Privacy Incidents Database - July 2016
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Jessica Staddon
Researchers: Pradeep Murukannaiah
This project is building the first comprehensive encyclopedia and database of privacy incidents. Most privacy incidents, such as cyber-bullying/slander/stalking, revenge porn, social media oversharing, data reidentification and surveillance, do not involve a security breach. Therefore, such incidents are not represented in current security incident databases. This lack of a centralized resource leads to widely varying measurements, for example, the Privacy Rights Clearinghouse datafinds less than 400 data breach incidents in 2014, whereas based on proprietary data from 70 companies and organizations, Verizon finds over 2000 breaches in 2014. Our publicly accessible database will enable the privacy technology and policy communities to reach consensus around patterns in privacy incidents.
HARD PROBLEM(S) ADDRESSED
- Policy-Governed Secure Collaboration:
-
The patterns and characteristics of security incidents are a significant driver of security technology innovation. Patterns are detected by analyzing repositories of malware/viruses/worms, incidents affecting control/SCADA systems, general security alerts and updates and data breaches. This project is building the repository to enable the identification of patterns in incident root causes, entities, location, etc., that will inform product and policy development and privacy training.
-
PUBLICATIONS
- Invited session at the Privacy Law Scholars' Conference (PLSC): "PrIncipedia: A Privacy Incidents Encyclopedia" to discuss the linked paper and the database itself.
ACCOMPLISHMENT HIGHLIGHTS
The database at https://go.ncsu.edu/privacyincidents currently has 250 privacy incidents. The scope and content of the database has been vetted with the Amazon Mechnical Turk community as well as privacy professionals from law and policy. An initial classifier has been built to support automated population of the database.