Designing Evidence‐based Disclosures: A Case Study of Financial Privacy Notices

Garrison, Loretta; Hastak, Manoj; Hogarth, Jeanne M.; Kleimann, Susan; Levy, Alan S.

doi:10.1111/j.1745-6606.2012.01226.x

Cited by 26 publications

(25 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They found that standardized privacy policy presentations allowed users to better understand privacy policies and do so more quickly [17]. Garrison et al [11] found that a table format significantly improves comprehension of a privacy notice in comparison to other formats, including those currently popular.…”

Section: Communicating Privacymentioning

confidence: 99%

What do online behavioral advertising privacy disclosures communicate to users?

Leon

Cranshaw

Cranor

et al. 2012

Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society

Self Cite

View full text Add to dashboard Cite

Online Behavioral Advertising (OBA), the practice of tailoring ads based on an individual's online activities, has led to privacy concerns. In an attempt to mitigate these privacy concerns, the online advertising industry has proposed the use of OBA disclosures: icons, accompanying taglines, and landing pages intended to inform users about OBA and provide opt-out options. We conducted a 1,505-participant online study to investigate Internet users' perceptions of OBA disclosures. The disclosures failed to clearly notify participants about OBA and inform them about their choices. Half of the participants remembered the ads they saw but only 12% correctly remembered the disclosure taglines attached to ads. When shown the disclosures again, the majority mistakenly believed that ads would pop up if they clicked on disclosures, and more participants incorrectly thought that clicking the disclosures would let them purchase advertisements than correctly understood that they could then opt out of OBA. "AdChoices," the most commonly used tagline, was particularly ineffective at communicating notice and choice. A majority of participants mistakenly believed that opting out would stop all online tracking, not just tailored ads. We discuss challenges in crafting disclosures and provide suggestions for improvement.

show abstract

Section: Communicating Privacymentioning

confidence: 99%

What do online behavioral advertising privacy disclosures communicate to users?

Leon

Cranshaw

Cranor

et al. 2012

Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society

Self Cite

View full text Add to dashboard Cite

show abstract

“…Indeed, providing actionable and timely information in a manner that overcomes these challenges has been a difficult policy issue in many sectors. For example, these same biases affect consumer understanding and decisionmaking with regard to disclosure notices for financial products, and many attempts have been made to improve consumer understanding of such notices (Beshears et al, 2011;Garrison et al, 2012;Consumer Financial Protection Bureau, 2013). Further, the number of consumers who file police reports or take legal action when they become fraud victims is decreasing, although many consumers claim to install antispyware or firewalls on their computers (Javelin Strategy and Research, 2011).…”

Section: Consumer Actions To Improve Data Protection After a Breachmentioning

confidence: 99%

Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information

Ablon¹,

Heaton²,

Lavery³

et al. 2016

View full text Add to dashboard Cite

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions.html.The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest.RAND's publications do not necessarily reflect the opinions of its research clients and sponsors. For more information on this publication, visit www.rand.org/t/rr1187Published by the RAND Corporation, Santa Monica, Calif. © Copyright 2016 RAND CorporationR® is a registered trademark. Cover: Image via pathdoc/Fotoliaiii Preface Data breaches continue to plague private-sector companies, nonprofit organizations, and government agencies. Although spending on cybersecurity continues to grow, companies are still being breached, and sensitive personal, financial, and health information is still being compromised. As of March 2016, 47 states and the District of Columbia have adopted laws that require companies to notify individuals in the event that their personal information is lost or stolen. This report sets out the results of a study of consumer attitudes toward data breaches, notifications that a breach has occurred, and company responses to such events.The report should provide valuable information that can be used by businesses and policymakers as they develop policies and best practices related to information security and data breach response. Moreover, it should be of interest to individuals who conduct business with any organization that holds their personal and confidential data. RAND Institute for Civil JusticeThe RAND Institute for Civil Justice (ICJ) is dedicated to improving the civil justice system by supplying policymakers and the public with rigorous and nonpartisan research. Its studies identify trends in litigation and inform policy choices about liability, compensation, regulation, risk management, and insurance. The institute builds on a long tradition of RAND Corporation research characterized by an interiv Consumer Attitudes Toward Data Breach Notifications disciplinary, empirical approach to public policy issues and rigorous standards of quality, objectivity, and independence.ICJ research is supported by pooled grants from a range of sources, including corporations, trade and professional associations, individuals, government agencies, and private foundations. All its reports are subject to peer review and disseminated widely to policymakers, practitioners in law and business, other r...

show abstract

“…As a result, few efforts on improving the usability of privacy policies were successful. A notable exception is the requirement and subsequent adoption of a standardized privacy notice format in the U.S. financial industry [14].…”

Section: Introductionmentioning

confidence: 99%

“…Previous efforts on making the information in privacy policies more accessible focused on machine-readable formats, such as the Platform for Privacy Preferences (P3P) [38], or on improving the usability of notice formats [14,21,35]. However, such efforts relied on industry action but often lack proper adoption incentives.…”

Section: Introductionmentioning

confidence: 99%

Crowdsourcing privacy policy analysis: Potential, challenges and best practices

Schaub

Breaux

Sadeh

2016

It - Information Technology

View full text Add to dashboard Cite

Privacy policies are supposed to provide transparency about a service's data practices and help consumers make informed choices about which services to entrust with their personal information. In practice, those privacy policies are typically long and complex documents that are largely ignored by consumers. Even for regulators and data protection authorities privacy policies are difficult to assess at scale. Crowdsourcing offers the potential to scale the analysis of privacy policies with microtasks, for instance by assessing how specific data practices are addressed in privacy policies or extracting information about data practices of interest, which can then facilitate further analysis or be provided to users in more effective notice formats. Crowdsourcing the analysis of complex privacy policy documents to non-expert crowdworkers poses particular challenges. We discuss best practices, lessons learned and research challenges for crowdsourcing privacy policy analysis. → Human and societal aspects of security and privacy → Privacy protections, Security and privacy → Human and societal aspects of security and privacy → Usability in security and privacy, Social and professional topics →

show abstract

Designing Evidence‐based Disclosures: A Case Study of Financial Privacy Notices

Cited by 26 publications

References 42 publications

What do online behavioral advertising privacy disclosures communicate to users?

What do online behavioral advertising privacy disclosures communicate to users?

Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information

Crowdsourcing privacy policy analysis: Potential, challenges and best practices

Contact Info

Product

Resources

About