PeeX researchers are continuously working on various projects related to privacy. Here is a short list of some of these projects.
Privacy and Wealth
(Sonam Samat and Alessandro Acquisti) This project attempts to use experimental methods to understand the impact of relative financial status on privacy decision making. We are currently designing several studies to evaluate the impact of subjective wealth on disclosure behavior. Through our studies, we hope to tease out the different factors that might play a role in this relationship. Please contact sonam@cmu.edu for further details.
Sleight of Privacy: The Impact of Framing on Self-Disclosure
(Idris Adjerid, Alessandro Acquisti, Laura Brandimarte and George Lowenstein) Current policy initiatives focus on “transparency” (informing individuals about how their data is used) as solution to users’ privacy concerns. We illustrate the limits of disclosure: very simple and clearly communicated privacy policies do not consistently impact disclosure behavior, and can be used to manipulated individuals into revealing more or less sensitive information. We find that the impact of different levels of privacy protections on disclosure can be muted by introducing misdirections that do not alter the objective risk of disclosure.
Online Disclosures and Impression Formation
(Laura Brandimarte, Alessandro Acquisti and Francesca Gino) Intimate, embarrassing, even self-incriminating online disclosures have become common in social media. They can have long-lasting effects on individuals, because of the impressions others may form based on them. Over time, how will online disclosures affect each other’s impression formation – when everyone may have embarrassing records online? We test the paradoxical effect that disclosure of a sensitive trait can have on the judgments of others who made similar disclosures; the role of the source of disclosure in impression formation (the effect of one’s self-disclosures, as compared to others’ disclosures about you); and the moderating effect of perceived motivations for disclosure.
Decision Reversibility and Self-Disclosure
(Eyal Peer and Alessandro Acquisti) Online self-disclosures are often irreversible in nature, with no actual option to revise their content before it reaches others. We investigate how offering reversibility in a decision to disclose personal information, either ex-post (after information was disclosed) or ex-ante (beforehand), would affect individuals’ responses to sensitive questions. Our studies showed that self-disclosure was highest when reversibility was given only ex-post, compared to when reversibility was given ex-ante or when disclosure was explicitly irreversible. Few actually take advantage of the reversibility, when it is offered; suggesting that the mere option of reversibility can affect disclosure decisions (to be presented at the Behavioral Decision Research in Management Conference, June 27-29, 2012, Leeds School of Business, Boulder, CO).
Empirical Analysis of Data Breach Litigation
(Sasha Romanosky, David Hoffman, Alessandro Acquisti) Most US states now require companies to notify individuals when their personal information is lost or stolen. While these data breaches may not always result in grave financial loss, identity theft does occur, causing plaintiffs to bring legal action. But what happens in these cases? Which data breaches are more likely to be litigated, and what are the outcomes? That is, when are firms more likely to be sued, and when are they more likely to settle? Our research shows a surprising number of settlements, and a staggering number of different causes of action brought by plaintiffs in these cases. Read the full paper.
Information Law: Disclosure and Protection of Personal Information
(Sasha Romanosky, Jim Graves, Alessandro Acquisti) State and Federal laws seek to protect personal consumer information (PHI) in different ways. On one hand, some laws provide statutory protection against the unauthorized sale, sharing or public disclosure of PHI (e.g. VPPA, DPPA, FERPA). On the other hand, different laws specifically allow sharing, or require disclosure of PHI (e.g. data breach and financial disclosure laws). In this research effort, we seek to better understand these laws and their effects on both firm and consumer outcomes. For example, what is the full state and federal landscape of such laws? Are they generally privacy-enhancing, or firm-centric? Do these laws work as intended, or do they introduce perverse outcomes that may adversely affect either consumers or firms?
Misplaced Confidences: Privacy and the Control Paradox
(Laura Brandimarte, Alessandro Acquisti and George Loewenstein) We test the hypothesis that increasing individuals’ perceived control over the release and access of private information – even information that allows them to be personally identified – will increase their willingness to disclose sensitive information. If their willingness to divulge increases sufficiently, such an increase in control can, paradoxically, end up leaving them more vulnerable. Our findings highlight how, if people respond in a sufficiently offsetting fashion, technologies designed to protect them can end up exacerbating the risks they face.
Differential depreciation of information with positive and negative valence: The role of diagnosticity
(Laura Brandimarte, Joachim Vosgerau and Alessandro Acquisti) Negative events in the future are discounted less than positive events, and people adapt slower to negative events in the past than positive events. We demonstrated a third form of this ‘bad has a longer lasting impact than good’ principle: Negative past behaviors of a person have a longer lasting impact on others’ impression of, and behavior towards the person. This is because negative behaviors are generally more diagnostic of the intention of the person than positive behaviors.
The Impact of Privacy Regulation on Technology Adoption: The Case of Health Information Exchanges
(Idris Adjerid, Alessandro Acquisti, Rema Padman, Rahul Telang, Julia Adler-Milstein) Health Information Exchanges (HIEs) are innovative healthcare technology initiatives that increase coordination between healthcare providers. Their purpose is to improve efficiency and quality of care through enhanced sharing of patient data. To soothe privacy concerns associated with HIE development, however, numerous states have enacted laws establishing strict patient consent requirements for medical data shared through HIEs. We investigate the impact of privacy consent regulation on the adoption and success of HIEs. We find that among all states with laws intended to promote HIE adoption, those that had requirements for patient consent experienced greater HIE adoption and success, while also reporting lower levels of privacy concerns. These findings contribute to the debate over the impact of privacy regulation on technological progress, and provide insights on the delicate balance between privacy concerns and the benefits of technology adoption.