A model for system developers to measure the privacy risk of data
This work addresses privacy risk assessment for system developers, but it is incremental as it builds on existing knowledge and focuses on a specific domain.
The authors tackled the problem of measuring users' perceived privacy risk when disclosing data in software systems by proposing a model based on data sensitivity, visibility, and relevance, tested with a survey of 151 participants, finding that visibility had the highest impact on risk.
In this paper, we propose a model that could be used by system developers to measure the privacy risk perceived by users when they disclose data into software systems. We first derive a model to measure the perceived privacy risk based on existing knowledge and then we test our model through a survey with 151 participants. Our findings revealed that users' perceived privacy risk monotonically increases with data sensitivity and visibility, and monotonically decreases with data relevance to the application. Furthermore, how visible data is in an application by default when the user discloses data had the highest impact on the perceived privacy risk. This model would enable developers to measure the users' perceived privacy risk associated with data items, which would help them to understand how to treat different data within a system design.