Misuse of Data, Data Breaches, and Privacy & Security Policies
The last issue of the Journal of Information Privacy and Security (JIPS) for 2017 contains nine articles and one book review. The issue of privacy and security is increasingly important as we move toward a more technological future. The discussion of these articles focuses on the importance of the protection of personal information on the Internet and social network as well as the policies to help minimizing the misuse of data. In the Book Review section, Dr. Arslan reviews the book titled “The Complete Privacy & Security Desk Reference-Volume I Digital” by Michael Bazzell and Justin Carroll. More details are as follows:
The first article titled “Future of Privacy and Security – The Four Horsemen” by Choton Basu, the founding editor of the JIPS. This article is a commentary on the future of the privacy and security field. In this article, the author looks at the four key issues could significantly shape the field and impact society in significant ways. The article discusses the topics of Net Neutrality (and US Internet Privacy Laws), Internet of Things, Human Genome (Medical), and Cryptocurrency. This is an opinion paper that is based on current topics, trends, discussions, events and also the editorial and review work done as the editors of JIPS over 12 years. Processing articles that impact technology, regulation, legal, social and policy has helped shape this vision. It is the author’s assessment that these four trends (each) have the potential to change society forever.
The second article titled “A Study of Web Privacy Policies across Industries” by Razieh Nokhbeh Zaeem and K. Suzanne Barber brings to light the shocking rate at which industries misuse their customers Personal Identification Information (PII). The authors conducted studies on 600 companies and found similar trends in each company. The study revealed that companies often misuse their customers PII and some do not even have any privacy policies in place. Zaeem and Barber’s findings in these studies can be used to create better privacy policies for companies and help to educate customers on these policies.
In the third article titled “Long-Term Market Implications of Data Breaches, Not”, the authors Russell Lange and Eric Burger assessed the impact of data breaches. They not only addressed the effects these breaches have on the company’s performance and the costs that come with the breach, but also focused on the toll it takes on the customers and peer companies. Citigroup conducted research into these breached companies and found that on average the impact did minimal damage to the companies, but still had negative effects on the company’s stock and performance.
The fourth article titled “Who Uses Mobile Apps to Meet Strangers: The Roles of Core Traits and Surface Characteristics”. The authors Lixuan Zhang, Iryna Pentina, and Wendy Fox Kirk investigated the concept of social networking sites, specifically WeChat, a social networking site, that is highly popular in China. The authors studied how individuals interacted with the social networks and examined the traits of individuals who used the social features of WeChat. They found that users were not only putting up personal information about themselves like gender, relationship status, and pictures, they were also sharing their location. The authors found that because this information was available, unfortunately there were cases of stalking, harassment, and rape. This research has brought to light huge problems with sharing personal information on social networking sites, and these authors stress the need for users to be more aware of the potential risks of disclosing such information on these sites.
The fifth article titled “RSVP a temporal method for graphical authentication” by Ashley Cain and Jeremiah Still discussed the concern about the increasing lack of security of passwords and sensitive information. The author(s) suggested alternative authentication methods that are quick and easy, and do not reveal passwords. This Rapid, Serial, Visual Representation method (RSVP) method makes it harder for attackers to obtain a password and easier for authentication. In this study, the author(s) discussed how easily participants could recognize passcode targets and launch the attacks. By performing the authentication using the RSVP method, it was reported that none of the participants that had the role of attacker could identify a single passcode. Thus, they conclude that there are better alternatives for authentication which can be used to eliminate public attacks on passcodes.
The sixth article titled “Cultural and Generational Influences on Information Privacy Concerns within Online Social Networks: An Empirical Evaluation of the Miltgen and Peyrat-Guillard Model” by Faruk Arslan and Niharika Dayyala dives into the importance of information security and calls for a deeper investigation of individuals’ information privacy beliefs and behaviors. This article aims at testing the effectiveness of the Miltgen and Reyrat-Guillard model and explaining information privacy behavior of social network site users. The results reported that older individuals (aged 45 and over) perceive higher levels of risks associated with data misuse and tend to be more concerned about their information privacy. They also found that younger individuals tend to share this view as well and that they also recognize the risks of data misuse. This study provides an interesting insight on how people view concerns regarding information privacy and a better understanding of the influences that information privacy has on social networks.
The seventh article titled “Predicting Information Security Policy Compliance Intentions and Behavior for Six Employee-Based Risks” by Tatyana Ryutov, Nicole Sintov, Mengtian Zhao, and Richard John discusses the concern that employees non-compliance with organizational information security policies poses a significant threat to information security. The authors list out six user based risks that can harm employees which are social engineering risk, password related risk, social media risk, security management risk, cloud computing risk, and bring your own device (BYOD) risk. These six information risks pose as huge threats for the security of information in the work place. To prove this, the authors conduct a study to see how compliant employees are with ISPs standards. The study findings revealed that employees believe complying with security protocol interferes with their work, and they are more likely to have negative attitudes toward security policies. This study should provide a better understanding of compliance behavior is a crucial element for improving security.
In the eighth article titled “Development of Internet of Things-related Monitoring Policies,” Gundars Kaupins and Janet Stephens define the Internet of Things (IoT) as a loosely defined term describing Internet-connected sensors that among other capabilities, enable companies to monitor individuals. As new privacy related challenges are rising, these challenges call for new privacy policy changes. The authors then investigate existing privacy policies and IoT-related research to provide IoT privacy policy recommendations. This study reveals problems with corporate privacy policies and presents recommendations on how to change and fix those polonies.
The ninth article titled “Utilizing Normative Theories to Develop Ethical Actions for Better Privacy Practices” by Zareef A. Mohammed, Gurvirender P. Tejay, and Joseph Squillace examine the privacy practices in organizations. The authors proposed a set of ethical actions based on six normative theories and conducted multiple case study approach to study three prominent data breaches. Based on the findings, the authors then proposed privacy principles of contextually based privacy approach, developing dyadic trust, virtuous character, balancing privacy obligations, and emphasizing privacy-related societal responsibility. The study contributed theoretically by encouraging ethics within an organization which could help strengthen the privacy practices.
In the Book Review section, Faruk Arslan reviews the book titled “The Complete Privacy & Security Desk Reference-Volume I Digital” by Michael Bazzell and Justin Carroll. The book consists of nine chapters providing the readers with techniques and strategies for basic data protection. The authors also discuss the foundation for more sophisticated strategies. In conclusion, Dr. Arslan states that “Overall, the authors have done a good job with providing a rich set of practical guidance on a variety of digital security and privacy matters.”
The editors also want to acknowledge and thank all the authors that have worked with us in growing the field and contributing to knowledge of privacy and security. Sometimes there is no direct reward for this activity but over time the work and contributions of the authors help shape policy and regulation and even develop technology to help society. It is important for us to recognize that from time to time. It has been 12 wonderful years of working with JIPS and we will try to find creative ways to keep moving the journal forward. It has been a terrific experience getting to interact with all of you and build this body of knowledge together.