Presentation is loading. Please wait.

Presentation is loading. Please wait.

Visualizing privacy Aleecia M. McDonald. Overview The Gramm-Leach-Bliley (GLB) Act  Selected portions from An Evaluation of the Effect of US Financial.

Similar presentations


Presentation on theme: "Visualizing privacy Aleecia M. McDonald. Overview The Gramm-Leach-Bliley (GLB) Act  Selected portions from An Evaluation of the Effect of US Financial."— Presentation transcript:

1 Visualizing privacy Aleecia M. McDonald

2 Overview The Gramm-Leach-Bliley (GLB) Act  Selected portions from An Evaluation of the Effect of US Financial Privacy Legislation Through the Analysis of Privacy Policies Privacy text is hard  Privacy Mad Libs example  Privacy bingo cards Making GLB more useable  Evolution of a Prototype Financial Privacy Notice What happens in practice?  Privacy practices of Internet users: Self-reports versus observed behavior Privacy images are hard  Privacy Pictionary / Time’s Up

3 What is the Gramm-Leach-Bliley (GLB) Act?

4 Senator Gramm (R, Texas)

5 What is the Gramm-Leach-Bliley (GLB) Act? Senator Gramm (R, Texas) Representative Leach (R, Iowa)

6 What is the Gramm-Leach-Bliley (GLB) Act? Senator Gramm (R, Texas) Representative Leach (R, Iowa) Representative Bliley (R, Virginia)

7 What is the Gramm-Leach-Bliley (GLB) Act? Enacted November 12, 1999 Effective November 13, 2000 Not primarily privacy legislation  A.K.A. Financial Services Modernization Act of 1999  Modernization = ?

8 What is the Gramm-Leach-Bliley (GLB) Act? Enacted November 12, 1999 Effective November 13, 2000 Not primarily privacy legislation  A.K.A. Financial Services Modernization Act of 1999  Modernization = Mergers  Financial services includes: banks, stock brokerage companies, and insurance companies

9 Why does the GLB address privacy? New privacy concerns arise from future mergers  What happens when your mortgage company talks to your health insurance company? Existing privacy issues  November 1997, Charter Pacific Bank sold millions of credit card numbers to an adult website company.  1998, NationsBank shared information with affiliated stock brokerage. Sold high-risk investments to senior citizens.  , Memberworks telemarketers. 19/25 top banks. International issues  1995, the EU passed the Data Protection Directive.  Initial Safe Harbor proposal did not include the financial industry.

10 Privacy provisions in GLB Must store personal information securely  ensure security and confidentiality  protect against anticipated threats  protect against unauthorized access that could substantially harm or inconvenience customers Must give notice of policies about sharing personal financial information Must give option to opt-out of some sharing No sale of specific data for marketing Pretexting banned

11 Privacy provisions in GLB Must store personal information securely  ensure security and confidentiality  protect against anticipated threats  protect against unauthorized access that could substantially harm or inconvenience customers Must give notice of policies about sharing personal financial information Must give option to opt-out of some sharing No sale of specific data for marketing Pretexting banned

12 Privacy protection exceptions Disclosure to affiliates  No notice required  No ability to opt out  Free information flow within entire “corporate family” - can be companies, not all financial Joint marketing disclosure  No notice required  No ability to opt out  Can flow all through the second “corporate family”

13 What is in a GLB Privacy Notice? Clear, conspicuous, and accurate statement of the company's privacy practices What information the company collects about its consumers and customers With whom it shares the information How it protects or safeguards the information Applies to "nonpublic personal information"

14 Who Gets Notice? Have you seen a GLB notice? Have you read a GLB notice?

15 Who Gets Notice? Have you seen a GLB notice? Have you read a GLB notice? Goes to all new customers Goes out annually to all customers

16 Who Gets Notice? Have you seen a GLB notice? Have you read a GLB notice? Goes to all new customers Goes out annually to all customers Do notices get noticed? How does this compare to privacy indicators in web browsers?

17 Did GLB help? Part I: More clarity

18 Did GLB help? Part II: Sharing alike

19 Did GLB help? Part III: Joint market increase

20 Are notices readable? 85% of adults have a high school degree 25% have one or more college degrees Reading level usually three grade levels lower 8th grade recommended for general population July, 2001: Privacy Rights Clearinghouse study, average is 15.6 GLB legislated policies must be “reasonably understandable” yet policies are at college reading level

21 Are notices readable? GLB enacted July 2001 Source: An Evaluation of the Effect of US Financial Privacy Legislation Through the Analysis of Privacy Policies Steve Sheng and Lorrie Faith Cranor

22 What makes notices harder to read? Complexity  Long line length with lots of clauses  Big words Jargon  “But I don’t want to default” Legal writing  When is the last time you read a contract for fun?  Being informal can create legal liability Corporate incentive for “weasel words”  Passive voice endemic

23 Privacy Mad Libs A " " is a who has a " relationship" with a financial institution. A " relationship" is a continuing relationship with a.

24 Privacy Mad Libs A " " is a who has a " relationship" with a financial institution. A " relationship" is a continuing relationship with a. A "customer" is a consumer who has a "customer relationship" with a financial institution. A "customer relationship" is a continuing relationship with a consumer.

25 Privacy Mad Libs A " " is a who has a " relationship" with a financial institution. A " relationship" is a continuing relationship with a. A "customer" is a consumer who has a "customer relationship" with a financial institution. A "customer relationship" is a continuing relationship with a consumer.

26 Privacy Mad Libs A " " is a who has a " relationship" with a financial institution. A " relationship" is a continuing relationship with a. A "customer" is a consumer who has a "customer relationship" with a financial institution. A "customer relationship" is a continuing relationship with a consumer.  Source: The Federal Trade Commission’s explanation of the Gramm-Leach-Bliley Act

27 Maybe it’s just the FTC… Perhaps it’s hard to write about writing policies but the policies themselves are clear and useable. Perhaps the FTC hired exceptionally bad staff.

28 Maybe it’s just the FTC… "An affiliate is a company we own or control, a company that owns or controls us, or a company that is owned or controlled by the same company that owns or controls us. Ownership does not mean complete ownership, but means owning enough to have control." (Seattle Savings Bank)

29 Maybe it’s just the FTC… "An affiliate is a company we own or control, a company that owns or controls us, or a company that is owned or controlled by the same company that owns or controls us. Ownership does not mean complete ownership, but means owning enough to have control." (Seattle Savings Bank) "We share your non-public personal public information only with contractual safeguards to protect the confidentiality of your information." (UniTrust)

30 Maybe it’s just the FTC… "An affiliate is a company we own or control, a company that owns or controls us, or a company that is owned or controlled by the same company that owns or controls us. Ownership does not mean complete ownership, but means owning enough to have control." (Seattle Savings Bank) "We share your non-public personal public information only with contractual safeguards to protect the confidentiality of your information." (UniTrust) "In the opt-out election, you will have the option of including or excluding the Credit Union from your opt- out election." (UniTrust)

31 Privacy Buzzword Bingo

32 Making GLB more useable Evolution of a Prototype Financial Privacy Notice: A Report on the Form Development Project (February 28, 2006, Kleimann Communications Group, Inc.) Six federal agencies’ project to do better  Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Federal Trade Commission, National Credit Union Administration, Office of the Comptroller of the Currency, and the Securities and Exchange Commission.  Explore why consumers don’t read and understand privacy notices  Develop notices that are easier for consumers to understand and use Phase I: complete  8 test sites  16 month iterative cycle for prototype Phase II: quantitative study to assess the prototype

33 Project Goals: Paper Prototype Comprehension. The prototype must enable consumers to understand the basic concepts behind the privacy notices and understand what to do with the notices. It must be clear and conspicuous as a whole and readily accessible in its parts. Comparison. The prototype must allow consumers to compare information sharing practices across financial institutions and to identify the differences in sharing practices. Compliance. The content and design of the alternative privacy notices must include the elements required by the GLBA and the affiliate marketing provision of the Fair and Accurate Credit Transactions Act.

34 Good design: necessary but not sufficient Table design worked best Two page design with more details available for those who want them (definitions and GLB mandated notices) “We learned that we needed to include an educational component in the notice as consumers had no prior understanding of information sharing practices.”

35 Four Parts of the Design Title Frame Disclosure Table Opt-out Form

36 The Title Attract consumers’ attention so that they will read the notice Avoids inflammatory language Helps consumers understand that the information is from their own financial institution Their personal information is currently being collected and used by the bank Does not explicitly mention consumer rights

37

38 The Frame Problem: customers uninformed about financial privacy Need basic information about financial sharing practices to understand the notice The Frame provides context and supports the core information about a financial institution’s sharing practices  Key frame: heart of ensuring comprehension  Secondary frame: nice to have (FAQs, details, mandates)

39

40

41 The Disclosure Table Goals:  Understand information about financial sharing policies and their personal information  Can compare sharing practices across financial institutions Seven basic reasons a financial institution can share information  What is being shared  What can customers opt-out of  Enables direct comparison between companies

42

43 The Opt-out Form On a separate page to make it easy to mail in Designed to help consumers understand how to opt-out Structured by type of sharing consumers can opt- out of Given the GLB: does this seem to do a good job?

44

45

46 Four testing methods Focus groups  What a group of consumers thinks about privacy notices  What they see as barriers to understanding them  Do not tell the researcher what a consumer will actually do with a notice Preference testing  In-depth one-on-one interviews  Preferences for vocabulary, headings, notice components, and ordering Pretests  Dry run of the diagnostic usability test  Validates the methodology Diagnostic usability testing (structured + unstructured)  how the individual participant actually works with a document  elicits reaction to the information to target and diagnose problems  iterative process; adjustment with successive test rounds

47 Lessons Learned: Focus Group People did not read the old style notices  Type was too small, particularly for seniors  Small font signaled unimportant information  Important information was grey on black  Four pages was too much to read  Customers expect banks are trying to conceal information People believed that all privacy notices were the same  Regulations mean uniformity  Can change at any time so meaningless  Did not understand there are opt-out choices  Choose a bank for free checking and not privacy policies

48 Lessons Learned: Pretest Customers did not understand the purpose of notices  In essence: wrong mental model  Thought notice was requesting personal information  Lacked context to understand the text Opt-out was confusing  Unexpected  Did not have the context to understand the choices  Too much information

49 Lessons Learned: Pretest “None of the designs worked” “In the end, it did not matter if we changed the test scenario, provided them with more time to ‘study’ the information, or tutored them during the session. Participants had too little of their own context about financial sharing information to understand the content of the notices. Since they had no basis for or understanding of the information in the notices, the designs simply weren’t working in their current format or with their current content.”

50 Lessons Learned: Usability Testing Customers do care what happens to their information Indicated they would read the new notices Understood why they got the notice and “much of” the content Recognized opt-out form as an action item Layout improved comprehension Word choice matters Could compare side-by-side policies Standardization can actually be confusing

51 Are we there yet?

52 In closing: Six meta-themes Keep it simple Good design matters Can design to avoid bias Whole-to-part design is critical  “Without context, they understood virtually nothing” Standardization is effective Disclosure table is critical

53 Overview revisited: We are here The Gramm-Leach-Bliley (GLB) Act  Selected portions from An Evaluation of the Effect of US Financial Privacy Legislation Through the Analysis of Privacy Policies Privacy text is hard  Privacy Mad Libs example  Privacy bingo cards Making GLB more useable  Evolution of a Prototype Financial Privacy Notice What happens in practice?  Privacy practices of Internet users: Self-reports versus observed behavior Privacy images are hard  Privacy Pictionary / Time’s Up

54 Essential tension In survey after survey, people say they are very concerned about privacy and it is a decision making factor Other forms of data analysis suggest this is not true (log files, for instance) Is there a gap between what people say and what people do?

55 Four part study 175 participants recruited via and web in No compensation minutes, topic known. Basic demographic survey Survey of privacy values and attitudes Knowledge test Pair-wise comparisons of privacy indicators

56 Basic demographic survey 2/3rds in education More highly educated than Internet population (16.2 v years of school) Self-selected More men than women (74% v. 26%)  Women reported lower levels of computer expertise Comfortable with e-commerce and computers Installed software (38%) or taken other steps (43%) to protect online privacy

57 Survey of privacy values and attitudes Motivation: was Westin right?  Privacy fundamentalists  Privacy pragmatists  Privacy unconcerned Five questions on a five-point Likert-scale:  I am concerned about online identity theft  I am concerned about my privacy online  I am concerned about my privacy in everyday life  I am likely to read the privacy policy of an ecommerce site before buying anything  Privacy policies accurately reflect what companies do

58 Knowledge test Perception gap: subjects over-report their understanding of privacy issues as well as willingness to act Tested knowledge of three areas:  Cookies  Web bugs  P3P and third party cookies Asked to rate level of concern Asked why the technology matters (two correct, three incorrect reasons)

59 Knowledge test CookiesWeb bugsP3P Claim knowledge 90%35%21% False claim85%83%75% Overall knowledge 14%5% Fundamentalists do not know more - they just worry more

60 Pair-wise comparisons of privacy indicators

61

62 Twelve factors for decision making Price  20% discount = $5 SSL indicator Use of 3-party cookies and P3P  IE blocked cookie icon An address A phone number A postal address TRUSTe privacy seal Credit card symbols Four different privacy policies:  User centered - good  User centered - bad  Company centered - good  Company centered - bad

63 Regression model of factors 1. TRUSTe seal 2. User centered - good policy 3. Company centered - good policy 4. Company centered - bad policy 5. User centered - bad policy 6. Phone number 7. Address 8. Price discount 9. Credit card symbols 10. SSL indicator 11. address

64 Factors, a deeper look There is a preference for good policies over bad Under 30% of participants looked at the privacy policies  Not much difference between Westin groups  Policy itself serves as a trust mark TRUSTe dominates in part because people do not read privacy policies  Even more significant for women Do subjects even see the P3P/third party cookie and SSL indicators? Or understand them? No fit at all for a regression model for Fundamentalists

65 Any questions before we play?

66

67 David Brin’s Happy World of Equals

68 Competing Views of Online Privacy “Privacy is dead, deal with it”  Scott McNealy, CEO of Sun MicroSystems “My aim all along has been to suggest that the promoters of anonymity and secrecy are basing their zeal on untested assumptions and bear a burden of proof before we consign our destiny to their transcendental vision of salvation through encryption.”  David Brin, The Transparent Society “A full-on privacy rebellion won't be pretty, it won't be non-violent and people will get hurt.”  Brock N. Meeks, opinion piece for MSNBC


Download ppt "Visualizing privacy Aleecia M. McDonald. Overview The Gramm-Leach-Bliley (GLB) Act  Selected portions from An Evaluation of the Effect of US Financial."

Similar presentations


Ads by Google