ISRI Seminar Series The PhD Program in Computation, Organizations & Society presents: Clare-Marie Karat and Carolyn Brodie, IBM T. J. Watson Research Center Thursday, 17 March 2005, 12 pm, NSH 1507 Lunch will be provided TWO SHORT TALKS Methods for Ensuring Compliance with Privacy Policies in Organizations User-Centered Design of the SPARCLE Privacy Management Workbench ABSTRACTS: Methods for Ensuring Compliance with Privacy Policies in Organizations Carolyn Brodie Privacy is a concept which received relatively little attention during the rapid growth and spread of information technology through the 1980's and 1990's. Design to make information easily accessible, without particular attention to issues such as whether an individual had a desire or right to control access to and use of particular information was seen as the more pressing goal. We believe that there will be an increasing awareness of a fundamental need to address privacy concerns in information technology, and that doing so will require an understanding of policies that govern information use accompanied by development of technologies that can implement such policies. In this talk, I will first discuss the results of an architectural analysis. This analysis highlights the degree to which privacy and security technology that is either available or currently the subject of research can be used to meet organizational needs for enforcing privacy policies and ensuring compliance in regards to privacy. Based on the analysis performed by the IBM T. J. Watson Privacy Technology team, I will demonstrate interaction methods that we designed, prototyped, and tested with privacy professionals in the areas of privacy policy implementation and compliance checking across two iterations of the prototype. The SPARCLE Privacy Management Workbench project highlights the use of business requirements we have identified to analyze existing technology and on-going research to identify approaches to addressing these requirements, and iteratively designing and validating a prototype with target users for flexible privacy technologies. (Joint work with John Karat and Clare-Marie Karat.) User-Centered Design of the SPARCLE Privacy Management Workbench Clare-Marie Karat The Privacy Technology team at the IBM T J Watson Research Center began three years ago with the mission to develop an integrated set of privacy solutions for organizations to manage the personal information that they collect and store within their heterogeneous configurations. In the first year of the research project, we identified key user requirements for privacy management by organizations through an email survey of privacy professionals in organizations in North America, Europe and Asia. We conducted in-depth interviews with a subset of the privacy professionals to understand additional requirements within the context of scenarios of use of personal information in organizational business processes. We then developed and iterated on the design of the SPARCLE privacy management workbench with feedback from customers in scenario-based design walkthrough sessions in North America and Europe. The initial task-based steps in using the SPARCLE prototype will be illustrated, including creating privacy rules in natural language with a guide and through structured lists, parsing the privacy rule elements, and transforming the rules to XML. Results of an empirical study comparing the usability and effectiveness of the two methods of authoring privacy policy rules will be discussed. (Joint work with John Karat and Carolyn Brodie.) BIOS: Carolyn Brodie (brodiec@us.ibm.com) is a Research Staff Member at IBM's T. J. Watson Research Center. Dr. Brodie's current research focuses on the design and development of usable privacy and security functionality for organizations. She received her Ph.D. from the University of Illinois at Urbana-Champaign in Computer Science in 1999 where she developed a methodology for the design of military planning tools. Additional research interests include personalization of websites, and the use of collaboration tools to enhance information flow in organizations. Clare-Marie Karat (ckarat@us.ibm.com) is a Research Staff Member at the IBM TJ Watson Research Center. Dr. Karat conducts HCI research in the areas of privacy, security, and personalization. She is the editor of the book Designing Personalized User Experiences in eCommerce, published in 2004. She is an editorial board member of the ACM interactions, the British Computer Society's Interacting with Computers, and Elsevier's International Journal of Human Computer Studies journals; a reviewer for the IEEE Security and Privacy journal; and a technical committee member of the CHI, HFES, and INTERACT conferences, the Symposium on Usable Privacy and Security, and the User Modeling Personalization and Privacy Workshop.