Evaluating interfaces for privacy policy rule authoring

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Evaluating interfaces for privacy policy rule authoring

Full text

Pdf (733 KB)

Source

Conference on Human Factors in Computing Systems archive
Proceedings of the SIGCHI conference on Human Factors in computing systems table of contents

Montréal, Québec, Canada

SESSION: Privacy 1 table of contents

Pages: 83 - 92

Year of Publication: 2006

ISBN:1-59593-372-7

Authors

Clare-Marie Karat	IBM T.J. Watson Research Center
John Karat	IBM T.J. Watson Research Center
Carolyn Brodie	IBM T.J. Watson Research Center
Jinjuan Feng	Towson University

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 18, Downloads (12 Months): 157, Citation Count: 9

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1124772.1124787 What is a DOI?

ABSTRACT

Privacy policy rules are often written in organizations by a team of people in different roles. Currently, people in these roles have no technological tools to guide the creation of clear and implementable high-quality privacy policy rules. High-quality privacy rules can be the basis for verifiable automated privacy access decisions. An empirical study was conducted with 36 users who were novices in privacy policy authoring to evaluate the quality of rules created and user satisfaction with two experimental privacy authoring tools and a control condition. Results show that users presented with scenarios were able to author significantly higher quality rules using either the natural language with a privacy rule guide tool or a structured list tool as compared to an unguided natural language control condition. The significant differences in quality were found in both user self-ratings of rule quality and objective quality scores. Users ranked the two experimental tools significantly higher than the control condition. Implications of the research and future research directions are discussed.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Ackerman, M., Darrell, T., and Weitzner, D. Privacy in context, Human Computer Interaction, 2001, 16, 2, 167--176.
	2	Adams, A. and Sasse, A. Privacy in multimedia communications: Protecting users, not just data . In A. Blandford, J. Vanderdonkt & P. Gray {Eds.}: People and Computers XV - Interaction without frontiers. Joint Proceedings of HCI2001 and ICM2001, Springer, Lille, 2001, 49--64.
	3	Altman, I. The Environment and Social Behavior, Privacy, Personal Space, Territory and Crowding. Brooks/Cole Pub. Co., Inc., Monterey, CA, 1975.
	4	Annie I. Anton , Qingfeng He , David L. Baumer, Inside JetBlue's Privacy Policy Violations, IEEE Security and Privacy, v.2 n.6, p.12-18, November 2004 [doi>10.1109/MSP.2004.103]
	5	Ashley, P., Hada, S., Karjoth, G., Powers, C. and Schunter, M.. Enterprise Privacy Architecture Language (EPAL 1.2). W3C Member Submission, 2003, http://www.w3.org/Submission/EPAL/
	6	Edward Ball , David W. Chadwick , Darren Mundy, Patient Privacy in Electronic Prescription Transfer, IEEE Security and Privacy, v.1 n.2, p.77-80, March 2003 [doi>10.1109/MSECP.2003.1193217]
	7	David Baumer , Julia Brande Earp , Fay Cobb Payton, Privacy of medical records: IT implications of HIPAA, ACM SIGCAS Computers and Society, v.30 n.4, p.40-47, December 2000 [doi>10.1145/572260.572261]
	8	Breaux, T.D., and Anton, A.I. Analyzing Goal Semantics for Rights, Permissions, and Obligations. Technical Report #TR-2005-08, North Carolina State University, Department of Computer Science, February 15, 2005.
	9	CRA Conference on Grand Research Challenges in Information Security and Assurance. http://www.cra.org/Activities/grand.challenges/security/. November 16-19, 2003.
	10	Lorrie Faith Cranor , Lawrence Lessig, Web Privacy with P3p, O'Reilly & Associates, Inc., Sebastopol, CA, 2002
	11	Flesch, M. The Art of Readable Writing, MacMillan Publishing, 1949.
	12	Hagen, P. Personalization versus privacy, The Forrester Report, Nov., 2000, 1--19.
	13	Carlos Jensen , Colin Potts, Privacy policies as decision-making tools: an evaluation of online privacy notices, Proceedings of the SIGCHI conference on Human factors in computing systems, p.471-478, April 24-29, 2004, Vienna, Austria [doi>10.1145/985692.985752]
	14	Jupiter Research. Security and Privacy Data, Presentation to the Federal Trade Commission Consumer Information Security Workshop, 2002,Online: http://www.ftc.gov/bcp/workshops/security/020520leathern.pdf
	15	John Karat , Jean Vanderdonekt , Clare-Marie Karat , Jan O. Blom, Designing personalized user experiences in eCommerce, Kluwer Academic Publishers, Norwell, MA, 2004
	16	Clare-Marie Karat , John Karat , Carolyn Brodie, Editorial: why HCI research in privacy and security is critical now, International Journal of Human-Computer Studies, v.63 n.1-2, p.1-4, July 2005 [doi>10.1016/j.ijhcs.2005 04.016]
	17	John Karat , Clare-Marie Karat , Carolyn Brodie , Jinjuan Feng, Privacy in information technology: designing to enable privacy policy management in organizations, International Journal of Human-Computer Studies, v.63 n.1-2, p.153-174, July 2005 [doi>10.1016/j.ijhcs.2005.04.011]
	18	Alfred Kobsa, Personalized hypermedia and international privacy, Communications of the ACM, v.45 n.5, May 2002 [doi>10.1145/506218.506249]
	19	Bradley Malin , Latanya Sweeney, How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems, Journal of Biomedical Informatics, v.37 n.3, p.179-192, June 2004 [doi>10.1016/j.jbi.2004.04.005]
	20	Manny, C.H. European and American privacy: Commerce, rights, and justice. Computer Law and Security Report, 2003, 19, 1, 4--10.
	21	James Bret Michael , Vanessa L. Ong , Neil C. Rowe, Natural-Language Processing Support for Developing Policy-Governed Software Systems, Proceedings of the 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems (TOOLS39), p.263, July 29-August 03, 2001
	22	National Research Council, Who goes there? Authentication through the lens of privacy, National Academies Press, Washington, D.C, 2003.
	23	Mary S. Neff , Roy J. Byrd , Branimir K. Boguraev, The talent system: TEXTRACT architecture and data model, Proceedings of the HLT-NAACL 2003 workshop on Software engineering and architecture of language technology systems, p.1-8, May 31-31, 2003 [doi>10.3115/1119226.1119227]
	24	OASIS, Privacy Policy Profile of XACML draft 01, 2004. http://docs.oasis-open.org/xacml/access_control-xacml-2_0-privacy_profile-spec-cd-01.pdf
	25	OECD, OECD guidelines on the protection of privacy and transborder flows of personal data, 1980, http://www.oecd.org/home/
	26	Office of the Federal Privacy Commissioner of Australia. Privacy and Business , 2000, http://www.privacy.gov.au
	27	Leysia Palen , Paul Dourish, Unpacking "privacy" for a networked world, Proceedings of the SIGCHI conference on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA [doi>10.1145/642611.642635]
	28	Ponemon Institute and IAPP, 2003 Benchmark Study of Corporate Privacy Practices, 2004.
	29	H. Jeff Smith, Privacy policies and practices: inside the organizational maze, Communications of the ACM, v.36 n.12, p.104-122, Dec. 1993 [doi>10.1145/163298.163349]
	30	Warren, S.A. and Brandeis, L.D. The right to privacy, Harvard Business Review, 1890, Dec, 4, 195.
	31	U.S. Fair and Accurate Credit Transaction Act. H.R. 2622, 108th Congress, July 24, 2003.

CITED BY 9

	Carolyn A. Brodie , Clare-Marie Karat , John Karat, An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania
	Nathaniel S. Good , Jens Grossklags , Deirdre K. Mulligan , Joseph A. Konstan, Noticing notice: a large-scale experiment on the timing of software license agreements, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA
	Giovanni Iachello , Jason Hong, End-user privacy in human-computer interaction, Foundations and Trends in Human-Computer Interaction, v.1 n.1, p.1-137, January 2007
	John Karat , Clare-Marie Karat, An Organizational View of Pervasive Computing, Social Science Computer Review, v.26 n.1, p.13-19, February 2008
	Philip Inglesant , M. Angela Sasse , David Chadwick , Lei Lei Shi, Expressions of expertness: the virtuous circle of natural language for access control policy specification, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
	Peter Tarasewich , Jun Gong , Fiona Fui-Hoon Nah , David Dewester, Mobile interaction design: Integrating individual and organizational perspectives, Information-Knowledge-Systems Management, v.7 n.1,2, p.121-144, April 2008
	Kami Vaniea , Clare-Marie Karat , Joshua B. Gross , John Karat , Carolyn Brodie, Evaluating assistance of natural language policy authoring, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
	John Karat , Winston Sieck , Timothy J. Norman , Clare-Marie Karat , Carolyn Brodie , Louise Rasmussen , Katia Sycara, A framework for culturally adaptive policy management in ad hoc collaborative contexts, Proceeding of the 2009 international workshop on Intercultural collaboration, February 20-21, 2009, Palo Alto, California, USA
	Richard Chow , Ian Oberst , Jessica Staddon, Sanitization's slippery slope: the design and study of a text revision assistant, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California