Questions for Privacy Risk Modeling
In 2004, my colleagues and I published a paper called Privacy risk models for designing privacy-sensitive ubiquitous computing systems . This paper posed a series of questions about user interface design, system design, and organizational issues that one should consider with respect to privacy when designing new ubicomp systems. In a recently published chapter in the book Mobile Sensing in Psychology: Methods and Applications , I offer an updated version of these questions, shared below. Design Issues • What kinds of personal information are sensed or gathered (e.g., name, email)? • How sensitive is the data? If leaked, can the data be easily linked to a specific individual? • Is there a clear value proposition for end users for sharing their personal data? Is this value proposition clear to end users? • Does this data collection match people’s expectations about the app? For example, it makes sense for a sleep monitor to use a microphone but perhaps not for a food diary app. • F