Embed Size (px)
DESCRIPTION
UWCISA Symposium on Information Systems Assurance 2005. Internet Privacy Research. Framework, Review and Opportunities. University of Waterloo Efrim Boritz Won Gyun No R. P. Sundarraj. Introduction Privacy in E-Commerce Privacy Research Framework Review and Research Opportunities - PowerPoint PPT Presentation
Citation preview
UWCISA Symposium on Information Systems Assurance 2005
Internet Privacy Internet Privacy
ResearchResearch
University of Waterloo
Efrim BoritzWon Gyun No
R. P. Sundarraj
Framework, Review and Framework, Review and
OpportunitiesOpportunities
Introduction
Privacy in E-Commerce
Privacy Research Framework
Review and Research Opportunities
Concluding Remarks
AgendaAgenda
IntroductionIntroductionE-commerce and PrivacyE-commerce and Privacy
InternetInternet
InternetInternet
CompanyCompanyCompanyCompanyCustomerCustomerss
CustomerCustomerss
Personal InformationBetter Services
through Customization
Privacy in E-commerce Privacy in E-commerce Scope and Definition Scope and Definition
Privacy and E-commerce
Invasion of privacy
Unauthorized collection, use, and transfer of personal
information
Risk related to the disclosure of personal information
Privacy as an individual’s right regarding his or her
personal information
Definition
Internet privacy is the individual’s right to access and control
their personal information with respect to its collection, use,
and transfer over the Internet.
Capture IP (Internet Protocol) address
Behavioural information
(Web pages viewed and sequences of visited
pages)
Difficult to link behavioural information with
specific customer information such as
demographics
Capture IP (Internet Protocol) address
Behavioural information
(Web pages viewed and sequences of visited
pages)
Difficult to link behavioural information with
specific customer information such as
demographics
Privacy in E-commercePrivacy in E-commerceHow Companies Collect Personal InformationHow Companies Collect Personal Information
CustomerCustomer
`
CompanyCompanyCompanyCompany
During a registration or ordering process
Name, e-mail, credit card etc.
Does not allow to collect information
beyond demographics
During a registration or ordering process
Name, e-mail, credit card etc.
Does not allow to collect information
beyond demographics
Use of ‘Cookie’
Allow to identify customer
Preferences and behavioural information are
tracked and stored in the cookie.
Use of ‘Cookie’
Allow to identify customer
Preferences and behavioural information are
tracked and stored in the cookie.
Privacy in E-commercePrivacy in E-commerceCustomers’ Privacy ConcernsCustomers’ Privacy Concerns
Increasingly Increasingly CompetitiveCompetitive
E-commerce E-commerce EnvironmentEnvironment
Increasingly Increasingly CompetitiveCompetitive
E-commerce E-commerce EnvironmentEnvironment
Requests for One-to-One Communication and
Personalized Services
Requests for One-to-One Communication and
Personalized Services
Advances in Information Technology
Advances in Information Technology
Readily Available Readily Available
Personal Personal
Information Information
Readily Available Readily Available
Personal Personal
Information Information
Simplicity of Simplicity of
Collection, Storage, Collection, Storage,
Exchange, and UseExchange, and Use
Simplicity of Simplicity of
Collection, Storage, Collection, Storage,
Exchange, and UseExchange, and Use
Personal Information
Personal InformationCompaniesCompaniesCompaniesCompanies
Provide Useful Provide Useful
Marketing TacticsMarketing Tactics
Provide Useful Provide Useful
Marketing TacticsMarketing Tactics
Create Privacy ConcernsCreate Privacy ConcernsCreate Privacy ConcernsCreate Privacy Concerns
One of the Main Concerns of Customers While They Are Shopping Over The Internet (Porter, 2000; Smith et al., 1996)
Increasing Levels of Concern about Privacy among Internet Users (Culnan and Armstrong, 1999; FTC, 2000; Harris Interactive, 2002, 2003)
Easier and More Tempting to Intrude
on Customer Privacy
Easier and More Tempting to Intrude
on Customer Privacy
Privacy in E-commercePrivacy in E-commerceMost Common Three ApproachesMost Common Three Approaches
Governmental regulation
Privacy regulation governing the collection, use, and transfer of personal information
EU directive and PIPEDA (Canada )
Industry self-regulation
Each company is responsible for developing its own privacy policy and deciding
on the degree of information collection and use.
Privacy seals : Third-party enforcement programs for companies’ privacy practices
Privacy enhancing technologies
P3P (Platform for Privacy Preferences Project )
A standardized, machine readable protocol for implementing privacy practices
AT&T privacy bird (www.privacybird.com)
Anonymizer (www.anonymizer.com): Allows to users browse Web pages with
complete anonymity
Studies included in the review
Between 1995 to 2005 in the field of information systems, business and
marketing (There were approximately 210 studies)
71 studies selected based on our definition of Internet privacy.
We excluded studies that investigate the privacy of health information.
Review of Review of Internet Privacy ResearchInternet Privacy Research
Privacy research framework created:
To organize prior studies
To understand entities involved in
internet privacy and interactions between
them
To identify research opportunities
Internet PrivacyInternet Privacy
Factors that might influence or moderate government approach.
e.g., Economic trends (dot.com bubble) and national security (Sept.
11)
Governmental regulation vs. Self-regulation
Factors that might influence or moderate government approach.
e.g., Economic trends (dot.com bubble) and national security (Sept.
11)
Governmental regulation vs. Self-regulation
Research Research on Internet Privacyon Internet Privacy
Liu and Arnett (2002)Liu and Arnett (2002)
Desai, Richards, and Desai Desai, Richards, and Desai
(2003)(2003)
Liu and Arnett (2002)Liu and Arnett (2002)
Desai, Richards, and Desai Desai, Richards, and Desai
(2003)(2003)
Smith (2001) Smith (2001)
Milberg et al. (1995)Milberg et al. (1995)
Smith (2001) Smith (2001)
Milberg et al. (1995)Milberg et al. (1995)
Westin (2003)Westin (2003)
Sheehan (2002)Sheehan (2002)
Sheehan and Hoy Sheehan and Hoy (1999)(1999)
Westin (2003)Westin (2003)
Sheehan (2002)Sheehan (2002)
Sheehan and Hoy Sheehan and Hoy (1999)(1999)
Extent to which companies data collection
activities comply with their stated privacy
policy
The effect of companies’ privacy practices
(short-term and long-term)
Differences in privacy practices across
countries
Extent to which companies data collection
activities comply with their stated privacy
policy
The effect of companies’ privacy practices
(short-term and long-term)
Differences in privacy practices across
countries
Theory-based conceptual framework
Individual’s privacy concerns and
actual privacy behaviour
Difference in customers’ privacy
concerns across different cultures
Theory-based conceptual framework
Individual’s privacy concerns and
actual privacy behaviour
Difference in customers’ privacy
concerns across different cultures
Internet PrivacyInternet Privacy
Do companies provide enough privacy
protections as required by government?
Do governmental regulation approaches
influence companies’ privacy practices?
Do companies provide enough privacy
protections as required by government?
Do governmental regulation approaches
influence companies’ privacy practices?
Are governmental regulations enough
to ensure customers’ privacy concerns?
Do customer concerns influence
government regulation approaches?
Are governmental regulations enough
to ensure customers’ privacy concerns?
Do customer concerns influence
government regulation approaches?
Research Research on Internet Privacyon Internet Privacy
Palmer, Bailey, and Faraj
(2000)
Earp and Baumer (2003)
Palmer, Bailey, and Faraj
(2000)
Earp and Baumer (2003)
Milberg, Smith, and Burke Milberg, Smith, and Burke
(2000)(2000)
Sheehan and Hoy (2000)Sheehan and Hoy (2000)
Milberg, Smith, and Burke Milberg, Smith, and Burke
(2000)(2000)
Sheehan and Hoy (2000)Sheehan and Hoy (2000)
Jamal et al. (2003)Jamal et al. (2003)
Gurau, Ranchhod, & Gauzente Gurau, Ranchhod, & Gauzente
(2003)(2003)
Jamal et al. (2003)Jamal et al. (2003)
Gurau, Ranchhod, & Gauzente Gurau, Ranchhod, & Gauzente
(2003)(2003)
Do companies benefit by addressing
their own concerns about customer
privacy?
Self-reported behaviour vs. Actual
behaviour
Why are privacy seals not popular?
Do companies benefit by addressing
their own concerns about customer
privacy?
Self-reported behaviour vs. Actual
behaviour
Why are privacy seals not popular?
Research Research on Internet Privacyon Internet Privacy
Oth
er Facto
rs(T
echn
olo
gy, S
ocial an
d E
con
om
ical F
actors
, etc.)
Internet PrivacyInternet Privacy
Cranor, Arjula, and Guduru Cranor, Arjula, and Guduru
(2002)(2002)
Rust, Kannan, and Peng (2002)Rust, Kannan, and Peng (2002)
Cranor, Arjula, and Guduru Cranor, Arjula, and Guduru
(2002)(2002)
Rust, Kannan, and Peng (2002)Rust, Kannan, and Peng (2002)Culnan and Bies (2003)Culnan and Bies (2003)Culnan and Bies (2003)Culnan and Bies (2003)
Research in this area is
just beginning to
emerge.
Research in this area is
just beginning to
emerge.
How do customers perceive new privacy
protection technologies?
Short-term and long-term consequences of
loss of privacy to individuals and to society as
a whole
How do customers perceive new privacy
protection technologies?
Short-term and long-term consequences of
loss of privacy to individuals and to society as
a whole
SummarySummary
Addressed Privacy in E-commerce
Introduced a Privacy Research Framework
Reviewed Prior Research on Internet Privacy
Discussed Several Opportunities for Future
Research
Questions & SuggestionsQuestions & Suggestions
