provide coarse-grain control,
enable social nuance, and
emphasize action over configuration.
These guidelines originate from qualitative reflection on the researchers’ experience. Guidelines with even more limited scope are available as well. For example, Iachello et al. proposed eight specific guidelines for the development of social location disclosure applications  (Table 4).
Design Patterns for Privacy
Design patterns are somewhat related to guidelines. The concept of patterns originates from work by Alexander , and was later used in the context of software design . One key difference between guidelines and patterns is that patterns are meant to be generative, helping designers create solutions by re-purposing existing solutions, whereas guidelines tend to be higher level and not tied to specific examples.
Both Junestrand et al.  and Chung et al.  developed design patterns to solve common privacy problems of ubicomp applications. The patterns developed by Chung et al. are listed in Table 5 and are inspired by a combination of the FIPS, HCI research, and security research. While Chung et al.’s patterns are relatively high-level—e.g., “Building Trust and Credibility,” “Fair Information Practices,”—Junestrand et al.’s are application-specific.
Chung et al. evaluated their patterns using a design exercise with students and experienced designers. The authors observed that the privacy patterns were not used in any meaningful way by the participants. Expert reviewers did not evaluate the designs produced with the patterns to be any better than the others . Several explanations are likely, including limitations of the experimental setup and the fact that privacy is often a secondary concern of the designers.
end-user-privacy-in-human-computer-interaction-v57.docPage 56 of 85