Lounge

Personally I would put up a TOS in moodle and since this is a classroom include a lesson on identity theft which is actually stealling someone legal presence and credits history vs online ID.

I would also diagree with this bit

With Moodle we are being encouraged to put our personal thoughts online but to prevent ID theft we are told to reveal as little as possible online.

Don't pass your credit card number,  national ID, home address or mothers maiden name in   public or private forums but those are not personal thoughts.

Ian, I am not a lawyer, but I think you need one.

Sensitive, Identity, Trust, Relationships - these words have fairly technical meanings when we are building software, and completely different implications when applied to interpersonal interactions. Consider how much easier it is to establish a new 'identity' for bureaucratic purposes (after Identity-theft) than it is to rebuild a sense of personhood and significance (say, after long-term spousal abuse).

If you are going to keep away from personally sensitive topics, skip straight to the bottom.

Can you prepare customers to cope with differences between participants in sensitivity about everyday topics? Will you be discussing children (including illegitimate births, infant deaths, miscarriages, lost custody), marital status (including separating, homosexual, violent) or occupation (including conflicts of interest, undeclared income, prostitution)?

Everything we write in Moodle is available to everyone who ever enrols in the same forum, not just the tutors and consultant. You do need to very strongly set participant's expectations about how they must treat each other, and what will happen. If something too vulnerable or hurtful is mentioned, hide it immediately and discuss it with the author offline. Don't trust contractors to do that until they are proven. Your customer's well-being (and your business) are at stake.

A bunch of legislation was passed here, during the last decade, in response to growing public concern about privacy. If your business requests/invites personal information from anyone in my state, you have a legal obligation to comply with National Privacy Principles and state privacy laws. The definition of 'Personal Information' is broad. Taking data across borders triggers special duties. Because you are in another jurisdiction, any sensible user should understand that the local laws are not enforceable against you. Equally, the data is subject to search warrant in your county, and one of my countrymen has been extradited and jailed for purely online activity. There is no form of contract that will reassure us, if your business is registered overseas. However, that hasn't deterred millions of locals from signing up to Facebook.

Passwords, SSL, NDAs, background checks, data handling policies and backup encryption are necessary but well-defined technical measures. You'll certainly have to keep on top of them, but they are not going to be worrying. Good luck!

All good points about security, legality and terms of service agreements. As to how to build trust in an online community I recommend you get some ideas from Stephan Rinke. He gave an excellent presentation in last year's iMoot on several activities that can help folks share and build trust http://twitter.com/#!/stephanrinke