3.5.1). The FIPS have greatly influenced research on privacy, including standards like P3P , privacy policies on web sites, and data management policies . More recently, the FIPS have been reinterpreted with reference to RFID systems  and ubiquitous computing .
In contrast, personal privacy describes how people manage their privacy with respect to other individuals, as opposed to large organizations. Drawing from Irwin Altman’s research on how people manage personal space , Palen and Dourish argue that privacy is not simply a problem of setting rules and enforcing them, but rather an ongoing and organic “boundary definition process” in which disclosure and identity are fluidly negotiated . The use of window blinds and doors to achieve varying levels of privacy or openness is an example of such boundary setting. Other scholars have made similar observations. Darrah et al. observed that people tend to devise strategies “to restrict their own accessibility to others while simultaneously seeking to maximize their ability to reach people” . Westin argued that “Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication” .
Altman’s work is in part inspired by Goffman’s work on social and interpersonal relations in small groups [122, 123]. One of Goffman’s key insights is that we project different personas to different people in different situations. For example, a doctor might present a professional persona while working in the hospital, but might be far more casual and open with close friends and family. The problem with respect to the design of interactive systems is that these roles cannot always be easily captured or algorithmically modeled.
Personal privacy appears to be a better model for explaining peoples’ use of IT in cases where the information requiring protection is not well defined, such as managing one’s availability to being interrupted or minute interpersonal communication. Here, the choice of whether or not to disclose personal information to others is highly situational depending on the social and historical context of the people involved. An example of this is whether or not to disclose one’s location when on-the-go using cell phones or other kinds of “friend finders” . Current research suggests that these kinds of situations tend to be difficult to model using rigid privacy policies that are typical of data protection guidelines .
In summary, data protection focuses on the relationship between individual citizens and large organizations. To use a blunt expression, the power of knowledge here lies in quantity. In contrast, personal privacy focuses more on interpersonal relationships and tight social circles, where the concern is about intimacy.
This distinction is not just academic, but has direct consequences on design. Modeling privacy according to data protection guidelines will likely result in refined access control and usage policies for personal information. This is appropriate for many IT applications today, ranging from healthcare to e-commerce. Typical design tools based on the data protection viewpoint include privacy policies on web sites, consent checkboxes, certification programs (such as TRUSTe), and regulations that increase the trust of consumers towards organizations.
end-user-privacy-in-human-computer-interaction-v57.docPage 10 of 85