Finally, it is often difficult to evaluate the effects of technology on privacy. There are few well-defined methods for anticipating what privacy features are necessary for a system to gain wide-scale adoption by consumers. Similarly, there is little guidance for measuring what level of privacy a system effectively offers or what its overall return on investment is. Like “usability” and “security,” privacy is a holistic property of interactive systems, which include the people using them. An entire system may be ruined by a single poorly implemented component that leaks personal information.
In our opinion, Human-computer interaction is uniquely suited to help design teams manage these challenges. HCI provides a rich set of tools that can be used to probe how people perceive privacy threats, understand how people share personal information with others, and evaluate how well a given system facilitates (or inhibits) desired privacy practices. Indeed, the bulk of this paper examines past work that has shed light on these issues of privacy.
As much as we have progressed our understanding of privacy within HCI in the last 30 years, we also recognize that there are major research challenges remaining. Hence, we close this article by identifying five “grand challenges” in HCI and privacy:
Developing standard privacy-enhancing interaction techniques.
Developing analysis techniques and survey tools.
Documenting the effectiveness of design tools, and creating a “privacy toolbox.”
Furthering organizational support for managing personal data.
Developing a theory of technological acceptance, specifically related to privacy.
These are only few of the challenges facing the field. We believe that focusing research efforts on these issues will lead to bountiful, timely and relevant results that will positively affect all users of information technology.
1.2 Sources Used and Limitations of this Survey
In this survey paper, we primarily draw on the research literature in HCI, CSCW, and other branches of Computer Science. However, readers should be aware that there is a great deal of literature on privacy in the MIS, advertising and marketing, human factors, and legal communities.
The MIS community has focused primarily on corporate organizations, where privacy perceptions and preferences have a strong impact on the adoption of technologies by customers and on relationships between employees. The advertising and marketing communities have examined privacy issues in reference to privacy policies, and the effects that these have on consumers (e.g., work by Sheehan ).
The legal community has long focused on the implications of specific technologies on existing balances, such as previous court rulings and the constitutional status quo. We did not include legal literature in this article because much scholarly work in this area is difficult to use in practice during IT design. However, this work has some bearing on HCI and researchers may find some analyses inspiring, including articles on data
end-user-privacy-in-human-computer-interaction-v57.docPage 6 of 85