Team 2Andrew Boyd

Kaven Williams

Privacy, Security and Compliance Issues Current State of Research Implications Areas of Research Opportunity Baseline Study Initial Results Next Steps

This topic sits at the intersection of:◦ Pyschology◦ Management Theory and Corporate Governance◦ Economic Social Utility and Social Network Theory◦ Computer Science

It has an impact on:◦ Civil and Criminal Statutes◦ Economic Behaviour◦ Civil Rights and Freedoms◦ Systems Architecture and Development◦ The interplay between ‘Personal’ and ‘Public’ space

Acquisti and Grossklags, “Privacy and Rationality in Individual Decision Making”◦ Incomplete information◦ Bounded rationality◦ Deviations from rationality

Additional- Social Context and ‘Sense of Ease’

The blurring of Private and Public Behaviour

Strater, Katherine and Richter, Heather “Examining Privacy and Disclosure in a Social Networking Community”, Symposium on Usable Privacy and Security (SOUPS) 2007, Pittsburgh, PA, USA.“…many participants remained at risk for over-disclosure and privacy invasions due to an underestimation of extent and activity of their social network.”

Raento, Mika and Oulasvirta, Antti “Designing for privacy and self-preservation in social awareness”, Personal Ubiquitous Computing, vol. 12, pp. 527-542, 2008.

“We have also seen that users have been highly aware of the audience in the control of disclosure and self-presentation. From related research we hypothesize the need for more control over the automated disclosure in unequal relationships.” This statement implies that users are aware of some aspects of privacy control, but require more education about how to manage those aspects. This management does not necessarily require a user to have complete knowledge of permutations of information use, but may simply require a user to follow a basic set of behavioural rules.

Privacy attitudes and behaviours are a complex problem Multifactorial Situation- complex cause and effect Lack of empirical evidence- manys surveys, few studies Existing studies focus on e-Commerce, not Social Media Widespread media coverage for social media privacy

issues What are our next steps?

Isolate the variables Education, Social Context and Demographics are likely

candidates for ‘tweakable variables’

Overlap among the fields of Behavioural Psychology, Management Theory, Economics, Education and Computer Science

Challenges of validating interdisciplinary constructs

Defining the appropriate ‘objects’ within this mental model- or ‘behavioural construct’

Base-Lining Variables- Knowledge/ Demographics/ Attitude/

Behaviour

IUIPC- Internet User’s Information Privacy Concerns

Multi-dimensional attitudinal survey scaled on a Seven Point Likert Scale

Mixed in with behavioural questions about social media membership and usage

Distributed via Pace email, and personal networks of team members

Running February 28- April 5, 2009

387 Responses- Majority from Canada and US Demographic Profile Social Media Usage Privacy Attitudes Privacy Behaviours Privacy Sensitivity Weird Findings:

◦ Dating with Linked-in◦ Grey-haired Tweeters◦ Social Network Size

H1: Attitudes vary by age H2: Attitudes vary by education H3: Attitudes vary by experience H4: Attitudes do not vary by ethnicity H5: Attitudes do not vary by nationality H6: Attitudes do not vary by gender H7: Attitudes vary by sense of being a victim H8: Attitudes vary by the importance

individuals assign to having a large group of online friends

H9: The importance of having a large online group of friends varies by age

H10: Attitudes vary by media exposure

Implications of this study for Kaven’s research1. Demographic impact on personal risk perception and effect on

security compliance in corporations.2. Threat mapping against user behaviours within specific

contexts. 3. Mitigating strategies and constructs for corporate

environments.

Implications of this study for Andrew’s research1. Demographic/ Attitude/ Behaviour implications.2. Differences between social media and e-commerce attitudes.3. Conceptual objects for social media mental model construct

Pace Research Day Presentation and Possible Academic Conference Paper?

?