This paper presents a practical method for helping designers create systems that provide users with a reasonable amount of privacy. The privacy risk model developed by the authors involves two parts. The first part is a privacy risk analysis which involves a series of questions to help designers think through specific privacy issues for ubiquitous computing applications. The second part of the model looks at privacy risk management and is a cost-benefit analysis intended to help designers prioritize privacy risks and manage the corresponding issues.
The risk analysis looks at the users of the system, the kinds of information shared, the value in sharing information, the technology that captures personal information, how the information is shared, and the quality of the information shared, among other issues.
The risk management aspect of the model takes the list of privacy risks identified, prioritizes them and helps design teams identify solutions. Each risk is then reviewed based on the following criteria:
- L = Likelihood of an unwanted disclosure of personal information
- D = Damage that will happen with the disclosure
- C = Cost of adequate privacy protection
The authors note that design teams should provide a reasonable amount of privacy protection but not so much that it becomes prohibitive to build and deploy an application or significantly reduces the utility of the application.
After the risks have been assigned to the L, D, C categories, designers should prioritize risks, choose the risks to address, and identify solutions.
The authors then use this model in two case studies to help inform the design.
|
