The effect of online privacy policy on consumer privacy concern and trust

This study aims to investigate trust and privacy concerns related to the willingness to provide personal information online under the influence of cross-cultural effects. This study investigated the relationships among the content of online privacy statements, consumer trust, privacy concerns, and the moderating effect of different cultural backgrounds of the respondents. In specific, this study developed a proposed model based on Privacy–Trust–Behavioral Intention model. Further, a total of 500 participants participated in the survey, including 250 from Russia and 250 from Taiwan. The findings indicate a significant relationship between the content of privacy policies and privacy concern/trust; willingness to provide personal information and privacy concern/trust; privacy concern and trust. The cross-cultural effect on the relationships between the content of privacy policies and privacy concern/trust was also found significant.     

Analyzing Regulatory Rules for Privacy and Security Requirements

Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These "rules" are often precursors to software requirements that must undergo considerable refinement and analysis before they become implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology for directly extracting access rights and obligations from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures. We present results from applying this methodology to the entire regulation text of the US Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.     

Building an Effective Privacy Program

Abstract

Privacy and trust are essential to maintaining good relationships with customers, employees, and business partners. It is also necessary to address privacy issues to comply with a growing number of privacy regulations worldwide. Privacy encompasses how business must be conducted, the communications made with customers and consumers, and the technology that enables business processes. Addressing privacy touches all facets of an organization, including business operations, Web sites and services, back-end systems and databases, communications with third parties, customers, and service providers, and legacy systems. An effective privacy governance program will not only make your customers happier, but it will also mitigate your exposure to regulatory noncompliance, lawsuits, bad publicity, and government investigations. This article discusses the issues to address when building a privacy governance program.     

Privacy,trust and control: Which relationships with online self-disclosure?

A number of studies have examined the relationship between privacy concerns, perceived control over information, trust and online self-disclosure, highlighting different points of view to understand this connection. This paper intends to compare these different models of explanation for self-disclosure behaviors in online social networks. Three different hypotheses are verified, using mediation and moderation analyses. The results allow underling the effect of the interaction between privacy concerns and trust on online self-disclosure, along with the absence of a direct influence of privacy concerns on disclosure itself. The results suggest practical implications for online social network providers, most of all with regard to privacy policies in online environments.     

社交网络中用户隐私推理与保护研究综述

如今微博和Twitter等社交网络平台被广泛地用于交流、创建在线社区并进行社交活动。用户所发布的内容可以被推理出大量隐私信息,这导致社交网络中针对用户的隐私推理技术的兴起。利用用户的文本内容及在线行为等知识可以对用户进行推理攻击,社交关系推理和属性推理是对社交网络用户隐私的两种基本攻击。针对推理攻击保护机制和方法的研究也在日益增加,对隐私推理和保护技术相关的研究和文献进行了分类并总结,最后进行了探讨和展望。     

Examining Usability of Web Privacy Policies

Three studies examined (a) the amount and types of personal information requested by Web sites from seven different categories, (b) the goals and readability of existing privacy policies for four categories of sites, and (c) users' comprehension and perceptions of privacy policies. Study 1 showed that different amounts of personal information were requested by Web sites, even within the same category. Content and readability analyses of 100 privacy policies in Study 2 showed that policies tended to be high on both privacy protection and vulnerability goals or low on both. The policies were also written at a reading level corresponding to 13 years of education. Study 3 showed, though, that even college students have poor comprehension of the content of privacy policies. The students perceived longer policies that included many privacy goals as providing better assurance of privacy than shorter policies that included fewer goals. From a usability perspective, there is considerable room for improvement in the design of organizations' Web sites with respect to the amount and types of person information solicited and the implementation of privacy policies.     

When changing the look of privacy policies affects user trust: An experimental study

The majority of Internet users do not read privacy policies because of their lengthy verbose format, although they are still the main source of information for users about how their data are collected and used. Consequently, as shown by many studies, users do not trust online services with respect to the use of their private data. Furthermore, they find it unfair that their data are used to generate revenue by online services without their knowledge or without their benefit from this.In this paper, we take as main assumption that the control of their private data and also caring about their interests would restore the trust of users. Based on an empirical model, we conducted an experimental comparative study of user trust by offering to two groups of participants the possibility to adhere to a service with a privacy policy presented in one of two different formats: the first, a conventional privacy policy and the second, designed according to the privacy policy model studied in this paper.We collected, through a survey, 717 responses from participants. The results show that allowing personalization and management in privacy policies affects user trust and makes online services appear more trustworthy to their users.     

A user-centric evaluation of the readability of privacy policies in popular web sites

This paper reports on a formal subject-based experiment, which seeks to evaluate the readability of privacy policy statements found on the Internet. This experiment uses 50 participants and privacy policies collected from 10 of the most popular web sites on the Internet. It evaluates, using a cloze test, the subjects’ ability to comprehend the content of these privacy policies. The paper also compares its results with the results from previous studies on this topic. In general, it finds that privacy policies are “difficult” to comprehend.     

Commitment analysis to operationalize software requirements from privacy policies

Online privacy policies describe organizations’ privacy practices for collecting, storing, using, and protecting consumers’ personal information. Users need to understand these policies in order to know how their personal information is being collected, stored, used, and protected. Organizations need to ensure that the commitments they express in their privacy policies reflect their actual business practices, especially in the United States where the Federal Trade Commission regulates fair business practices. Requirements engineers need to understand the privacy policies to know the privacy practices with which the software must comply and to ensure that the commitments expressed in these privacy policies are incorporated into the software requirements. In this paper, we present a methodology for obtaining requirements from privacy policies based on our theory of commitments, privileges, and rights, which was developed through a grounded theory approach. This methodology was developed from a case study in which we derived software requirements from seventeen healthcare privacy policies. We found that legal-based approaches do not provide sufficient coverage of privacy requirements because privacy policies focus primarily on procedural practices rather than legal practices.     

Control your Facebook: An analysis of online privacy literacy

For an effective and responsible communication on social network sites (SNSs) users must decide between withholding and disclosing personal information. For this so-called privacy regulation, users need to have the respective skills—in other words, they need to have online privacy literacy. In this study, we discuss factors that potentially contribute to and result from online privacy literacy. In an online questionnaire with 630 Facebook users, we found that people who spend more time on Facebook and who have changed their privacy settings more frequently reported to have more online privacy literacy. People with more online privacy literacy, in turn, felt more secure on Facebook and implemented more social privacy settings. A mediation analysis showed that time spend on Facebook and experience with privacy regulation did not per se increase safety and privacy behavior directly, stressing the importance of online privacy literacy as a mediator to a safe and privacy-enhancing online behavior. We conclude that Internet experience leads to more online privacy literacy, which fosters a more cautious privacy behavior on SNSs.     

融合语义依存关联对的句子相似度的负面在线评论案例推理

及时有效地处理负面在线评论能提高企业的声誉和维护消费者对企业的信任,而面对大量的负面在线评论,企业很难在短期内及时有效回复.根据在线评论是短文本的特点,运用基于句子相似度的负面在线评论进行案例推理处理.针对负面在线评论句子相似度计算问题,抽取句子中评价对象词和评价词作为关键词,同时考虑评价词的修饰词和句子语义依存关联对.除提出的关键词、修饰词、语义依存分析关联对三个特征外,再融入句子中的公共词、语义等两个特征,提出一种融合公共词、关键词、修饰词、语义、语义依存分析关联对等五个特征的句子相似度计算方法,检索相似负面评论句子的案例.通过实验验证,融入多特征的句子相似度计算优于常见句子相似度计算方法,其准确率为83.3％,有效地检索案例句子集并自动推荐回复方案.     

Do security and privacy policies in B2B and B2C e-commerce differ? A comparative study using content analysis

Security and privacy policies address consumer concerns related to security and privacy in e-commerce websites. As these policies represent only the vendor’s perspective, often there exists a mismatch between the stated and desired policy. Based on transaction cost theory, we speculate that business-to-business (B2B) and business-to-consumer (B2C) e-commerce customers use their transaction cost savings in order to obtain varying levels of security and privacy. These differences are bound to be reflected in the security and privacy policies of e-commerce companies. Therefore, in this paper, we perform a comparative content analysis of the security and privacy policies in B2C and B2B e-commerce. Results show that B2B vendors are more concerned about security than their B2C counterparts, while B2C vendors are anxious about intimacy and restriction privacy. Our findings have important implications for e-commerce consumers and vendors as individual and corporate consumers have varying concerns while transacting online. Individual consumers are concerned about maintaining security and intimacy privacy, whereas corporate users are anxious about regulatory issues. Therefore, B2C vendors should incorporate stringent measures dedicated to confidentiality and protection of consumer data as well as enhance intimacy privacy in their security policies, while their B2B counterparts should focus on enhancing restriction privacy.     

A dynamic logic for privacy compliance

Knowledge based privacy policies are more declarative than traditional action based ones, because they specify only what is permitted or forbidden to know, and leave the derivation of the permitted actions to a security monitor. This inference problem is already non trivial with a static privacy policy, and becomes challenging when privacy policies can change over time. We therefore introduce a dynamic modal logic that permits not only to reason about permitted and forbidden knowledge to derive the permitted actions, but also to represent explicitly the declarative privacy policies together with their dynamics. The logic can be used to check both regulatory and behavioral compliance, respectively by checking that the permissions and obligations set up by the security monitor of an organization are not in conflict with the privacy policies, and by checking that these obligations are indeed enforced.     

Improving Customer Retention in E-Commerce through a Secure and Privacy-Enhanced Loyalty System

Loyalty systems provide an interesting possibility for vendors in customer relationship management. This holds for both real world and online vendors. Many vendors apply loyalty systems to collect customer-specific data that may be exploited for many reasons, e.g., price discrimination and direct marketing. As a consequence, beside some potential benefits of a loyalty system, customers may also fear an invasion of privacy, and thus often refuse to participate in such programs. Thus, a vendor may have problems to turn privacy sensitive people into loyal customers using a typical loyalty system. In this paper, we present two variants of a privacy-friendly loyalty system to be used by online vendors for issuing loyalty points. The systems prevent vendors from exploiting data for the creation of customer profiles by providing unconditional unlinkability of loyalty points with regard to purchases. We propose a simple token-based approach and a counter-based approach which is much more efficient while preserving the privacy and security properties. Furthermore, the counter-based loyalty system prevents pooling of loyalty points which were issued to distinct customers. Matthias Enzmann received his diploma in computer science from the Technical University of Darmstadt, Germany, in 1999. In 1996, he started working with the TKT institute of GMD - German National Research Centre for Information Technology GmbH which in 2001 became Fraunhofer Institute for Secure Telecooperation due to the merger of GMD and Fraunhofer Gesellschaft. Since 1999 he holds the position of a regular researcher at Fraunhofer SIT. Currently, his research interests focus on privacy protection in electronic business processes, agent based mediation, and pseudonym systems. Markus Schneider received his diploma in electrical engineering with specialization on communications engineering. Afterwards, he started to work in the area of information and communication security and received his Doctor degree in electrical engineering. Currently, he is with the Fraunhofer Institute for Secure Telecooperation (SIT) in Darmstadt, Germany. His research interests include the development and application of security technologies in communications, and security and privacy issues in electronic business processes.     

Musag an agent that learns what you mean

This article presents a system that carries out highly effective searches over collections of textual information, such as those found on the Internet. The system is made up of two major parts. The first part consists of an agent, Musag, that learns to relate concepts that are semantically ''similar'' to one another. In other words, this agent dynamically builds a dictionary of expressions for a given concept that captures the words people have in mind when mentioning the specific concept. We aim at achieving this by learning from the context in which these words appear. The second part consists of another agent, Sag, which is responsible for retrieving documents, given a set of keywords with relative weights. This retrieval makes use of the dictionary learned by Musag, in the sense that the documents to be retrieved for a query are related to the concept given according to the context of previously scanned documents. In this way, we overcome two main problems with current text search engines, which are largely based on syntactic methods. One problem is that the keyword given in the query might have ambiguous meaning, leading to the retrieval of documents not related to the topic requested. The second problem concerns relevant documents that will not be recommended to the user, since they did not include the specific keyword mentioned in the query. Using context learning methods, we will be able to retrieve such documents if they include other words, learned by Musag, that are related to the main concept. We describe the agents'system architecture, along with the nature of their interactions. We describe our learning and search algorithms and present results from experiments performed on specific concepts. We also discuss the notion of ''cost of learning'' and how it influences the learning process and the quality of the dictionary at any given time.     

Librarian Participation in the Online Classroom

SUMMARY

As distance education courses increasingly move to the online environment, librarians are discovering new challenges and opportunities for reaching distant students. Collaboration with faculty is essential in reaching students who may never enter the library building. One such method of collaboration is librarian participation in online courses through “lurking” in Blackboard and Desire2Learn classrooms and monitoring discussion threads devoted to library research. Advantages such as improved access to students, course content, and assessment data are discussed, as are disadvantages, such as time commitment, varying expectations, and privacy issues. Considerations for librarians interested in “lurking” are outlined.     

A privacy-preserving multi-keyword ranked retrieval scheme in cloud computing

ABSTRACT

Big data and cloud computing could bring security problems. In order to ensure data security and user privacy, people would choose to store data in the cloud with ciphertext. How to search data efficiently and comprehensively without decryption has become the focus of this paper. In this paper, we propose an efficient privacy protection scheme. In this scheme, Elliptic Curve Cryptography (ECC) is adopted to encrypt the data. It can reduce the computing cost of encryption and decryption uploading the encrypted files and indexes to the cloud server. Then it can authorize users to generate trap door using hash conflict function, and send it to Cloud Service Provider (CSP) for searching for matched ciphertext. The CSP uses the Apriori algorithm to extend keywords and search index to match the ciphertext. In this paper, we will use the Apriori algorithm to extend the keywords’ semantics, match the index list based on these keywords, and return the requested file-set which is more consistent with the user’s search. Experiments show that compared with traditional methods, files can be encrypted, decrypted, and recovered more quickly when we use this method. It can also ensure the privacy of data and reduce the communication overhead.     

KEYWORD EXTRACTION STRATEGY FOR ITEM BANKS TEXT CATEGORIZATION

We proposed a feature selection approach, Patterned Keyword in Phrase ( PKIP ), to text categorization for item banks. The item bank is a collection of textual question items that are short sentences. Each sentence does not contain enough relevant words for directly categorizing by the traditional approaches such as "bag-of-words." Therefore, PKIP was designed to categorize such question item using only available keywords and their patterns. PKIP identifies the appropriate keywords by computing the weight of all words. In this paper, two keyword selection strategies are suggested to ensure the categorization accuracy of PKIP. PKIP was implemented and tested with the item bank of Thai high primary mathematics questions. The test results have proved that PKIP is able to categorize the question items correctly and the two keyword selection strategies can extract the very informative keywords.     

APPCorp: a corpus for Android privacy policy document structure analysis

With the increasing popularity of mobile devices and the wide adoption of mobile Apps, an increasing concern of privacy issues is raised. Privacy policy is identified as a proper medium to indicate the legal terms, such as the general data protection regulation (GDPR), and to bind legal agreement between service providers and users. However, privacy policies are usually long and vague for end users to read and understand. It is thus important to be able to automatically analyze the document structures of privacy policies to assist user understanding. In this work we create a manually labelled corpus containing 231 privacy policies (of more than 566,000 words and 7,748 annotated paragraphs). We benchmark our data corpus with 3 document classification models and achieve more than 82% on F1-score.