Visible to the public Privacy Incidents Database - April 2017Conflict Detection Enabled

Submitted by drwright on Mon, 03/20/2017 - 8:06pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Jessica Staddon
Researchers: Esha Sharma, Pradeep Murukannaiah

This project is building the first comprehensive encyclopedia and database of privacy incidents. Most privacy incidents, such as cyber-bullying/slander/stalking, revenge porn, social media oversharing, data reidentification and surveillance, do not involve a security breach. Therefore, such incidents are not represented in current security incident databases. This lack of a centralized resource leads to widely varying measurements, for example, the Privacy Rights Clearinghouse datafinds less than 400 data breach incidents in 2014, whereas based on proprietary data from 70 companies and organizations, Verizon finds over 2000 breaches in 2014. Our publicly accessible database will enable the privacy technology and policy communities to reach consensus around patterns in privacy incidents.

HARD PROBLEM(S) ADDRESSED

  •  Policy-Governed Secure Collaboration:

    • The patterns and characteristics of security incidents are a significant driver of security technology innovation. Patterns are detected by analyzing repositories of malware/viruses/worms, incidents affecting control/SCADA systems, general security alerts and updates and data breaches. This project is building the repository to enable the identification of patterns in incident root causes, entities, location, etc., that will inform product and policy development and privacy training.

 

PUBLICATIONS

  • "Is this a privacy incident? Using news exemplars to study end user perceptions of privacy incidents", P. Murukannaiah, J. Staddon, H. Lipford and B. Kinijnenberg. Usable Security Mini Conference (USEC) 2017.

ACCOMPLISHMENT HIGHLIGHTS

  • We prototyped a classifier for tweets that are about privacy incidents and are conducting an evaluation of it.

  • We took further steps to socialize the privacy incidents database with the research communities through reports, presentations, and meetings.

Groups: