Information privacy

About: Information privacy is a research topic. Over the lifetime, 25412 publications have been published within this topic receiving 579611 citations. The topic is also known as: data privacy & data protection.

Volunteering personal information on the Internet: effects of reputation, privacy initiatives, and reward on online consumer behavior

Abstract: Internet has made it easier for firms to collect consumer information. However, consumers are reluctant to provide personal information or tend to provide false information online because of their concern of the privacy violation risks. Researchers have proposed several instruments to assuage consumers' privacy concern, and to induce them to provide personal information. However, the effectiveness and applicability of these instruments regarding firm's reputation have yet been sufficiently assessed. This study employed a 2*2*2 experimental design to examine the effects of reputation, fair information practices, and reward on the online consumer behavior of volunteering two types of personal information - demographic and personal identifiable information - on the Internet. Theoretical and practical implications of findings were drawn.

Privacy and Utility in Business Processes

Abstract: We propose an abstract model of business processes for the purpose of (i) evaluating privacy policy in light of the goals of the process and (ii) developing automated support for privacy policy compliance and audit. In our model, agents that send and receive tagged personal information are assigned organizational roles and responsibilities. We present approaches and algorithms for determining whether a business process design simultaneously achieves privacy and the goals of the organization (utility). The model also allows us to develop a notion of minimal exposure of personal information, for a given process. We investigate the problem of auditing with inexact information and develop methods to identify a set of potentially culpable individuals when privacy is breached. The audit methods draw on traditional causality concepts to reduce the effort needed to search audit logs for irresponsible actions.

Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2001 U.S. Web Surveys

Abstract: In the United States, Congress has had a long-standing interest in consumer privacy and the extent to which company practices are based on fair information practices. Previously, public policy was largely informed by anecdotal evidence about the effectiveness of industry self-regulatory programs. However, the Internet has made it possible to unobtrusively sample web sites and their privacy disclosures in a way that is not feasible in the offline world. Beginning in 1998, the Federal Trade Commission relied upon a series of three surveys of web sites to assess whether organizations post online privacy disclosures and whether these disclosures represent the U.S. definition of fair information practices. While each year's survey has provided an important snapshot of U.S. web-site practices, there has been no longitudinal analysis of the multiyear trends. This study compares a subset of equivalent individual-level web-site data for the 1998, 1999, 2000, and 2001 web surveys. Implications for using this type o...

Secure system and method for enforcement of privacy policy and protection of confidentiality

Abstract: The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

A game-theoretic approach for achieving k-anonymity in Location Based Services

Abstract: Location Based Service (LBS), although it greatly benefits the daily life of mobile device users, has introduced significant threats to privacy. In an LBS system, even under the protection of pseudonyms, users may become victims of inference attacks, where an adversary reveals a user's real identity and complete moving trajectory with the aid of side information, e.g., accidental identity disclosure through personal encounters. To enhance privacy protection for LBS users, a common approach is to include extra fake location information associated with different pseudonyms, known as dummy users, in normal location reports. Due to the high cost of dummy generation using resource constrained mobile devices, self-interested users may free-ride on others' efforts. The presence of such selfish behaviors may have an adverse effect on privacy protection. In this paper, we study the behaviors of self-interested users in the LBS system from a game-theoretic perspective. We model the distributed dummy user generation as Bayesian games in both static and timing-aware contexts, and analyze the existence and properties of the Bayesian Nash Equilibria for both models. Based on the analysis, we propose a strategy selection algorithm to help users achieve optimized payoffs. Leveraging a beta distribution generalized from real-world location privacy data traces, we perform simulations to assess the privacy protection effectiveness of our approach. The simulation results validate our theoretical analysis for the dummy user generation game models.