Evaluating interfaces for privacy policy rule authoring

Authors:
Clare-Marie Karat;John Karat;Carolyn Brodie;Jinjuan Feng
Affiliations:
IBM T.J. Watson Research Center;IBM T.J. Watson Research Center;IBM T.J. Watson Research Center;Towson University
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2006

Citing 15
Cited 17

Privacy policies and practices: inside the organizational maze

Communications of the ACM
Personalized hypermedia and international privacy

Communications of the ACM - The Adaptive Web
Privacy of medical records: IT implications of HIPAA

ACM SIGCAS Computers and Society
Unpacking "privacy" for a networked world

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Patient Privacy in Electronic Prescription Transfer

IEEE Security and Privacy
Web Privacy with P3p

Web Privacy with P3p
Natural-Language Processing Support for Developing Policy-Governed Software Systems

TOOLS '01 Proceedings of the 39th International Conference and Exhibition on Technology of Object-Oriented Languages and Systems (TOOLS39)
Privacy policies as decision-making tools: an evaluation of online privacy notices

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing personalized user experiences in eCommerce

Designing personalized user experiences in eCommerce
How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems

Journal of Biomedical Informatics
Inside JetBlue's Privacy Policy Violations

IEEE Security and Privacy
Editorial: why HCI research in privacy and security is critical now

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Privacy in information technology: designing to enable privacy policy management in organizations

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
The talent system: TEXTRACT architecture and data model

SEALTS '03 Proceedings of the HLT-NAACL 2003 workshop on Software engineering and architecture of language technology systems - Volume 8
Privacy in context

Human-Computer Interaction

An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Noticing notice: a large-scale experiment on the timing of software license agreements

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
End-user privacy in human-computer interaction

Foundations and Trends in Human-Computer Interaction
An Organizational View of Pervasive Computing

Social Science Computer Review
Mobile interaction design: Integrating individual and organizational perspectives

Information-Knowledge-Systems Management - Enterprise Mobility: Applications, Technologes and Strategies
Evaluating assistance of natural language policy authoring

Proceedings of the 4th symposium on Usable privacy and security
Expressions of expertness: the virtuous circle of natural language for access control policy specification

Proceedings of the 4th symposium on Usable privacy and security
A framework for culturally adaptive policy management in ad hoc collaborative contexts

Proceedings of the 2009 international workshop on Intercultural collaboration
Sanitization's slippery slope: the design and study of a text revision assistant

Proceedings of the 5th Symposium on Usable Privacy and Security
Usability challenges in security and privacy policy-authoring interfaces

INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Privacy-aware role-based access control

ACM Transactions on Information and System Security (TISSEC)
Analysis of privacy and security policies

IBM Journal of Research and Development
Policy framework for security and privacy management

IBM Journal of Research and Development
More than skin deep: measuring effects of the underlying model on access-control system usability

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Considering privacy and effectiveness of authorization policies for shared electronic health records

Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Keeping Found Things Found: The Study and Practice of Personal Information Management: The Study and Practice of Personal Information Management

Keeping Found Things Found: The Study and Practice of Personal Information Management: The Study and Practice of Personal Information Management
Automated extraction of security policies from natural-language software documents

Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering

Quantified Score

Hi-index	0.01

Visualization

Abstract

Privacy policy rules are often written in organizations by a team of people in different roles. Currently, people in these roles have no technological tools to guide the creation of clear and implementable high-quality privacy policy rules. High-quality privacy rules can be the basis for verifiable automated privacy access decisions. An empirical study was conducted with 36 users who were novices in privacy policy authoring to evaluate the quality of rules created and user satisfaction with two experimental privacy authoring tools and a control condition. Results show that users presented with scenarios were able to author significantly higher quality rules using either the natural language with a privacy rule guide tool or a structured list tool as compared to an unguided natural language control condition. The significant differences in quality were found in both user self-ratings of rule quality and objective quality scores. Users ranked the two experimental tools significantly higher than the control condition. Implications of the research and future research directions are discussed.