usability professionals don't care about privacy

Usability Professionals Don’t Care About Privacy(but we should)

Nika Smith, User Experience ConsultantPrepared for InfoCamp Seattle 2008

cloud computing

software as a service

the social web

“Nothing you do ever goes away, and nothing you do ever escapes notice…

There isn’t any privacy, get over it ”

“Nothing you do ever goes away, and nothing you do ever escapes notice…

There isn’t any privacy, get over itVint Cerf, Internet Evangelist

Google

”

60% of users are not worried about the information available about them online

1. Users often don’t read

1. Users often don’t read Dialog boxesPrivacy policiesInstructionsWarnings

2. UIs for managing privacy settings are often painful to use

standards

Notice / Awareness

Choice / Consent

Access / Participation

Integrity / Security

Enforcement / Redress

4 major principles:

1. Support awareness and notification

2. Ask for consent and offer choices

for participation

3. Offer granular levels of control

4. Protect the user from harm

1. Support awareness and notification

• Uses clear and consistent terminology

• Makes the user’s current privacy settings visible throughout the system

• Provides help from anywhere

1. Support awareness and notification

• Makes privacy policies available from anywhere

• Ensures privacy policies are accessible to all users

• Displays changes to privacy policies, settings, and defaults prominently

1. Support awareness and notification

• Discloses what information can or will be made public BEFORE the user enters or submits it

• Discloses who has access to user’s information

• Discloses how information the user provides will be used

2. Ask for consent and offer choices for participation• Obtains informed consent before collecting

and using private information

• Obtains consent before transferring or making available information to others

2. Ask for consent and offer choices for participation• Defaults to the highest level of privacy and

protection

• Provides an opt-out at any time, without penalizing the user

• Opt-out applies to all previous actions and previously-entered information

3. Offer granular levels of control

• Allows user to view and modify settings at any time

• Gives the user a preview of how information will be used before saving

• Allows user to modify personal information at any time

• Allows user to delete and restrict access to information at any time

4. Protect the user from harm

• Uses secure protocols for transmitting personal information

• Clearly warns the user of privacy-invading actions they are attempting to take

• Refrains from offering any seriously harmful or destructive options

Thoughts?