scholarly journals Comparing Privacy Policies of Government Agencies and Companies: A Study using Machine-learning-based Privacy Policy Analysis Tools

2021 ◽  
Author(s):  
Razieh Zaeem ◽  
K. Barber
Keyword(s):  
Machine Learning ◽  
Policy Analysis ◽  
Government Agencies ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Analysis Tools

Crowdsourcing privacy policy analysis: Potential, challenges and best practices

2016 ◽  
Vol 58 (5) ◽  
Author(s):  
Florian Schaub ◽  
Travis D. Breaux ◽  
Norman Sadeh
Keyword(s):  
Best Practices ◽  
Policy Analysis ◽  
Personal Information ◽  
Lessons Learned ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Policy Documents ◽  
Specific Data ◽  
Data Practices ◽  
Research Challenges

AbstractPrivacy policies are supposed to provide transparency about a service's data practices and help consumers make informed choices about which services to entrust with their personal information. In practice, those privacy policies are typically long and complex documents that are largely ignored by consumers. Even for regulators and data protection authorities privacy policies are difficult to assess at scale. Crowdsourcing offers the potential to scale the analysis of privacy policies with microtasks, for instance by assessing how specific data practices are addressed in privacy policies or extracting information about data practices of interest, which can then facilitate further analysis or be provided to users in more effective notice formats. Crowdsourcing the analysis of complex privacy policy documents to non-expert crowdworkers poses particular challenges. We discuss best practices, lessons learned and research challenges for crowdsourcing privacy policy analysis.

scholarly journals Machine Learning-Based Malicious X.509 Certificates’ Detection

2021 ◽  
Vol 11 (5) ◽  
pp. 2164
Author(s):  
Jiaxin Li ◽  
Zhaoxin Zhang ◽  
Changyong Guo
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Ensemble Learning ◽  
Traffic Analysis ◽  
Learning Models ◽  
Detection Model ◽  
Analysis Tools ◽  
Average Accuracy ◽  
Machine Learning Models

X.509 certificates play an important role in encrypting the transmission of data on both sides under HTTPS. With the popularization of X.509 certificates, more and more criminals leverage certificates to prevent their communications from being exposed by malicious traffic analysis tools. Phishing sites and malware are good examples. Those X.509 certificates found in phishing sites or malware are called malicious X.509 certificates. This paper applies different machine learning models, including classical machine learning models, ensemble learning models, and deep learning models, to distinguish between malicious certificates and benign certificates with Verification for Extraction (VFE). The VFE is a system we design and implement for obtaining plentiful characteristics of certificates. The result shows that ensemble learning models are the most stable and efficient models with an average accuracy of 95.9%, which outperforms many previous works. In addition, we obtain an SVM-based detection model with an accuracy of 98.2%, which is the highest accuracy. The outcome indicates the VFE is capable of capturing essential and crucial characteristics of malicious X.509 certificates.

scholarly journals Privacy Policy Analysis of Banks and Mobile Money Services in the Middle East

2021 ◽  
Vol 13 (1) ◽  
pp. 10
Author(s):  
Yousra Javed ◽  
Elham Al Qahtani ◽  
Mohamed Shehab
Keyword(s):  
Middle East ◽  
Policy Analysis ◽  
Data Protection ◽  
Middle Eastern ◽  
Financial Sector ◽  
Privacy Policy ◽  
Mobile Money ◽  
Privacy Statements

Privacy compliance of the Middle East’s financial sector has been relatively unexplored. This paper evaluates the privacy compliance and readability of privacy statements for top banks and mobile money services in the Middle East. Our analysis shows that, overall, Middle Eastern banks have better privacy policy availability and language distribution, and are more privacy compliant compared to mobile money services. However, both the banks and mobile money services need to improve (1) compliance with the principles of children/adolescent’s data protection, accountability and enforcement, and data minimization/retention, and (2) privacy statement texts to be comprehensible for a reader with ~8 years of education or less.

scholarly journals The Path to a Creating a New Privacy Policy: NYPL's story

2017 ◽  
Vol 2 (1) ◽  
pp. 5 ◽  
Author(s):  
Bill Marden
Keyword(s):  
Privacy Policy ◽  
Privacy Policies ◽  
Intellectual Inquiry

Every library has (or should have) one. Ironically, in an institution devoted to reading and intellectual inquiry, it is probably the most seldom-read document in its collections. I am referring to library privacy policies, which have become increasingly important in an era when the broad gathering of information and data is exponentially increasing.

An Analysis of Online Privacy Policies of Fortune 100 Companies

2009 ◽  
pp. 269-283
Author(s):  
Suhong Li
Keyword(s):  
Personal Information ◽  
Online Privacy ◽  
Third Party ◽  
Security Requirements ◽  
Current Status ◽  
Safe Harbor ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Fair Information Practices ◽  
Fortune 100

The purpose of this chapter is to investigate the current status of online privacy policies of Fortune 100 Companies. It was found that 94% of the surveyed companies have posted an online privacy policy and 82% of them collect personal information from consumers. The majority of the companies only partially follow the four principles (notice, choice, access, and security) of fair information practices. For example, most of the organizations give consumers some notice and choice in term of the collection and use of their personal information. However, organizations fall short in security requirements. Only 19% of organizations mention that they have taken steps to provide security for information both during transmission and after their sites have received the information. The results also reveal that a few organizations have obtained third-party privacy seals including TRUSTe, BBBOnline Privacy, and Safe Harbor.

Semi-Automated Seeding of Personal Privacy Policies in E-Services

2011 ◽  
pp. 985-992
Author(s):  
George Yee ◽  
Larry Korba
Keyword(s):  
Private Information ◽  
Web Site ◽  
Privacy Policy ◽  
Personal Privacy ◽  
Privacy Policies ◽  
Major Drawback ◽  
Consumer Privacy ◽  
Privacy Preferences ◽  
Privacy Constraints ◽  
The Web

The rapid growth of the Internet has been accompanied by a proliferation of e-services targeting consumers. E-services are available for banking, shopping, learning, government online, and healthcare. However, each of these services requires a consumer’s personally identifiable information (PII) in one form or another. This leads to concerns over privacy. In order for e-services to be successful, privacy must be protected (Ackerman, Cranor, & Reagle, 1999). An effective and flexible way of handling privacy is management via privacy policies. In this approach, a consumer of an e-service has a personal privacy policy that describes what private information the consumer is willing to give up to the e-service, with which parties the provider of the e-service may share the private information, and how long the private information may be kept by the provider. The provider likewise has a provider privacy policy describing similar privacy constraints as in the consumer’s policy, but from the viewpoint of the provider, (i.e., the nature of the private information and the disclosure/retention requirements that are needed by the e-service). Before the consumer engages the e-service, the provider’s privacy policy must match with the consumer’s privacy policy. In this way, the consumer’s privacy is protected, assuming that the provider complies with the consumer’s privacy policy. Note that policy compliance is outside the scope of this work but see Yee and Korba (July, 2004). Initial attempts at conserving consumer privacy for e-services over the last few years have focused on the use of Web site privacy policies that state the privacy rules or preferences of the Web site or service provider. Some of these policies are merely statements in plain English and it is up to the consumer to read it. This has the drawback that very few consumers take the trouble to read it. Even when they do take the time to look at it, online privacy policies have been far too complicated for consumers to understand and suffer from other deficiencies (Lichtenstein, Swatman, & Babu, 2003; Jensen & Potts, 2004). Still other privacy policies are specified using P3P (W3C) that allows a consumer’s browser to automatically check the privacy policy via a browser plug-in. This, of course, is better than plain English policies but a major drawback is that it is a “take-it-or-leave-it” approach. There is no recourse for the consumer who has a conflict with the Web site’s P3P policy, except to try another Web site. In this case, we have advocated a negotiations approach to resolve the conflict (Yee & Korba, Jan., May, 2003). However, this requires a machine-processable personal privacy policy for the consumer. We assume that providers in general have sufficient resources to generate their privacy policies. Certainly, the literature is full of works relating to enterprise privacy policies and models (e.g., Barth & Mitchell, 2005; Karjoth & Schunter 2002). Consumers, on the other hand, need help in formulating machine-processable privacy policies. In addition, the creation of such policies needs to be as easy as possible or consumers would simply avoid using them. Existing privacy specification languages such as P3P, APPEL (W3C; W3C, 2002), and EPAL (IBM) are far too complicated for the average internet user to understand. Understanding or changing a privacy policy expressed in these languages effectively requires knowing how to program. Moreover, most of these languages suffer from inadequate expressiveness (Stufflebeam, Anton, He, & Jain, 2004). What is needed is an easy, semi-automated way of seeding a personal privacy policy with a consumer’s privacy preferences. In this work, we present two semi-automated approaches for obtaining consumer personal privacy policies for e-services through seeding. This article is based on our work in Yee and Korba (2004). The section “Background” examines related work and the content of personal privacy policies. The section “Semi-Automated Seeding of Personal Privacy Policies” shows how personal privacy policies can be semi-automatically seeded or generated. The section “Future Trends” identifies some of the developments we see in this area over the next few years. We end with ”Conclusion”.

scholarly journals Socialization of Terms of Use and Privacy Policy on Indonesian e-commerce Websites

2020 ◽  
Vol 1 (3) ◽  
pp. 41-45 ◽  
Author(s):  
Aloysius Bernanda Gunawan
Keyword(s):  
Personal Data ◽  
Online Privacy ◽  
Privacy Policy ◽  
Privacy Policies ◽  
Content Structure ◽  
Legal Documents ◽  
Common Practices ◽  
Insight Into

This article aims to identify common practices in Indonesian e-commerce regarding terms of use and privacy policies. Website visit rankings from Alexa and Similarweb were used to identify the 10 most commonly visited e-commerce sites in Indonesia. Then, placement, length, and content structure of the terms of service and privacy policies of these websites were compared. Findings suggest that the information provided by these documents is sufficient and legally compliant, although some of the websites appear to disregard their importance. The actual contents of these documents were not analyzed and are thus open for further study. The information provided in this article may give merchants intending to open e-commerce stores in Indonesia some insight into how the protection of consumers’ personal data leads to better service. This paper also proposes a simple framework for assessing the extent to which an e-commerce website successfully ensures that consumers agree and consent to its terms of use without burdening them with lengthy and obscure legal documents. Keywords: online privacy e-commerce term of use

scholarly journals POLICY ANALYSIS AND IMPLEMENTATION OF MUTATION AND EMPLOYEE PLACEMENTS ON PERFOMANCE AND CAREER DEVELOPMENT

2020 ◽  
Vol 6 (2) ◽  
pp. 143-162
Author(s):  
Maria Ulfah ◽  
Dewi Prastiwi
Keyword(s):  
Public Sector ◽  
Career Development ◽  
Policy Analysis ◽  
Synthesis Method ◽  
Political Affiliation ◽  
Government Agencies ◽  
Improve Performance ◽  
Organizational Goals ◽  
Family Connections ◽  
Merit System

This study aims to assess the effectiveness of employee mutations and placements applied to several institutions in Indonesia. This study uses the meta-synthesis method by conducting a review of 31 previous studies listed in the research media. The results of the study found that government agencies in Indonesia had implemented mutation policies based on applicable regulations ranging from the law to local regulations on several factors, the value of improving performance and productivity, career development and promotion, to filling vacant positions. However, several studies have found that there is still corruption, collusion and nepotism, political affiliation, family connections, and close relations with superiors which causes a mismatch between the placement of employees and their competencies. Transfer of employees based on a merit system is indicated to improve performance including public services in providing information to create public sector accountability. Career development and promotion can also expand knowledge and experience to produce creative and innovative employees to support the achievement of organizational goals. 

Sign in / Sign up

Export Citation Format

Share Document