Information privacy

About: Information privacy is a research topic. Over the lifetime, 25412 publications have been published within this topic receiving 579611 citations. The topic is also known as: data privacy & data protection.

Facebook's Privacy Trainwreck Exposure, Invasion, and Social Convergence

Abstract: Not all Facebook users appreciated the September 2006 launch of the `News Feeds' feature. Concerned about privacy implications, thousands of users vocalized their discontent through the site itself, forcing the company to implement privacy tools. This essay examines the privacy concerns voiced following these events. Because the data made easily visible were already accessible with effort, what disturbed people was primarily the sense of exposure and invasion. In essence, the `privacy trainwreck' that people experienced was the cost of social convergence.

A Multiplicative Weights Mechanism for Privacy-Preserving Data Analysis

Abstract: We consider statistical data analysis in the interactive setting. In this setting a trusted curator maintains a database of sensitive information about individual participants, and releases privacy-preserving answers to queries as they arrive. Our primary contribution is a new differentially private multiplicative weights mechanism for answering a large number of interactive counting (or linear) queries that arrive online and may be adaptively chosen. This is the first mechanism with worst-case accuracy guarantees that can answer large numbers of interactive queries and is {\em efficient} (in terms of the runtime's dependence on the data universe size). The error is asymptotically \emph{optimal} in its dependence on the number of participants, and depends only logarithmically on the number of queries being answered. The running time is nearly {\em linear} in the size of the data universe. As a further contribution, when we relax the utility requirement and require accuracy only for databases drawn from a rich class of databases, we obtain exponential improvements in running time. Even in this relaxed setting we continue to guarantee privacy for {\em any} input database. Only the utility requirement is relaxed. Specifically, we show that when the input database is drawn from a {\em smooth} distribution — a distribution that does not place too much weight on any single data item — accuracy remains as above, and the running time becomes {\em poly-logarithmic} in the data universe size. The main technical contributions are the application of multiplicative weights techniques to the differential privacy setting, a new privacy analysis for the interactive setting, and a technique for reducing data dimensionality for databases drawn from smooth distributions.

Information Privacy: Corporate Management and National Regulation

Abstract: The 1990s have seen a resurgence of interest in information privacy. Public opinion surveys show that many citizens are becoming greatly concerned about threats to their information privacy, with levels of such concern reaching all-time highs. Perhaps as a response to the growing concerns of citizens, the media are devoting more attention to privacy issues, and governmental regulation of the corporate privacy environment is increasing in many countries. Almost all developed countries have grappled with the trade-offs between open access to information--which enables economic efficiency--and an individual's right to privacy. Consistent with these trade-offs, many recent incidents suggest that regulatory approaches to information privacy, corporate management of personal data, and consumer reactions are becoming tightly interwoven around the world. To provide some insights into these relationships, we develop a conceptual model and test it with a cross-cultural sample from 19 different countries.In general, we find that a country's regulatory approach to the corporate management of information privacy is affected by its cultural values and by individuals' information privacy concerns. In addition, as governments become more involved in the corporate management of information privacy, internal management of such issues seems to tighten. This result supports previous observations that most firms take a primarily reactive approach to managing privacy by waiting for an external threat before crafting cohesive policies that confront their information practices. Moreover, when corporations are not perceived to adequately manage information privacy issues, and/or when privacy concerns rise, individuals are more inclined to prefer government intervention and be distrustful of firm self-regulation. As such, citizens may look to lawmakers to enact stricter regulation to reduce their privacy concerns. These findings and several international trends suggest that the self-regulatory model of privacy governance may not be sustainable over the long term.Findings from this research constitute an important contribution to the emerging theoretical base of information privacy research and should be particularly enlightening to those managing information privacy issues. Several directions for future research are also discussed.

PDA: Privacy-Preserving Data Aggregation in Wireless Sensor Networks

Abstract: Providing efficient data aggregation while preserving data privacy is a challenging problem in wireless sensor networks research. In this paper, we present two privacy-preserving data aggregation schemes for additive aggregation functions. The first scheme -cluster-based private data aggregation (CPDA)-leverages clustering protocol and algebraic properties of polynomials. It has the advantage of incurring less communication overhead. The second scheme -Slice-Mix-AggRegaTe (SMART)-builds on slicing techniques and the associative property of addition. It has the advantage of incurring less computation overhead. The goal of our work is to bridge the gap between collaborative data collection by wireless sensor networks and data privacy. We assess the two schemes by privacy-preservation efficacy, communication overhead, and data aggregation accuracy. We present simulation results of our schemes and compare their performance to a typical data aggregation scheme -TAG, where no data privacy protection is provided. Results show the efficacy and efficiency of our schemes. To the best of our knowledge, this paper is among the first on privacy-preserving data aggregation in wireless sensor networks.

Privacy and contextual integrity: framework and applications

Abstract: Contextual integrity is a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Norms can be positive or negative depending on whether they refer to actions that are allowed or disallowed. Our model is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. A number of important problems regarding compliance with privacy norms, future requirements associated with specific actions, and relations between policies and legal standards reduce to standard decision procedures for temporal logic.