Usability has been identified as a major challenge to moving the results of security and privacy research to use in real systems [15]. One reason seems to be that there has been only limited research into how to make complex security and privacy functionality understandable to those who must use it. The research reported here describes our efforts to design a system which facilitates privacy policy authoring, implementation, and compliance monitoring. We employed a variety of user-centered design methods with 109 users across the five steps of the research reported here. The majority of these users are organizational privacy professionals. This case study highlights the work of identifying organizational privacy requirements, iteratively designing and validating a prototype with users, and conducting laboratory tests to guide specific design decisions for flexible privacy enabling technologies. Each of the five steps in our work is identified and described, with a particular emphasis on the motivation for each step and the user-centered methods employed. Recommendations for extending this work into the security arena are included.
By: Carolyn Brodie; John Karat; Clare-Marie N. Karat
Published in: RC23495 in 2005
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .