Privacy policies and practices: inside the organizational maze
Communications of the ACM
Maintaining a focus on user requirements throughout the development of clinical workstation software
Proceedings of the ACM SIGCHI Conference on Human factors in computing systems
DIS '97 Proceedings of the 2nd conference on Designing interactive systems: processes, practices, methods, and techniques
Contextual design: defining customer-centered systems
Contextual design: defining customer-centered systems
Privacy of medical records: IT implications of HIPAA
ACM SIGCAS Computers and Society
Making use of scenarios: a field study of conceptual design
International Journal of Human-Computer Studies
Patient Privacy in Electronic Prescription Transfer
IEEE Security and Privacy
Privacy policies as decision-making tools: an evaluation of online privacy notices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Personalizing the user experience on ibm.com
IBM Systems Journal
Privacy in information technology: designing to enable privacy policy management in organizations
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Evaluating interfaces for privacy policy rule authoring
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Usability challenges in security and privacy policy-authoring interfaces
INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Managing professional and personal sensitive information
Proceedings of the 38th annual ACM SIGUCCS fall conference: navigation and discovery
| Hi-index | 0.00 |
In their research, the authors find that organizations increasingly collect sensitive electronic information. Currently, they do not have a unified way of defining or implementing privacy or security access control policies for such information. This makes it difficult for the organizations to put in place proper management and control of sensitive information or to verify that required or intended regulations for the use of information are met by the organization. Examinations of privacy policy implementations within organizations have not changed the picture much in the past 20 years. Although there has been considerable attention to the development and posting of privacy policies, these policies are generally vague and lack connections to technology that might implement them. Closing the gap between the high-level policies to which organizations strive to adhere and the low-level actions carried out within their IT systems is an important topic for research and development.