To systematize the wide range of claims contained in privacy policies, Anton and Earp produced a dictionary of privacy claims contained in the privacy policies of 25 major US retailers’ web sites . Similar to Dourish et al. , Anton and Earp used Grounded Theory and goal mining techniques to extract these claims and produced a list of 124 privacy goals. They categorized claims in privacy policies as “protection goals” (i.e., assertions with the intent of protecting users’ data privacy) and “vulnerabilities” (i.e., assertions that describe management practices that may harm user privacy such as sharing of personal information). The privacy goals taxonomy reflects the usual categories of notification, consent, redress, etc., while the vulnerabilities taxonomy includes such issues as data monitoring, aggregation, storage, transfer, collection, personalization, and contact.
The emergent picture is that end-user privacy policies are complex instruments which need careful planning, constant updates, and careful drafting to ensure that users read them, understand them, and use them. Obviously, they must reflect to actual organizational practices, which can be a problem especially in rapidly-evolving organizations.
Deploying, Managing, and Enforcing Privacy Policies
Although the management of personal information has not traditionally been the topic of public research, there have recently been several efforts in this field, specifically in two areas:
end-user-privacy-in-human-computer-interaction-v57.docPage 32 of 85