Abstract
Personal data is increasingly collected and used by companies to tailor services to users, and to make financial, employment, and health-related decisions about individuals. When personal data is inappropriately collected or misused, however, individuals may experience violations of their privacy. Historically, government regulators have relied on the concept of risk in energy, aviation and medicine, among other domains, to determine the extent to which products and services may harm the public. To address privacy concerns in government-controlled information technology, government agencies are advocating to adapt similar risk management frameworks to privacy. Despite the recent shift toward a risk-managed approach for privacy, to our knowledge, there are no empirical methods to determine which personal data are most at-risk and which contextual factors increase or decrease that risk. To this end, we introduce an empirical framework in this article that consists of factorial vignette surveys that can be used to measure the effect of different factors and their levels on privacy risk. We report a series of experiments to measure perceived privacy risk using the proposed framework, which are based on expressed preferences, and which we define as an individual's willingness to share their personal data with others given the likelihood of a potential privacy harm. These experiments control for one or more of the six factors affecting an individual's willingness to share their information: data type, computer type, data purpose, privacy harm, harm likelihood, and individual demographic factors, such as age range, gender, education level, ethnicity, and household income. To measure likelihood, we introduce and evaluate a new likelihood scale based on construal level theory in psychology. The scale frames individual attitudes about risk likelihood based on social and physical distance to the privacy harm. The findings include predictions about the extent to which the above factors correspond to risk acceptance, including that perceived risk is lower for induced disclosure harms when compared to surveillance and insecurity harms as defined in Solove's Taxonomy of Privacy. We also found that participants are more willing to share their information when they perceive the benefits of sharing. In addition, we found that likelihood was not a multiplicative factor in computing privacy risk perception, which challenges conventional theories of privacy risk in the privacy and security community.
- A. Acquisti and J. Grossklags. 2005. Privacy and rationality in individual decision making. IEEE Security and Privacy 3, 1 (2005), 26--33. Google ScholarDigital Library
- A. Acquisti and J. Grossklags. 2013. An online survey experiment on ambiguity and privacy. Communications 8 Strategies 88, 4 (2013), 19--39.Google Scholar
- A. Acquisti, L. K. John, and G. Lowestein. 2013. What is the price of privacy. Journal of Legal Studies 42, 2, Article 1 (2013).Google Scholar
- A. Acquisti, I. Adjerid, R. Balebako, L. Brandimarte, L. Cranor, S. Komanduri, P. Leon, N. Sadeh, F. Schaub, M. Sleeper, Y. Wang, and S. Wilson. 2017. Nudges for privacy and security: Understanding and assisting users’ choices online. ACM Computing Surveys 50, 3, Article 44 (2017). Available at SSRN: https://ssrn.com/abstract=2859227. Google ScholarDigital Library
- K. Auspurg and T. Hinz. 2014. Factorial Survey Experiments, vol. 175. SAGE Publications.Google Scholar
- K. Barton. 2014. MuMIn: Multi-model Inference, R Package, 1.10.2014.Google Scholar
- D. Bates, M. Maechler, B. Bolker, and S. Walker. 2015. Fitting linear mixed-effects models using lme4. Journal of Statistical Software 67, 1 (2015), 1--48.Google ScholarCross Ref
- R. A. Bauer. 1960. Consumer behavior as risk-taking. In Dynamic Marketing for Changing World. American Marketing Association, Chicago, 389.Google Scholar
- B. Berendt, O. Günther, and S. Spiekermann. 2005. Privacy in e-commerce: Stated preferences vs. actual behavior. Communications of the ACM 48, 4 (2005), 101--106. Google ScholarDigital Library
- J. Bhatia, T. D. Breaux, J. R. Reidenberg, and T. B. Norton. 2016a. A Theory of vagueness and privacy risk perception. In Proceedings of the IEEE 24th International Requirements Engineering Conference (RE’16).Google Scholar
- J. Bhatia, T. D. Breaux, L. Friedberg, H. Hibshi, and D. Smullen. 2016b. Privacy risk in cybersecurity data sharing. In Proceedings of ACM 3rd International Workshop on Information Sharing and Collaborative Security (WISCS). Vienna, Austria, 57--64. Google ScholarDigital Library
- S. Brooks, M. Garcia, N. Lefkovitz, S. Lightman, and E. Nadeau. 2017. An Introduction to Privacy Engineering and Risk Management in Federal Systems. Internal Report 8062, National Institute of Standards and Technology.Google Scholar
- M. D. Buhrmester, T. Kwang, and S. D. Gosling. 2011. Amazon's mechanical Turk: A new source of inexpensive, yet high-quality, data? Perspectives on Psychological Science 3, 6 (2011), 13--5.Google Scholar
- G. Charness, U. Gneezy, and M. A. Kuhn. 2012. Experimental methods: Between-subject and within-subject design. Journal of Economic Behavior 8 Organization 81, 1 (2012), 1--8.Google ScholarCross Ref
- P. Cichonski, T. Millar, T. Grance, and K. Scarfone. 2012. Computer Security Incident Handling Guide. Recommendations of the National Institute of Standards and Technology, 800-61. Revision 2. NIST Special Publication, 79.Google Scholar
- L. A. Clark and D. Watson. 1995. Constructing validity: Basic issues in objective scale development. Psychological Assessment 7, 3 (1995), 309--319.Google ScholarCross Ref
- J. Cortina and H. Nouri. 2000. Effect Size for ANOVA Designs. Sage Publications.Google Scholar
- J. Creswell. 2014. Research Design: Qualitative, Quantitative, and Mixed Methods Approaches. SAGE Publications.Google Scholar
- Tamara Dinev, Allen R. McConnell, and H. Jeff Smith. 2015. Research commentary—Informing privacy research through information systems, psychology, and behavioral economics: Thinking outside the “APCO” box. Information Systems Research 26, 4 (2015), 639--655. Google ScholarDigital Library
- Daniel Ellsberg. 1961. Risk, ambiguity, and the savage axioms. Quarterly Journal of Economics 75, 4 (1961), 643--669.Google ScholarCross Ref
- W. J. Everton, P. M. Mastrangelo, and J. A. Jolton. 2005. Personality correlates of employee's use of work computers. Cyber Psychology and Behavior 8 (2005), 143--153.Google ScholarCross Ref
- F. Faul, E. Erdfelder, A.-G. Lang, and A. Buchner. 2007. G* Power 3: A flexible statistical power analysis program for the social, behavioral, and biomedical sciences. Behavior Research Methods 39, 2 (2007), 175--191.Google ScholarCross Ref
- B. Fischhoff, P. Slovic, S. Lichtenstein, S. Read, B. Combs. 1978. How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy Science 9 (1978), 127--152.Google ScholarCross Ref
- M. Furr. 2011. Scale Construction and Psychometrics for Social and Personality Psychology. SAGE Publications Ltd.Google Scholar
- A. Gelman and J. Hill. 2006. Data Analysis Using Regression and Multilevel/Hierarchical Models. Cambridge University Press.Google Scholar
- H. Hibshi, T. D. Breaux, and S. B. Broomell. 2015. Assessment of risk perception in security requirements composition. In Proceedings of IEEE 23rd International Requirements Engineering Conference (RE’15). 146--155.Google Scholar
- L. M. Hilty, C. Som, and A. Köhler. 2004. Assessing the human, social and environmental risks of pervasive computing. Human and Ecological Risk Assessment 10 (2004), 853--874.Google ScholarCross Ref
- J. I. Hong, J. D. Ng, S. Lederer, and J. A. Landay. 2004. Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In Proceedings of the 5th Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques (DIS'04). ACM, New York, NY, 91--100. Google ScholarDigital Library
- C. Hoofnagle, J. King, S. Li, and J. Turow. 2010. How different are young adults from older adults when it comes to information privacy attitudes and policies. SSRN Working Paper Series 4, 19 (2010), 1--20.Google Scholar
- J. J Horton, D. G. Rand, and R. J. Zeckhauser. 2011. The online laboratory: conducting experiments in a real labor market. Experimental Economics 14, 3 (2011), 399--425.Google ScholarCross Ref
- Peter Hustinx. 2010. Privacy by design: Delivering the promises. Identity in the Information Society 3, 2 (2010), 253--255.Google ScholarCross Ref
- Giovanni Iachello and Jason Hong. 2007. End-user privacy in human-computer interaction. Trends Human-Computer Interaction 1, 1 (2007), 1--137. Google ScholarDigital Library
- S. Kaplan and B. J. Garrick. 1981. On the quantitative definition of risk. Risk Analysis 1, 1 (1981), 11--27.Google ScholarCross Ref
- M. G. Kendall. 1948. Rank Correlation Methods. Charles Griffin and Company Limited.Google Scholar
- F. H. Knight. 1921. Risk, Uncertainty, and Profit. Houghton Mifflin Company.Google Scholar
- B. Knijnenburg and A. Kobsa. 2014. Increasing sharing tendency without reducing satisfaction: finding the best privacy-settings user interface for social networks. In Proceedings of the 35th International Conference on Information Systems. 1--21.Google Scholar
- J. T. Kulas and A. A. Stachowski. 2013. Respondent rationale for neither agreeing nor disagreeing: Person and item contributors to middle category endorsement intent on Likert personality indicators. Journal of Research in Personality 47, 4 (2013), 254--262.Google ScholarCross Ref
- S. Lederer, J. Mankoff, and A. K. Dey. 2003. Towards a deconstruction of the privacy space. In Proceedings of Workshop on Privacy in Ubicomp 2003: Ubicomp Communities: Privacy as Boundary Negotiation.Google Scholar
- S. Lederer, J. I. Hong, A. K. Dey, and J. A. Landay. 2004. Personal privacy through understanding and action: five pitfalls for designers. Personal Ubiquitous Computing 8, 6 (2004), 440--454. Google ScholarCross Ref
- J. H. Moor. 1997. Towards a theory of privacy in the information age. Computers and Society 27, 3 (1997), 27--32. Google ScholarDigital Library
- J. Mugan, T. Sharma, and N. Sadeh. 2011. Understandable Learning of Privacy Preferences Through Default Personas and Suggestions. Technical Report CMU-ISR-11-112, School of Computer Science, Carnegie Mellon University. Retrieved from http://reports-archive.adm.cs.cmu.edu/anon/isr2011/CMU-ISR-11-112.pdf.Google Scholar
- R. S. Murphy. 1996. Property rights in personal information: An economic defense of privacy. Georgetown Law Journal 84 (1996), 2381.Google Scholar
- P. M. Mastrangel, W. Everto, and J. A. Jolton. 2006. Personal use of work computers: distraction versus destruction. Cyber Psychology 8 Behavior 9 (2006), 730--41.Google Scholar
- S. Nakagawa and H. Schielzet. 2013. A general and simple method for obtaining R2 from generalized linear mixed-effects models. Methods in Ecology and Evolution 4, 2 (2013), 133--142.Google ScholarCross Ref
- H. Nissenbaum. 2004. Privacy as contextual integrity. Washington Law Review 79, 2004 (2007), 119--157.Google Scholar
- H. Nissenbaum. 2009. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford Law Books. Google ScholarDigital Library
- J. S. Olson, J. Grudin, and E. Horvitz. 2005. A study of preferences for sharing and privacy. In Proceedings of CHI'05 Extended Abstracts on Human Factors in Computing Systems (CHI EA'05). ACM, New York, NY, 1985--1988. Google ScholarDigital Library
- Leysia Palen and Paul Dourish. 2003. Unpacking "privacy" for a networked world. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI'03). ACM, New York, NY, 129--136. Google ScholarDigital Library
- A. Perrin and M. Duggan. 2015. Americans’ Internet Access: 2000--2015. PEW Internet and American Life Project, June 26, 2015. Retrieved from http://www.pewresearch.org/fact-tank/2016/02/19/americans-feel-the-tensions-between-privacy-and-security-concerns/.Google Scholar
- G. Paolacci, J. Chandler, and P. G. Ipeirotis. 2010. Running experiments on amazon mechanical Turk. Judgment and Decision Making 5 (2010), 411--419.Google ScholarCross Ref
- PwC. 2016. The Global State of Information Security Survey. Turnaround and Transformation in Cybersecurity. PwC.Google Scholar
- R. Core Team. 2015. R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria. Retrieved from http://www.R-project.org/.Google Scholar
- L. Rainie and S. Maniam. 2016. Americans Feel the Tensions Between Privacy and Security Concerns. PEW Internet and American Life Project, February 19, 2016.Google Scholar
- D. G. Rand. 2012. The promise of mechanical Turk: How online labor markets can help theorists run behavioral experiments. Journal of Theoretical Biology 299 (2012), 172--179.Google ScholarCross Ref
- J. H. Saltzer and M. D. Schroeder. 1975. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (1975), 1278--1308.Google ScholarCross Ref
- W. R. Shadish, T. D. Cook, and D. T. Campbell. 2002. Experimental and Quasi-experimental Designs for Generalized Causal Inference. Houghton, Mifflin and Company, Boston, MA.Google Scholar
- C. Spearman. 1904. The proof and measurement of association between two things. The American Journal of Psychology 15, 1 (1904), 72--101.Google ScholarCross Ref
- C. Starr. 1969. Social benefit versus technological risk. Science 165 (1969), 1232--1238.Google ScholarCross Ref
- P. Slovic. 2000. The Perception of Risk. Earthscan Publication.Google Scholar
- H. J. Smith, Tamara Dinev, and Heng Xu. 2011. Information privacy research: An interdisciplinary review. MIS Quarterly 35, 4 (2011), 989--1015. Google ScholarDigital Library
- D. J. Solove. 2006. A taxonomy of privacy. University of Pennyslavania Law Review 154, 3 (2006), 477.Google ScholarCross Ref
- Daniel J. Solove. 2008. Understanding Privacy. Harvard University Press.Google Scholar
- Gary Stoneburner, Alice Y. Goguen, and Alexis Feringa. 2002. Risk Management Guide for Information Technology Systems. SP 800-30, Technical Report, NIST, Gaithersburg, MD. Google Scholar
- A. Tversky and D. Kahneman. 1974. Judgment under uncertainty: heuristics and biases. Science 185 (1974), 1124--1131.Google ScholarCross Ref
- C. Wakslak and Y. Trope. 2009. The effect of construal level on subjective probability estimates. Psychological Science 20, 1 (2009), 52--58.Google ScholarCross Ref
- Lisa Wallander. 2009. 25 years of factorial surveys in sociology: A review. Social Science Research 38, 3 (2009), 505--520.Google ScholarCross Ref
- Y. Wang, G. Norice, and L. F. Cranor. 2011. Who is concerned about what? A study of American, Chinese and Indian users’ privacy concerns on social network sites. In Proceedings of International Conference on Trust and Trustworthy Computing Trust 2011: Trust and Trustworthy Computing (2011), 146--153. Google ScholarDigital Library
- Yang Wang, Pedro Giovanni Leon, Alessandro Acquisti, Lorrie Faith Cranor, Alain Forget, and Norman Sadeh. 2014. A field trial of privacy nudges for Facebook. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI'14). ACM, New York, NY, 2367--2376. Google ScholarDigital Library
- A. F. Westin. 1967. Privacy and Freedom. Atheneum, New York, NY.Google Scholar
Index Terms
- Empirical Measurement of Perceived Privacy Risk
Recommendations
Privacy, Anonymity, and Perceived Risk in Open Collaboration: A Study of Tor Users and Wikipedians
CSCW '17: Proceedings of the 2017 ACM Conference on Computer Supported Cooperative Work and Social ComputingThis qualitative study examines privacy practices and concerns among contributors to open collaboration projects. We collected interview data from people who use the anonymity network Tor who also contribute to online projects and from Wikipedia editors ...
Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection
The massive amount of sensitive survey data about individuals that agencies collect and share through the Internet is causing a great deal of privacy concerns. These concerns may discourage individuals from revealing their sensitive information. ...
Internet privacy concerns and beliefs about government surveillance - An empirical investigation
This U.S.-based research attempts to understand the relationships between users' perceptions about Internet privacy concerns, the need for government surveillance, government intrusion concerns, and the willingness to disclose personal information ...
Comments