What |
Traditionally, companies have provided privacy notices to consumers in freeform "legalese" that make these notices difficult for average consumers to understand. Furthermore, it is difficult or impossible to use these unstructured privacy notices to compare different companies' privacy practices. Per the 1999 Gramm-Leach-Bliley Act, U.S. financial institutions must send annual privacy notices to their customers, yet these privacy notices for many years suffered from these same issues.
In 2009, however, eight federal agencies jointly released a model privacy notice in a standardized format. Such a standardized privacy notice lets consumers directly compare companies' privacy practices and also enables the first automated, large-scale comparison of privacy practices across an entire industry. This website reflects an ongoing project at Carnegie Mellon University in which we are automatically collecting and analyzing these standardized privacy notices. |
How | We wrote computer programs to automatically search the web for privacy notices that follow the standardized format and to automatically parse these notices and extract the information that is most relevant for consumers. Since this process is completely automated and based on heuristics we developed from examining the specification of the document, our data likely contains errors. We are working on an update to this website that will enable you to report inaccurate data and suggest corrections. Although this website provides the first large-scale look at privacy practices across the financial industry, our automated data-collection procedures similarly mean that we likely have missed some institutions that use the standardized notice. |
Details | For more details about the project and data sources, please refer to our 2016 ACM Transactions on the Web (TWEB) paper about the project. We presented an earlier version of the work at the 2013 Workshop on the Economics of Information Security. |
Who | This website and underlying project are led by Carnegie Mellon University Professor Lorrie Faith Cranor and two of her Ph.D. students, Pedro Giovanni Leon and Blase Ur. CMU students James T. Graves, Kelly Idouchi, and Manya Sleeper also contributed to the project, and Celine Berger designed the logos and website layout. Everyone involved is part of CMU's Cylab Usable Privacy and Security Laboratory (CUPS lab). |
Contact | Media inquiries and general inquiries about the project should be directed to Professor Lorrie Cranor (full contact info). Technical issues with the website or data should be reported to Blase Ur (blase at blaseur.com). |