The development of information technology (IT) and the Internet has dramatically increased the quantity of information available in digital form. Besides making it easier to transfer consumer information, this has also led to a variety of ways in which this personal information can be used. Though this can be advantageous for users, possibilities for misuse abound. In the end, the effects of all these have major implications on individuals’ privacy. Privacy is especially a major concern amongst Internet users interacting with online healthcare service providers. My research project is to study the security and privacy of personal information on the Internet. The majority of us do not even read online privacy policies. This makes us vulnerable. Thus, through my research in this topic I am developing a tool that makes privacy and security transparent to end-users so that they may be well-informed before providing their personally identifiable information online. Most privacy policies are derived and specified in a somewhat ad-hoc manner, leading to policies that are of limited use to the consumers they are intended to serve. To make privacy policies more readable and enforceable, two privacy policy specification languages have emerged, Platform for Privacy Preferences Project (P3P) and Enterprise Privacy Authorization Language (EPAL). Part of my research this summer involved analyzing the effectiveness of these languages within the context of a case study that entailed the expression of common online privacy statements for a healthcare website. Additionally, I analyzed web site privacy policy evolution in the presence of Health Insurance Portability and Accountability Act (HIPAA). Following are the 2 publications that were the result of my research work this summer.
1.Specifying Privacy Policies with P3P and EPAL: Lessons Learned, William Stufflebeam, Annie I. Antón, Qingfeng He, Neha Jain. 3rd ACM Workshop on Privacy in the Electronic Society, October 2004. [PDF]
2. An Analysis of Web Site Privacy Policy Evolution in the Presence of HIPAA, Annie I. Antón, Julie B. Earp, Matthew W. Vail, Neha Jain, Carrie Gheen, Jack M. Frink. Submitted To: IEEE Security & Privacy -0095, July 24, 2004. [PDF]