Examining Internet Privacy Policies Within the Context of User Privacy Values
232
Citation
42
Reference
10
Related Paper
Citation Trend
Abstract:
Internet privacy policies describe an organization's practices on data collection, use, and disclosure. These privacy policies both protect the organization and signal integrity commitment to site visitors. Consumers use the stated website policies to guide browsing and transaction decisions. This paper compares the classes of privacy protection goals (which express desired protection of consumer privacy rights) and vulnerabilities (which potentially threaten consumer privacy) with consumer privacy values. For this study, we looked at privacy policies from nearly 50 websites and surveyed over 1000 Internet users. We examined Internet users' major expectations about website privacy and revealed a notable discrepancy between what privacy policies are currently stating and what users deem most significant. Our findings suggest several implications to privacy managers and software project managers. Results from this study can help managers determine the kinds of policies needed to both satisfy user values and ensure privacy-aware website development efforts.Keywords:
Privacy software
Consumer privacy
The twenty-first century globalized world is characterized by an explosive and exponential growth of data and information that is generated from diverse heterogeneous sources and stored in various formats about all kinds of human endeavour for use in decision making and policy formulation. With this phenomenal growth in information comes with it privacy concerns which have legal implications. This research seeks to comprehensively review critical issues in information privacy, defining key terms like Information, Privacy, Personally Identifiable Information and Expectation of Privacy, this paper will also examine types of personally identifiable information that come under privacy concerns, privacy on the internet, categories of technology to address privacy protection in commercial information technology systems such as: P3P, and XACML. Privacy-enhancing technologies, privacy and the internet, areas of privacy, data and privacy laws of Nigeria and other countries and industry-standard information security requirements and frameworks like the Sarbanes-Oxley law (SOX), privacy issues of social networking sites will all be looked into, so as to broaden our knowledge on information privacy issues. Keywords: Information privacy, P3P, XACML, Sarbanes-Oxley law.
Privacy software
XACML
Cite
Citations (0)
Privacy enforcement has been one of the most important challenges in IT area. Current privacy practices within companies and organizations, e.g. enabling a P3P compliant policy, incorporating a privacy seal program, etc., cannot truly protect consumer privacy. Privacy protection can only be achieved by enforcing privacy policies within an organizations online and offline data processing systems. Traditional security models are more or less inappropriate for enforcing basic privacy requirements, such as purpose binding. This paper proposes an extended role-based access control (RBAC) model, called Privacy-Aware Role-Based Access Control (PARBAC) model, for enforcing privacy policies within an organization. The PARBAC model combines RBAC, Domain-Type Enforcement, and privacy protection by modeling business purposes and data policies. Consented consumer privacy preferences are recorded as data policies, which govern how to use actual consumer data. One of the key elements in a privacy policy is purpose. The actual purpose of a business operation to consumer data must be consistent with the purpose consented by the consumer. This is the so-called purpose binding privacy requirement. This paper focuses on enforcing this requirement. Privacy enforcement mechanism with the PARBAC model is then discussed and a privacy scenario is illustrated to describe its application.
Privacy software
Consumer privacy
Cite
Citations (31)
As more information is collected, shared, and mined, the need to understand and manage information privacy has become a necessity for information professionals. Governments across the globe have enacted information privacy laws. These laws continue to evolve and the information privacy protections that have been established differ by country. A basic understanding of privacy law, information privacy approaches, and information security controls is essential for information professionals to properly manage private/personally identifiable information (PII) in differing capacities in libraries, academic institutions, corporations, hospitals, and state and federal agencies. Understanding and knowledge of applicable privacy laws and the ability to write privacy policies and procedures for the proper handling of PII are crucial skills for librarians and other information managers. Information Privacy Fundamentals for Librarians and Information Professionals is tailored to the needs of librarians and information professionals. It introduces library and information professionals to information privacy, provides an overview of information privacy in the library and information science context, U.S. privacy laws by sector, information privacy policy, and key considerations when planning and creating a privacy program.
Cite
Citations (7)
Individuals are becoming increasingly concerned regarding the protection of their personal information. In an attempt to ease the privacy concerns of individuals, organisations publish privacy policies, promising how they will handle personal information. However, privacy policies as such do not guarantee the protection of personal information and do not offer much customisation on an individual level. Individual privacy contracts are proposed as a solution to this problem. A privacy contract constitutes a legal base on which to contest privacy breaches, should any occur. Every data subject has to enter into a privacy contract (consisting of privacy agreements) with the data controller, otherwise no transactions can be performed between the two parties. A data subject must consent to a privacy agreement before the data controller can use the data of the transaction associated with the agreement. This paper presents the principles and a conceptual view of the management of privacy contracts.
Privacy software
Publication
CONTEST
Cite
Citations (15)
The author reviews 2002 developments in privacy and e-commerce, and concludes by arguing that a framework of fair information principles should govern the collection, maintenance, and dissemination of personal information. Proposed online privacy, computer security, and student privacy legislation is reviewed. The role of the Federal Trade Commission in handling privacy complaints is analyzed, and the author finds that the agency tends only to take action in cases with strong merits or where children's privacy is involved. The agency tends not to levy monetary fines for privacy violations, unless children's privacy is involved. The author reviews two landmark privacy lawsuits, Trans Union v. FTC and IRSG v. FTC, and the status of several privacy issues, including the role of self-regulation, consumer profiling, national identification, wireless privacy, digital rights management, authentication systems, and customer proprietary network information.
Privacy software
Consumer privacy
Cite
Citations (0)
Abstract The advent of information technologies has raised public concern regarding privacy, as documented by the results of several surveys. Although extensive, online privacy statements seldom provide explicit reassurance that consumer information will be kept confidential and will not be exploited. This research examines these privacy statements to determine their overall utility. We evaluate the overall efficacy of privacy statements and focus on the language, format, privacy reassurances, complexity of legal and technical terms, and perceived statement credibility. A content analysis of privacy statements reveals that privacy statements do not always protect customer interests as much as they serve as legal safeguards for the companies involved.
Privacy software
Consumer privacy
Statement (logic)
Cite
Citations (47)
In the U.S., there is no comprehensive national law regulating the collection and use of personal information. As a response to the high level of privacy concerns among U.S. citizens and the currently limited regulations, states have enacted their own privacy laws over and above the principles of Fair Information Practices (FIP). In this exploratory study, we draw upon the privacy literature and the Restricted Access/Limited Control (RALC) theory of privacy to study the privacy concerns phenomenon with a multilevel theoretical lens. We introduce and test three novel propositions pertaining to the impact of state level privacy regulations on privacy concerns. This combines consideration of individual differences as well as state level factors in predicting individuals’ Internet privacy concerns. Overall, the results provide support for the role of state level privacy regulations in mitigating individuals’ privacy concerns. We discuss the results, theoretical contributions, policy implications, and future research. Disciplines Information Security | Management Information Systems | Privacy Law
Privacy software
Cite
Citations (0)
Recently, the concern and significance about the privacy protection for Internet users are increased as many incidents of privacy violation have been occurred. Regarding the privacy problem, there are a few traditional privacy protection schemes. One of them is setting privacy policies of users' private information. P3P, EPAL and XACML are famous examples of that kind of privacy protection methods which requires presetting of privacy policy. However, there are three problems. First, privacy policy setting is difficult to users who have no knowledge of privacy policy and how to use of the methods. Second, it is impossible to define the privacy policies considering all cases. Lastly, privacy policy setting without considering the privacy-related consequences may cause privacy violations. In this paper, we propose a usability enhanced privacy protection system based on users' responses. The proposed system uses the users' responses to measure and reflect their privacy preferences. Moreover, the system considers data sensitivities to notice the expected privacy- related consequences when users allow release of their sensitive personal information.
XACML
Privacy software
Privacy Protection
Private information retrieval
Cite
Citations (6)
Internet privacy policies describe an organization's practices on data collection, use, and disclosure. These privacy policies both protect the organization and signal integrity commitment to site visitors. Consumers use the stated website policies to guide browsing and transaction decisions. This paper compares the classes of privacy protection goals (which express desired protection of consumer privacy rights) and vulnerabilities (which potentially threaten consumer privacy) with consumer privacy values. For this study, we looked at privacy policies from nearly 50 websites and surveyed over 1000 Internet users. We examined Internet users' major expectations about website privacy and revealed a notable discrepancy between what privacy policies are currently stating and what users deem most significant. Our findings suggest several implications to privacy managers and software project managers. Results from this study can help managers determine the kinds of policies needed to both satisfy user values and ensure privacy-aware website development efforts.
Privacy software
Consumer privacy
Cite
Citations (232)
This is the full text of Chapter 6 (Online Privacy) from Federal Trade Commission Privacy Law and Policy (Cambridge University Press 2016). This chapter introduces the reader to the Federal Trade Commission's (FTC) historical and modern approaches to consumer privacy law.This chapter explains basic principles of privacy law, including fair information practices, which form the building blocks of most privacy protections. It describes the cases and the landscape of FTC law on online privacy. Then it shifts to present half a dozen controversies critical to the FTC’s privacy stance: the dominance of rational choice theory approaches and their deficits, the third party problem in privacy, self-regulation in consumer protection, default choices, the consumer protection problems implicated by the rise of internet platforms, and finally, privacy by design. Other chapters in the book focus on children's privacy, spam, telemarketing, malware, financial privacy, information security, and international privacy.
Consumer privacy
Privacy software
Dominance (genetics)
Cite
Citations (0)