Privacy Incidents Database - April 2016

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Jessica Staddon
Researchers: Pradeep Murukannaiah

HARD PROBLEM(S) ADDRESSED

•  Policy-Governed Secure Collaboration:

  • The patterns and characteristics of security incidents are a significant driver of security technology innovation. Patterns are detected by analyzing repositories of malware/viruses/worms, incidents affecting control/SCADA systems, general security alerts and updates and data breaches. For most types of privacy incidents there are no repositories. Privacy incidents that do not involve a security breach, such as cyber-bullying/slander/stalking, revenge porn, social media oversharing, data reidentification and surveillance, are not represented in the current repositories.  Our project is building the first comprehensive encyclopedia and database of privacy incidents. This publicly-accessible repository will enable tracking of incident rates and characteristics such as involved entities and incident root causes. The repository will provide a resource for privacy researchers to investigate the patterns of a broad range of privacy incidents, and the incident patterns surfaced by the database will help inform privacy technology development globally.

ACCOMPLISHMENT HIGHLIGHTS

• Launched initial version of the database: http://go.ncsu.edu/privacyincidents

• Began development of a classifier to automatically detect incidents from news stories

• Designed user studies to test precision and recall of classifier and inform an incident taxonomy, applied for IRB approval