Abstract
As information technology continues to spread, we believe that there will be an increasing awareness of a fundamental need to seriously consider privacy concerns, and that doing so will require an understanding of policies that govern information use accompanied by development of technologies that can implement such policies. The research reported here describes our efforts to design a system which facilitates effective privacy policy authoring, implementation, and compliance monitoring. We employed a variety of user-centered design methods with 109 target users across the four steps of the research reported here. This case study highlights our work to iteratively design and validate a prototype with target users, and presents a laboratory evaluation aimed at providing early support for specific design decisions to meet the needs of providing flexible privacy enabling technologies. This paper highlights our work to include natural language and structured entry methods for policy authoring.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ackerman, M., Darrell, T., Weitzner, D.: Privacy in context. Human Computer Interaction 16(2), 167–176 (2001)
Adams, A., Sasse, A.: Privacy in Multimedia Communications: Protecting Users, Not Just Data. In: Blandford, A., Vanderdonkt, J., Gray, P. (eds.) People and Computers XV - Interaction without frontiers. Joint Proceedings of HCI 2001 and ICM 2001, Lille, September 2001, pp. 49–64. Springer, Heidelberg (2001)
Altman, I.: The Environment and Social Behavior, Privacy, Personal Space, Territory and Crowding. Brooks/Cole Pub. Co., Inc, Monterey (1975)
Anton, A., He, Q., Baumer, D.: The complexity underlying JetBlue’s privacy policy violations. In: IEEE Security & Privacy (August/September 2004)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Architecture Language (EPAL 1.2). W3C Member Submission (November 10, 2003), http://www.w3.org/Submission/EPAL/
Ball, E.: Patient privacy in electronic prescription transfer. IEEE Security and Privacy 1(2), 77–80 (2003)
Baumer, D., Earp, J.B., Payton, F.C.: Privacy in medical records: IT implications of HIPAA. Computers and Society, 40–47 (December 2000)
CRA Conference on Grand Research Challenges in Information Security and Assurance. November 16-19 (2003) http://www.cra.org/Activities/grand.challenges/security/
Cranor, L.: Web Privacy with P3P. O’Reilly, Cambridge (2002)
Hagen, P.: Personalization versus privacy. The Forrester Report, 1-19 (November 2000)
Jensen, C., Potts, C.: Privacy polices as decision-making tools: An evaluation of online privacy notices. In: CHI 2004, pp. 471–478 (2004)
Karat, C., Brodie, C., Karat, J., Vergo, J., Alpert, S.: Personalizing the user experience on ibm.com. IBM Systems Journal 42(4), 686–701 (2003)
Kobsa, A.: Personalized hypermedia and international privacy. Communications of the ACM 45(5), 64–67
Manny, C.H.: European and American privacy: Commerce, rights, and justice. Computer Law and Security Report 19(1), 4–10 (2003)
National Research Council, Who goes there? Authentication through the lens of privacy. National Academies Press, Washington (2003)
OECD (1980), OECD guidelines on the protection of privacy and transborder flows of personal data, http://www.oecd.org/home
Office of the Federal Privacy Commissioner of Australia (2000). Privacy and Business (2000), http://www.privacy.gov.au
Palen, L., Dourish, P.: Unpacking ‘privacy’ for a networked world. In: CHI 2002, pp. 129–136 (2002)
Ponemon Institute and IAPP, 2003 benchmark study of corporate privacy practices (2004)
Senior, A., Pankanti, S., Hampapur, A., Brown, L., Tian, Y., Ekin, A.: Blinkering Surveillance: Enabling Video Privacy through Computer Vision. IEEE Security and Privacy (2004) (in press)
Smith, J.: Privacy policies and practices: Inside the organizational maze. Communications of the ACM 36(12), 105–122 (1993)
U.S. Fair and Accurate Credit Transaction Act (2003), H.R. 2622, 108th Congress (July 24, 2003)
Warren, S.A., Brandeis, L.D.: The right to privacy. Harvard Business Review 4, 195 (1890)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Karat, J., Karat, CM., Brodie, C., Feng, J. (2005). Designing Natural Language and Structured Entry Methods for Privacy Policy Authoring. In: Costabile, M.F., Paternò, F. (eds) Human-Computer Interaction - INTERACT 2005. INTERACT 2005. Lecture Notes in Computer Science, vol 3585. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11555261_54
Download citation
DOI: https://doi.org/10.1007/11555261_54
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28943-2
Online ISBN: 978-3-540-31722-7
eBook Packages: Computer ScienceComputer Science (R0)