X hits on this document





33 / 100

tools for privacy policy creation, enforcement and management, and

certification of information management practices.

The most significant project in the first area is SPARCLE. The vision of SPARCLE is to provide a bridge between natural language and automatic enforcement systems, such as Tivoli [30]. SPARCLE is currently implemented as a web-based tool for translating privacy policies5 stated in natural language into machine-readable formats akin P3P [176]. The request for this tool came from professionals of IBM’s IT services division, suggesting that even expert consultants may find it difficult to write consistent and complete privacy policies.6 While the difficulties of professionals drafting privacy policies are not documented in academic literature, our own experience coupled with press coverage suggests that the implementation and enforcement of privacy policies within organizations is a pressing and very challenging issue. See, for example, the recent leaks of personal information at Cardsystems [104] and Choicepoint [153, 300].

SPARCLE has recently undergone tests to evaluate what type of policy statement input modality is most effective, i.e., free-text, where the user types the policy directly in the system, or guided, through menu selections. These tests were aimed at an expert user population and measured the time necessary to write a policy and the quality of the resulting statements sets [176].

The second aspect of privacy management relates to the IT and human systems that process and secure personal data within organizations. Unfortunately, public information on this topic is scarce. Furthermore, except for checklists such as the Canadian Privacy Impact Assessment [284], general standards are lacking. For example, Iachello analyzed IS17799, a popular information security best practice standard, vis-à-vis data protection legislation. He found that the IS17799 lacks support for several common data protection requirements found in legislation, such as limitation of use or the development of a privacy policy. As a result, Iachello proposed augmenting the standard with additional requirements specifically aimed at privacy [155].

In general, we still see little attention to the problem of managing personal information at the organizational level. Given the attention that the HCI and CSCW communities has devoted to issues such as collaboration and groupware systems, and the progress that has been made in these fields since the 1980’s, we believe that HCI research could greatly improve the organizational aspects of personal information management. We believe that the challenge in this field lies in aligning the interests of the research community with the needs of practitioners and corporations. We discuss this point more as an ongoing research challenge in Section 4.4.

3.3.2 Helping End-Users Specify Their Privacy Preferences

Many applications let people specify privacy preferences. For example, most social networking web sites let people specify who can see what information about them. There are three design parameters for such applications, namely when users should specify

5 “Privacy policy” here refers to the policy internal to the organization, which describes roles, responsibilities and is used for process definition. This is not the policy written for the data subject and posted on the web site.

6 J. Karat, personal communication, March 2006.

end-user-privacy-in-human-computer-interaction-v57.docPage 33 of 85

Document info
Document views207
Page views207
Page last viewedSat Dec 03 10:35:13 UTC 2016