scholarly journals Obtaining P3P Privacy Policies for Composite Services

2014 ◽  
Vol 2014 ◽  
pp. 1-10
Author(s):  
Yi Sun ◽  
Zhiqiu Huang ◽  
Changbo Ke
Keyword(s):  
Web Services ◽  
Privacy Protection ◽  
Service Providers ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Policy Language ◽  
Privacy Preferences ◽  
Composite Services

With the development of web services technology, web services have changed from single to composite services. Privacy protection in composite services is becoming an important issue. P3P (platform for privacy preferences) is a privacy policy language which was designed for single web services. It enables service providers to express how they will deal with the privacy information of service consumers. In order to solve the problem that P3P cannot be applied to composite services directly, we propose a method to obtain P3P privacy policies for composite services. In this method, we present the definitions ofPurpose,Recipient, andRetentionelements as well asOptionalandRequiredattributes for P3P policies of composite services. We also provide an instantiation to illustrate the feasibility of the method.

Semi-Automated Seeding of Personal Privacy Policies in E-Services

2011 ◽  
pp. 985-992
Author(s):  
George Yee ◽  
Larry Korba
Keyword(s):  
Private Information ◽  
Web Site ◽  
Privacy Policy ◽  
Personal Privacy ◽  
Privacy Policies ◽  
Major Drawback ◽  
Consumer Privacy ◽  
Privacy Preferences ◽  
Privacy Constraints ◽  
The Web

The rapid growth of the Internet has been accompanied by a proliferation of e-services targeting consumers. E-services are available for banking, shopping, learning, government online, and healthcare. However, each of these services requires a consumer’s personally identifiable information (PII) in one form or another. This leads to concerns over privacy. In order for e-services to be successful, privacy must be protected (Ackerman, Cranor, & Reagle, 1999). An effective and flexible way of handling privacy is management via privacy policies. In this approach, a consumer of an e-service has a personal privacy policy that describes what private information the consumer is willing to give up to the e-service, with which parties the provider of the e-service may share the private information, and how long the private information may be kept by the provider. The provider likewise has a provider privacy policy describing similar privacy constraints as in the consumer’s policy, but from the viewpoint of the provider, (i.e., the nature of the private information and the disclosure/retention requirements that are needed by the e-service). Before the consumer engages the e-service, the provider’s privacy policy must match with the consumer’s privacy policy. In this way, the consumer’s privacy is protected, assuming that the provider complies with the consumer’s privacy policy. Note that policy compliance is outside the scope of this work but see Yee and Korba (July, 2004). Initial attempts at conserving consumer privacy for e-services over the last few years have focused on the use of Web site privacy policies that state the privacy rules or preferences of the Web site or service provider. Some of these policies are merely statements in plain English and it is up to the consumer to read it. This has the drawback that very few consumers take the trouble to read it. Even when they do take the time to look at it, online privacy policies have been far too complicated for consumers to understand and suffer from other deficiencies (Lichtenstein, Swatman, & Babu, 2003; Jensen & Potts, 2004). Still other privacy policies are specified using P3P (W3C) that allows a consumer’s browser to automatically check the privacy policy via a browser plug-in. This, of course, is better than plain English policies but a major drawback is that it is a “take-it-or-leave-it” approach. There is no recourse for the consumer who has a conflict with the Web site’s P3P policy, except to try another Web site. In this case, we have advocated a negotiations approach to resolve the conflict (Yee & Korba, Jan., May, 2003). However, this requires a machine-processable personal privacy policy for the consumer. We assume that providers in general have sufficient resources to generate their privacy policies. Certainly, the literature is full of works relating to enterprise privacy policies and models (e.g., Barth & Mitchell, 2005; Karjoth & Schunter 2002). Consumers, on the other hand, need help in formulating machine-processable privacy policies. In addition, the creation of such policies needs to be as easy as possible or consumers would simply avoid using them. Existing privacy specification languages such as P3P, APPEL (W3C; W3C, 2002), and EPAL (IBM) are far too complicated for the average internet user to understand. Understanding or changing a privacy policy expressed in these languages effectively requires knowing how to program. Moreover, most of these languages suffer from inadequate expressiveness (Stufflebeam, Anton, He, & Jain, 2004). What is needed is an easy, semi-automated way of seeding a personal privacy policy with a consumer’s privacy preferences. In this work, we present two semi-automated approaches for obtaining consumer personal privacy policies for e-services through seeding. This article is based on our work in Yee and Korba (2004). The section “Background” examines related work and the content of personal privacy policies. The section “Semi-Automated Seeding of Personal Privacy Policies” shows how personal privacy policies can be semi-automatically seeded or generated. The section “Future Trends” identifies some of the developments we see in this area over the next few years. We end with ”Conclusion”.

Legislative Based for Personal Privacy Policy Specification

2011 ◽  
pp. 281-94 ◽  
Author(s):  
George Yee ◽  
Larry Korba ◽  
Ronggong Song
Keyword(s):  
Private Information ◽  
The United States ◽  
Privacy Policy ◽  
The European Union ◽  
Personal Privacy ◽  
User Privacy ◽  
Privacy Policies ◽  
Policy Model ◽  
Privacy Preferences ◽  
Policy Specification

The growth of the Internet has been accompanied by a proliferation of e-services, especially in the area of e-commerce (e.g., Amazon.com, eBay.com). However, consumers of these e-services are becoming more and more sensitive to the fact that they are giving up private information every time they use them. At the same time, legislative bodies in many jurisdictions have enacted legislation to protect the privacy of individuals when they need to interact with organizations. As a result, e-services can only be successful if there is adequate protection for user privacy. The use of personal privacy policies to express an individual’s privacy preferences appears best-suited to manage privacy for e-commerce. We first motivate the reader with our e-service privacy policy model that explains how personal privacy policies can be used for e-services. We then derive the minimum content of a personal privacy policy by examining some key privacy legislation selected from Canada, the European Union, and the United States.

Estimating the Privacy Protection Capability of a Web Service Provider

2011 ◽  
pp. 1929-1950
Author(s):  
George O.M. Yee
Keyword(s):  
Web Services ◽  
Web Service ◽  
Service Provider ◽  
Privacy Protection ◽  
Service Providers ◽  
The Internet ◽  
Service Users ◽  
Protection Capability

The growth of the Internet has been accompanied by the growth of Web services (e.g., e-commerce, e-health, etc.), leading to important provisions put in place to protect the privacy of Web service users. However, it is also important to be able to estimate the privacy protection capability of a Web service provider. Such estimates would benefit both users and providers. Users would benefit from being able to choose (assuming that such estimates were made public) the service that has the greatest ability to protect their privacy (this would in turn encourage Web service providers to pay more attention to privacy). Web service providers would benefit by being able to adjust their provisions for protecting privacy until certain target capability levels of privacy protection are reached. This article presents an approach for estimating the privacy protection capability of a Web service provider and illustrates the approach with an example.

scholarly journals Privacy Practices of Health Information Technologies: Privacy Policy Risk Assessment Study and Proposed Guidelines

10.2196/26317 ◽  
2021 ◽  
Vol 23 (9) ◽  
pp. e26317
Author(s):  
Haley M LaMonica ◽  
Anna E Roberts ◽  
Grace Yeeun Lee ◽  
Tracey A Davenport ◽  
Ian B Hickie
Keyword(s):  
Risk Assessment ◽  
Health Information ◽  
Health Professionals ◽  
Participatory Design ◽  
Assessment Tool ◽  
Service Providers ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Policy Risk ◽  
Privacy Risks

Background Along with the proliferation of health information technologies (HITs), there is a growing need to understand the potential privacy risks associated with using such tools. Although privacy policies are designed to inform consumers, such policies have consistently been found to be confusing and lack transparency. Objective This study aims to present consumer preferences for accessing privacy information; develop and apply a privacy policy risk assessment tool to assess whether existing HITs meet the recommended privacy policy standards; and propose guidelines to assist health professionals and service providers with understanding the privacy risks associated with HITs, so that they can confidently promote their safe use as a part of care. Methods In phase 1, participatory design workshops were conducted with young people who were attending a participating headspace center, their supportive others, and health professionals and service providers from the centers. The findings were knowledge translated to determine participant preferences for the presentation and availability of privacy information and the functionality required to support its delivery. Phase 2 included the development of the 23-item privacy policy risk assessment tool, which incorporated material from international privacy literature and standards. This tool was then used to assess the privacy policies of 34 apps and e-tools. In phase 3, privacy guidelines, which were derived from learnings from a collaborative consultation process with key stakeholders, were developed to assist health professionals and service providers with understanding the privacy risks associated with incorporating HITs as a part of clinical care. Results When considering the use of HITs, the participatory design workshop participants indicated that they wanted privacy information to be easily accessible, transparent, and user-friendly to enable them to clearly understand what personal and health information will be collected and how these data will be shared and stored. The privacy policy review revealed consistently poor readability and transparency, which limited the utility of these documents as a source of information. Therefore, to enable informed consent, the privacy guidelines provided ensure that health professionals and consumers are fully aware of the potential for privacy risks in using HITs to support health and well-being. Conclusions A lack of transparency in privacy policies has the potential to undermine consumers’ ability to trust that the necessary measures are in place to secure and protect the privacy of their personal and health information, thus precluding their willingness to engage with HITs. The application of the privacy guidelines will improve the confidence of health professionals and service providers in the privacy of consumer data, thus enabling them to recommend HITs to provide or support care.

scholarly journals Privacy Practices of Health Information Technologies: Privacy Policy Risk Assessment Study and Proposed Guidelines (Preprint)

2020 ◽  
Author(s):  
Haley M LaMonica ◽  
Anna E Roberts ◽  
Grace Yeeun Lee ◽  
Tracey A Davenport ◽  
Ian B Hickie
Keyword(s):  
Risk Assessment ◽  
Health Information ◽  
Health Professionals ◽  
Participatory Design ◽  
Assessment Tool ◽  
Service Providers ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Policy Risk ◽  
Privacy Risks

BACKGROUND Along with the proliferation of health information technologies (HITs), there is a growing need to understand the potential privacy risks associated with using such tools. Although privacy policies are designed to inform consumers, such policies have consistently been found to be confusing and lack transparency. OBJECTIVE This study aims to present consumer preferences for accessing privacy information; develop and apply a privacy policy risk assessment tool to assess whether existing HITs meet the recommended privacy policy standards; and propose guidelines to assist health professionals and service providers with understanding the privacy risks associated with HITs, so that they can confidently promote their safe use as a part of care. METHODS In phase 1, participatory design workshops were conducted with young people who were attending a participating <i>headspace</i> center, their supportive others, and health professionals and service providers from the centers. The findings were knowledge translated to determine participant preferences for the presentation and availability of privacy information and the functionality required to support its delivery. Phase 2 included the development of the 23-item privacy policy risk assessment tool, which incorporated material from international privacy literature and standards. This tool was then used to assess the privacy policies of 34 apps and e-tools. In phase 3, privacy guidelines, which were derived from learnings from a collaborative consultation process with key stakeholders, were developed to assist health professionals and service providers with understanding the privacy risks associated with incorporating HITs as a part of clinical care. RESULTS When considering the use of HITs, the participatory design workshop participants indicated that they wanted privacy information to be easily accessible, transparent, and user-friendly to enable them to clearly understand what personal and health information will be collected and how these data will be shared and stored. The privacy policy review revealed consistently poor readability and transparency, which limited the utility of these documents as a source of information. Therefore, to enable informed consent, the privacy guidelines provided ensure that health professionals and consumers are fully aware of the potential for privacy risks in using HITs to support health and well-being. CONCLUSIONS A lack of transparency in privacy policies has the potential to undermine consumers’ ability to trust that the necessary measures are in place to secure and protect the privacy of their personal and health information, thus precluding their willingness to engage with HITs. The application of the privacy guidelines will improve the confidence of health professionals and service providers in the privacy of consumer data, thus enabling them to recommend HITs to provide or support care. CLINICALTRIAL

Legislative Based for Personal Privacy Policy Specification

2011 ◽  
pp. 2622-2633
Author(s):  
George Yee ◽  
Larry Korba ◽  
Ronggong Song
Keyword(s):  
Private Information ◽  
The United States ◽  
Privacy Policy ◽  
The European Union ◽  
Personal Privacy ◽  
User Privacy ◽  
Privacy Policies ◽  
Policy Model ◽  
Privacy Preferences ◽  
Policy Specification

The growth of the Internet has been accompanied by a proliferation of e-services, especially in the area of e-commerce (e.g., Amazon.com, eBay.com). However, consumers of these e-services are becoming more and more sensitive to the fact that they are giving up private information every time they use them. At the same time, legislative bodies in many jurisdictions have enacted legislation to protect the privacy of individuals when they need to interact with organizations. As a result, e-services can only be successful if there is adequate protection for user privacy. The use of personal privacy policies to express an individual’s privacy preferences appears best-suited to manage privacy for e-commerce. We first motivate the reader with our e-service privacy policy model that explains how personal privacy policies can be used for e-services. We then derive the minimum content of a personal privacy policy by examining some key privacy legislation selected from Canada, the European Union, and the United States.

Estimating the Privacy Protection Capability of a Web Service Provider

2013 ◽  
pp. 132-153
Author(s):  
George Yee
Keyword(s):  
Web Services ◽  
Web Service ◽  
Service Provider ◽  
Privacy Protection ◽  
Service Providers ◽  
The Internet ◽  
Service Users ◽  
Protection Capability

The growth of the Internet has been accompanied by the growth of Web services (e.g., e-commerce, e-health, etc.), leading to important provisions put in place to protect the privacy of Web service users. However, it is also important to be able to estimate the privacy protection capability of a Web service provider. Such estimates would benefit both users and providers. Users would benefit from being able to choose (assuming that such estimates were made public) the service that has the greatest ability to protect their privacy (this would in turn encourage Web service providers to pay more attention to privacy). Web service providers would benefit by being able to adjust their provisions for protecting privacy until certain target capability levels of privacy protection are reached. This article presents an approach for estimating the privacy protection capability of a Web service provider and illustrates the approach with an example. [Article copies are available for purchase from InfoSci-on-Demand.com]

Achieving a Balance Between Privacy Protection and Data Collection: A Field Experimental Examination of a Theory-Driven Information Technology Solution

2021 ◽  
Author(s):  
Bailing Liu ◽  
Paul A. Pavlou ◽  
Xiufeng Cheng
Keyword(s):  
Information Technology ◽  
Data Collection ◽  
Customer Service ◽  
Privacy Protection ◽  
Information Disclosure ◽  
Personal Information ◽  
Privacy Policy ◽  
Trade Off ◽  
Policy Application ◽  
Mobile Banking Applications

Companies face a trade-off between creating stronger privacy protection policies for consumers and employing more sophisticated data collection methods. Justice-driven privacy protection outlines a method to manage this trade-off. We built on the theoretical lens of justice theory to integrate justice provision with two key privacy protection features, negotiation and active-recommendation, and proposed an information technology (IT) solution to balance the trade-off between privacy protection and consumer data collection. In the context of mobile banking applications, we prototyped a theory-driven IT solution, referred to as negotiation, active-recommendation privacy policy application, which enables customer service agents to interact with and actively recommend personalized privacy policies to consumers. We benchmarked our solution through a field experiment relative to two conventional applications: an online privacy statement and a privacy policy with only a simple negotiation feature. The results showed that the proposed IT solution improved consumers’ perceived procedural justice, interactive justice, and distributive justice and increased their psychological comfort in using our application design and in turn reduced their privacy concerns, enhanced their privacy awareness, and increased their information disclosure intentions and actual disclosure behavior in practice. Our proposed design can provide consumers better privacy protection while ensuring that consumers voluntarily disclose personal information desirable for companies.

A Survey on Privacy Preservation in Location-Based Mobile Business

2021 ◽  
Vol 13 (1) ◽  
pp. 20-39
Author(s):  
Ahmed Aloui ◽  
Okba Kazar
Keyword(s):  
Privacy Protection ◽  
Privacy Preservation ◽  
Service Providers ◽  
Personal Information ◽  
Third Party ◽  
Mobile Business ◽  
Protection Measures ◽  
System Architectures ◽  
Protection Goals ◽  
Privacy Issues

In mobile business (m-business), a client sends its exact locations to service providers. This data may involve sensitive and private personal information. As a result, misuse of location information by the third party location servers creating privacy issues for clients. This paper provides an overview of the privacy protection techniques currently applied by location-based mobile business. The authors first identify different system architectures and different protection goals. Second, this article provides an overview of the basic principles and mechanisms that exist to protect these privacy goals. In a third step, the authors provide existing privacy protection measures.

Sign in / Sign up

Export Citation Format

Share Document