usability professionals don't care about privacy
DESCRIPTION
A presentation about the responsibility that UX professionals have in creating methods of evaluating privacy implications of products. Presented at InfoCamp Seattle 2008.TRANSCRIPT
Usability Professionals Don’t Care About Privacy(but we should)
Nika Smith, User Experience ConsultantPrepared for InfoCamp Seattle 2008
cloud computing
software as a service
the social web
“Nothing you do ever goes away, and nothing you do ever escapes notice…
There isn’t any privacy, get over it ”
“Nothing you do ever goes away, and nothing you do ever escapes notice…
There isn’t any privacy, get over itVint Cerf, Internet Evangelist
”
60% of users are not worried about the information available about them online
1. Users often don’t read
1. Users often don’t read Dialog boxesPrivacy policiesInstructionsWarnings
2. UIs for managing privacy settings are often painful to use
standards
Notice / Awareness
Choice / Consent
Access / Participation
Integrity / Security
Enforcement / Redress
4 major principles:
1. Support awareness and notification
2. Ask for consent and offer choices
for participation
3. Offer granular levels of control
4. Protect the user from harm
1. Support awareness and notification
• Uses clear and consistent terminology
• Makes the user’s current privacy settings visible throughout the system
• Provides help from anywhere
1. Support awareness and notification
• Makes privacy policies available from anywhere
• Ensures privacy policies are accessible to all users
• Displays changes to privacy policies, settings, and defaults prominently
1. Support awareness and notification
• Discloses what information can or will be made public BEFORE the user enters or submits it
• Discloses who has access to user’s information
• Discloses how information the user provides will be used
2. Ask for consent and offer choices for participation• Obtains informed consent before collecting
and using private information
• Obtains consent before transferring or making available information to others
2. Ask for consent and offer choices for participation• Defaults to the highest level of privacy and
protection
• Provides an opt-out at any time, without penalizing the user
• Opt-out applies to all previous actions and previously-entered information
3. Offer granular levels of control
• Allows user to view and modify settings at any time
• Gives the user a preview of how information will be used before saving
• Allows user to modify personal information at any time
• Allows user to delete and restrict access to information at any time
4. Protect the user from harm
• Uses secure protocols for transmitting personal information
• Clearly warns the user of privacy-invading actions they are attempting to take
• Refrains from offering any seriously harmful or destructive options
Thoughts?