Master of Information Systems Management
frame_left
frame_left
Research  >  Information Privacy

Information Privacy 

In today’s very complex world, determining what kinds of privacy measures to initiate and maintain is not a simple task. For example, how much information do organizations have about us and how are they using it? How do we balance individual rights with the increased need for information sharing to protect against terrorist attacks? Carnegie Mellon researchers look at privacy from two different perspectives. Alessandro Acquisti studies the impact of privacy on individuals, while George Duncan, and colleagues Ramayya Krishnan, Rema Padman and Steve Roehrig look at privacy issues from an organizational (both public and private) point of view.

Are people really serious about online privacy?

Alessandro Acquisti investigates the differences between privacy attitudes and actual behavior. While surveys report that most individuals are concerned about the security of their personal information and are willing to act to protect it, experiments reveal a very different story: very few individuals actually take any action to protect their Information Privacypersonal information, even when doing so involves limited costs.

In the world of online transactions, for example, individuals who claim they are concerned about their personal information act in different ways when an information-sensitive situation arises. Some complete transactions without actually protecting personal information. Some give away information for small rewards or even falsify the information they provide. And some avoid information risks altogether by aborting the transactions thus ignoring protecting technologies.

Acquisti and University of California at Berkley colleague, Jens Grossklags, have been analyzing the causes of this dichotomy, and looking into which economic considerations are likely to affect individual choice.

IMPACT: Understanding the dichotomy between privacy and security attitudes and actual behavior will make it possible to formulate more effective information policy and technology approaches that will strengthen personal information security and privacy.

How can government know enough – but not too much?

In the United States and Europe, citizens see their right to privacy as being inalienable. Yet extraordinary amounts of information – detailed, personal, “mission-critical” to our lives – exist in a number of government databases. While on the one hand, this is data vital to policy development and implementation, it is, at the same time, unnervingly accessible. It is this fundamental tension that Carnegie Mellon researcher George Duncan explores.

In his essay, “Exploring the Tension Between Privacy and the Social Benefits of Governmental Databases,” Professor Duncan examines the role of information – and its protection – in our society, and of the sometimes precarious balance between the need to gather information, the need to know its contents and the need to disseminate it.

A number of strategies and guiding principles are offered in the essay and in other research that apply to data stewardship, and to the public policies that use private information as their foundation.

IMPACT: In our post-September 11th world, data security has become a consistently sensitive tradeoff between need-to-know and right-to-privacy. Understanding how to balance data utility with the disclosure risk associated with it is key to maintaining our national commitment to private lives and public policy.

How to balance privacy & confidentiality concerns with the need for access in healthcare?

This is an issue that George Duncan, Ramayya Krishnan, Rema Padman and Steve Roehrig have been investigating. Using mathematical and optimization models to look at tradeoffs between privacy and access, the researchers are finding better ways to detect and prevent privacy violations, while ensuring that the right health care professionals get the information they need to best treat patients. The research also examines ways to prevent disclosure of confidential information. Using integer programming techniques, the researchers suggest ways to give information to those who need it while protecting the confidentiality of sensitive “raw” data.

Protecting online privacy: self-regulation, mandatory standards, or caveat emptor.

How to protect online privacy is an area of focus for Carnegie Mellon researcher Michael D. Smith. In a recent paper, Smith, along with Carnegie Mellon colleague Zhulei Tang and MIT colleague Jeffrey Yu, explores under what circumstances each of these privacy protection regimes will produce optimal outcomes for customers, retailers and society. Using analytic models of asymmetric information, the researchers’ results so far show that the optimal privacy protection regime depends critically on the characteristics of the market – the number of individuals who face a loss from privacy violations and the size of the loss they face.

Select Information Privacy Papers and Publications

© 2006 Carnegie Mellon.