol67/iss1/10

Mayer, R, et al, (1995). An Integrative Model of Organizational Trust, Academy of

Management Review, 20, 3, pp. 709-34.

Sultan, F., Urban, G.L., Shankar, V. & Bart, I.Y. (2002) Determinants and role of trust in e-
business: A large scale empirical study. MIT Sloan School of Management working paper
4282-02. Available online at https://dspace.mit.edu/bitstream/1721.1/1826/2/4282-
02.pdf

Paine, C.B.& Joinson, A.N. (2008). Privacy, Trust and Self-Disclosure. In A.Barak (Ed.),
Psychological Aspects of Cyberspace: Theory, Research, Applications. Cambridge:
Cambridge University Press.

Papadopoulou, P., Andreou, A., Kanellis, P., Martakos (2001). Trust and relationship
building in electronic commerce. Internet Research, 11, 322 - 332

Michelle Carter, Ryan Wright, Jason Bennett Thatcher & Richard Klein, Understanding
online customers’ ties to merchants: the moderating influence of trust on the
relationship between switching costs and e-loyalty, European Journal of Information
Systems, 2014, 23: 185-204.

Resnick, P., Zeckhauser, R., Friedman, E., & Kuwabara, K. (2000). Reputation systems.
Communications of the ACM, 43 (12), 45-48.

Bhattacherjee, A. (2002) Individual trust in online firms: Scale development and initial
test. Journal of Management Information Systems, 19, p.211-241

Morey, T. et al (2015), Customer Data: Designing for Transparency and Trust, Harvard
Business Review, vol 93: 5 97-105.

6. Security – people, technology and organizations

Spagnoletti, Paolo and Resca, Andrea (2008) The duality of Information Security
Management: fighting against predictable and unpredictable threats. Journal of
Information System Security, 4 (3). p. 46-62.

Schneier, B. (2004), Secrets and Lies: Digital Security in a Networked World, Wiley,
Chichester.

Adams, A. and Sasse, M. A. 1999. Users are not the enemy. Communications of the ACM
42, 12 (Dec. 1999), 40-46.
West, R. (2008). The Psychology of Security. Communications of the ACM, 51 (4), 34-40

Flechais, I., Riegelsberger, J., and Sasse, M. A. 2005. Divide and conquer: the role of
trust and assurance in the design of secure socio-technical systems. In Proceedings of
the2005 Workshop on New Security Paradigms (Lake Arrowhead, California, September
20- 23, 2005). NSPW '05. ACM, New York, NY, 33-41

Siponen, M. T. and Oinas-Kukkonen, H. 2007. A review of information security issues and

respective research contributions. SIGMIS Database 38, 1 (Feb. 2007), 60-80.

Dhamija, R., Tygar, J.D., & Hearst, M. (2006). Why phishing works. Proceeding CHI
2006, ACM Press (2006), 581-590.

Anderson, R. & Moore, T. (2006). The Economics of Information Security, Science, Vol.
314, pg 610-613.

Acquisti, A. & Gross, R. (2009). Social Insecurity: The Unintended Consequences of

Identity Fraud Prevention Policies, Workshop on the Economics of Information Security.
University College London.

Goucher, W., (2010). The Battle for Autonomy. Computer Fraud and Security, 2010,
issue 9, pp. 5-7.

Singh, S. (1999), The Code Book, Fourth Estate, London.

Spiekermann, S., Grossklags, J. & Berendt, B. (2001). E-privacy in 2nd Generation

ECommerce: Privacy Preferences versus actual Behavior, ACM Conference on Electronic
Commerce (pp. 38-47). Tampa, FL, USA.

Anderson, R., Stajano, F and Lee, J (2002), Security Policies, Advances in Computers,
http://www.cl.cam.ac.uk/~fms27/papers/2001-AndersonStaLee-policies.pdf.

Backhouse, J. & Dhillon, G., 2000. Information System Security Management in

the New Millennium. Communications of the ACM, 43 (7), p. 125-128.

Boh, W., Sia, S., Soh, C. & Tang, M., ed. 2000. A Contingency Analysis of Post-Bureaucratic
Controls in IT-Related Change. ICIS 2000, December 10-13, 2000, Brisbane, Australia.

Brewer, D.F.C & Nash, M.J.(1989). The Chinese Wall security policy. IEEE, p. 206-214.

Clark, D. D. & Wilson, D. R., ed. 1987. A Comparison of Commercial and Military
Computer Security Policies., p. 184-194.

Chen, Yan; Ramamurthy, K.; Wen, Kuang-Wei, 2012. Organizations' Information Security
Policy Compliance: Stick or Carrot Approach? Journal of Management Information
Systems. Winter 2012, Vol. 29 Issue 3, p157-188.

Siponen, Mikko; Adam Mahmood, M.; Pahnila, Seppo, 2014. Employees’ adherence to
information security policies: An exploratory field study. Information & Management.
Mar2014, Vol. 51 Issue 2, p217-224.
Stahl, Bernd Carsten; Doherty, Neil F.; Shaw, Mark (2012). Information security policies
in the UK healthcare sector: a critical evaluation. Information Systems Journal. Vol. 22
Issue 1, pp. 77-94.

Alex Blau (2017), The Behavioural Economics of why Executives underinvest in

cybersecurity, Harvard Business Review.

7. Privacy and Culture

Bellman, S. et al (2004), International Differences in Information Privacy Concerns: A

Global Survey of Consumers, The Information Society, Volume 20, Issue 5.

Cö llste, G. (2007), Globalisation, ICT-Ethics And Value Conflicts, Ethicomp 2007.

R. Cullen, "Citizens’ Concerns about the Privacy of Personal Information Held by

Government: A Comparative Study, Japan and New Zealand," HICSS , (2008), p.
224, 2008.

Ethics and Information Technology, vol 7, no 1 (2005) Special Issue on Privacy and Data
Privacy Protection in Asia

Milberg, S.J., Burke, S.J., Smith, H.J. and Kallman, E.A. (1995), Values, personal
information privacy, and regulatory approaches, Communications of the ACM, vol 38, 12,
65-74.

Milberg, S.J., Burke, S.J. and Smith, H.J (2000), Information Privacy: Corporate
Management and National Regulation, Organization Science, vol. 11, 1, 35-57.

Hofstede, G. (1997), Cultures and Organizations: software of the mind, McGraw-Hill,

London.

Francis Harvey, (1997) "National cultural differences in theory and practice: Evaluating
Hofstede’s national cultural framework", Information Technology & People, Vol. 10 Iss:
2, pp.132 – 146

Caroline Lancelot Miltgen and Dominique Peyrat-Guillard, Cultural and generational

influences on privacy concerns: a qualitative study in seven European countries,
European Journal of Information Systems (2014) 23, 103–125.

Kennedy, G. et al, (2009), Data protection in the Asia-Pacific region, Computer Law &
Security Review 25, 59–68

8. Criticisms of Privacy

Etzioni, A. (2007). Are New Technologies the enemy of privacy? Knowledge, Technology
and Policy, 20 (2), 115-119.

Etzioni, A. (2006). A Communitarian Approach: A Viewpoint on the Study of the Legal,

Ethical and Policy Considerations Raised by DNA Tests and Databases. The Journal of
Law, Medicine & Ethics 34(2) 214–221.

Etzioni, Amitai, Ultimate Encryption (May 11, 2015). South Carolina Law Review, Vol.
67, No. 3. Available at SSRN: https://ssrn.com/abstract=2605153
Dulipovici, A. and Baskerville, R. (2007). Conflicts between privacy and property: The
discourse in personal and organizational knowledge, The Journal of Strategic
Information Systems 16 (2)187-213.

Posner, Richard A., (1978), The Right of Privacy. Sibley Lectures. Paper 22.
http://digitalcommons.law.uga.edu/lectures_pre_arch_lectures_sibley/22

9. Designing and enabling trust through technology

Joinson, A., & Whitty, M. (2008). Watched in the workplace, Infosecurity, Volume 5,
Issue 1, January-February 2008, Pages 38-40.

Handy, C. (1995). Trust and the virtual organization. Harvard Business Review, 73, 40–
50.

Hoffman, D.L., Novak, T.P. and Peralta, M. (1999) Building consumer trust online.
Communications of the ACM, 42, 80-85

Bos, N., Olson, J.S., Gergle, D., Olson, G.M., and Wright, Z. (2002). Rich Media Helps
Trust Development. In Proceedings of CHI 2002, 135-140. New York: ACM Press.

Jarvenpaa, S.L., Knoll, K. and Leidner, D.E. (1998) Is anybody out there? Antecedents of
trust in global virtual teams. Journal of Management Information Systems, 14, 29-64.

Ridings, C.M. et al. (2002). Some antecedents and effects of trust in virtual communities.
Journal of Strategic Information Systems, 11, 271-295

Abul-Rahman, A.& Hailes, S. (2000). Supporting Trust in Virtual Communities.

Proceedings of HICSS.

Papadopoulou, P., Andreou, A., Kanellis, P., Martakos (2001). Trust and relationship
building in electronic commerce. Internet Research, 11, 322 – 332

Alge et al. (2006). Information Privacy in Organizations: Empowering Creative and

Extrarole Performance. Journal of Applied Psychology, 91, 221-232.

10. Privacy and Social Networks

A Acquisti and R. Gross. Imagined Communities: Awareness, Information

Sharing, and Privacy on the Facebook, PET 2006 (available in Moodle)

Govani, T. and Pashley, H. (2007), Student Awareness of the Privacy Implications When
Using Facebook, available in Moodle.

boyd, dn and Ellison, N. B. (2007), Social network sites: Definition, history, and
scholarship. Journal of Computer-Mediated Communication, 13(1).

Houghton D. and Joinson, A. (2010), Privacy, Social Network Sites, and Social Relations,
Journal of Technology in Human Services, 28: 1, 74-94.

Joseph Bonneau and Sö ren Preibusch (2010), The Privacy Jungle: On the Market for Data
Protection in Social Networks, in Moore, T., Pym, D. Ioannidis, C., Economics of
Information Security and Privacy, online at
http://link.springer.com/chapter/10.1007/978-1-4419-6967-5_8# (ensure you are
within the University of Bath network when accessing this resource).

Ben Light, Kathy McGrath, (2010) "Ethics and social networking sites: a disclosive
analysis of Facebook", Information Technology & People, Vol. 23 Iss: 4, pp.290 – 311

11. Privacy and economics

Posner, Richard A. (1981), The Economics of Privacy, The American Economic Review,
Vol. 71, No. 2,

Odlyzko, A. (2003), Privacy, Economics, and Price Discrimination on the Internet,

available in Moodle.

Laura Brandimarte and Alessandro Acquisti (2012), The Economics of Privacy, in Martin
Peitz and Joel Waldfogel, The Oxford Handbook of the Digital Economy, OUP. (See also
articles in the same book on subjects such as price discrimination, reputation on the
Internet and advertising on the Internet).
MN30281 Privacy, Trust and Security in Information Systems

Semester 1 2017/8

Individual Assignment (70% of unit mark)

The purpose of the assignment is to allow you to acquire some specialized

knowledge by applying what is covered in the course and extending your knowledge
of the subject through your own work. It is designed as deliberately open to
encourage you to explore areas of your own interest, and to gain in-depth
understanding of a specific topic.

The essay should not exceed 3500 words, excluding references and diagrams. No
extensions of this word limit will be accepted.

The submission is to be uploaded to Moodle on or before 12.00 on Monday 18th

December 2017. Please upload it as a pdf.

Feedback will come via Moodle within 3 semester weeks, i.e. by the end of the
examination period.

You are encouraged to narrow the field of analysis to address specific industries
and/or organisations, but you should also make it clear what the resulting limitations
are for your conclusions. If you are keen to develop a topic outside of these areas or
address a different question within them, please contact me and we can discuss it.

Summative Feedback

An annotated copy of the essay, together with feedback against the assessment
criteria will be provided via Moodle.

The marking criteria used are in Moodle.

In assessing the work two key factors will be taken into account:

 The depth of the investigation - has it gone well beyond the description of the
topic and beyond the coverage in the course itself and the primary reference
works?

 Quality of the argument – can the reader follow you through to your
conclusion, while being confident that you have considered alternative views?

There is also a Moodle guide to essay writing at Topic 2 of the Academic Writing
course: http://moodle.bath.ac.uk/mod/imscp/view.php?id=183199 .

Referencing properly is a requirement.

Within the School of Management, it is recommended that the Harvard method is

used.
Further information on referencing work and plagiarism can be found on
http://www.bath.ac.uk/library/infoskills/referencing-plagiarism/ .
Potential Essay Titles

1. Privacy in society

Are traditional definitions of privacy still valid with 21st Century technology? Answer
with respect to one or two (not more) forms of IT use in contemporary society.

OR

Is privacy a purely Western concern and of no relevance to organisations in other

cultures?

OR

Do the broad definitions of privacy by writers such as Westin or Solove provide a

coherent basis for action and regulation?

OR

Discuss the criticisms made of the attention given to privacy by either Amitai Etzioni
or Richard Posner. Are these views becoming more or less valid with the
development of technology?

2. Privacy in International Context

The EU and the USA have different approaches to the data protection. Which, if
either, is likely to be more sustainable in the future?

OR

Are there any implications of Britain’s exit from the European Union for the regulation
of data protection?

OR

Do the cultural variables identified by Hofstede adequately explain the common

views of privacy taken in a country of your choice?

3. Marketing and privacy

Do data protection laws always hinder effective marketing?

4. Social networks and privacy

“The days of you having a different image for your work friends or co-workers and for
the other people you know are probably coming to an end pretty quickly…Having two
identities for yourself is an example of a lack of integrity.” (Mark Zuckerberg)

Is social networking creating fundamental changes in attitudes towards privacy?

5. Trust relations and monitoring in organisations

What is the impact of increased use of information technology on trust relations in ….
(choose a specific industry or social context)?

OR

Can the collection of performance data on employees be reconciled with the

maintenance of trust relations?

OR

Do changing trust relations in society have a significant impact on business use of

information?

6. Privacy and the IT profession

Are there good reasons for including privacy provisions in Codes of Practice of IT
professional bodies such as the BCS?

7. Privacy and the state

Should different or extra restrictions apply to the use of personal data by state, as
distinct from private sector, organisations?

OR

The EU has recently proposed extending its Data Protection Directive, including
instituting a “right to be forgotten”. Can this be implemented effectively?

8. Economics of Information

Can individual control of personal information be made into a tradable commodity?

9. Security of Information

Are we creating organisations that are inherently insecure in their use of information?

OR

Evaluate the common approaches taken to information security in an industry of your

choice.
Assessment Criteria: essays will be graded on the following criteria.

Very Outsta
Very poor Poor Adequate Good
Good nding
Demonstrates no Demonstrates good
knowledge, knowledge,
understanding of understanding of the
the subject matter subject matter
Merely a description A highly critical
of the subject evaluation of the
(task, situation subject (task,
etc.) situation)
No discernible or Logical and insightful
meaningful conclusions that clearly
conclusions and emerge from the
reflections to the analysis.
work
No evidence of Has understood and
wider reading. incorporated a range of
wider reading
Poorly written – Very clearly expressed
hard to understand and well written

Richard Kamm October 2017

 MN30281 Privacy, Trust and Security in Information Systems

Video briefing document

Background

Your group work task (contributing 30% of the overall module mark) is to develop a video on
a topic related to the course content aimed at people working in a particular industry or type
of organisation which explains to people working within it why and how they should take
account of privacy of personal data. Points made should be aimed at being relevant to that
industry or organisation and in a form which is meaningful to the intended audience.

The industry or organisation may be from the private, public or voluntary sectors. Be really
clear at the start who your audience are. You should ensure that you cover not only the
procedures or access rights, but also the reasons why they are important. Consider what kind
of security conventions are appropriate in that setting and what kind of threats they would
need to counter.

The video should be no more than 5 minutes long. It can take whatever form you think best
communicates the message.

Submission

By 12.00 on Monday 4th December 2017, you must upload your completed video to the
Learning Materials Filestore (http://www.bath.ac.uk/lmf/welcome). It must be shared with
Richard Kamm. Further instructions as to how to do this will be posted if necessary.

The full showing of all the videos will take place to the whole class in the lecture session on
Wednesday 6th December 2017.

The group should also submit a link to an e-portfolio. This will go to an assignment
submission facility in Moodle by the 12.00 on Monday 4th December 2017. Only one link is
needed.

The role of the video is to be a clear and coherent explanation of relevant points for the target
audience. It should be a realistic view which is appropriate for the type of organisation: what
kinds of issues are relevant for privacy in this context?

The role of the e-portfolio is to explain your approach to the understanding the needs of the
audience, why you selected the content of the video and the presentational style. Principles
and theory, e.g. on definitions of privacy, are relevant here, to explain the underpinning of the
video, rather than in the video itself. It should not contain more than 1200 words, but can
contain links, images, clips and other ways of getting points across.

Types of video:

You may adopt a speaking-to-camera style or use a mix of images and text. There are also
ways of creating animations and uploading them.

A video for the unit using live action is at http://people.bath.ac.uk/mnsrmk/OnlineDating.mp4

A video using animation (working to a different specification to the one used this year) is at
http://people.bath.ac.uk/mnsrmk/AnimatedVideoEg.mp4
There are also other examples of student video work, including:
http://www.youtube.com/watch?v=TEXPM2NM_7c

http://www.youtube.com/watch?v=dGCJ46vyR9o&feature=channel

Technology

Cameras: Can be booked via the Library AV (ground floor). They are standard mini-DV
cameras (you can also book a tripod – recommended). You’ll then need to capture the video
into a PC/Mac. Ipad/Iphone may also produce usable video.

Software:
Adobe AfterEffects seems popular. Plenty of others – iMovie for the Mac or iOS, lots of
cheap or free trials for Windows PCs, Microsoft Movie Maker
(http://windows.microsoft.com/en-GB/windows7/products/features/movie-maker)

These will allow the editing of video files, insertion of clips and the creation of music or
voice soundtracks.

If you have video from a camera that does not easily convert to a format which may be used
in an editing programme, contact the unit convenor, who has some software that may do this.

Alternatives:
Camtasia (screen capture – i.e. make a Powerpoint presentation, then
capture the slideshow and add sound)….a v.easy solution, but you need a really good, clear
idea to do it well. Or you can output Keynote or Powerpoint presentations as videos with
some sound running alongside.

Animation – a variety of free animation services are now available. You usually have to
register an account.

 Muvizu (http://www.muvizu.com) has got a bit of interest lately:

http://news.bbc.co.uk/1/hi/programmes/click_online/8885276.stm. It needs a
download and there are multiple tutorial videos on the website.

 Pixton is also quite interesting (http://www.pixton.com) - its basis is comics rather

than video, but they can be animated.

 Powtoon is also quite usable (http://www.powtoon.com/)

What is an e-Portfolio?
https://www.youtube.com/watch?v=xvqBORISA5k

Students discuss e-portfolios

https://youtu.be/3CGC8uAAcgc

https://youtu.be/KOFSrV3QOWM