BullGuard

“Sensitive information”- How much personal information we share freely?

Posted by sabina.datcu@bullguard.com | October 11, 2013

Personal information sharing

The concept of ‘sensitive information’ has a lot of different definitions, most of them being parts of the laws and regulations of different countries. To sum these definitions up, information is considered to be sensitive if the loss of its confidentiality or availability has severely undesirable effects on organizations or individuals.

 

 

Irrespective of the different conceptual definitions of ‘sensitive information’, the human factor is the core element dictating what this notion should signify.

This experiment was presented in Virus Bulletin Conference 2013.

 

 

 

Privacy and sensitive information sharing – The Experiment

 

A sample consisting in 2,100 people from seven different countries was questioned regarding the notion of ‘sensitive information’ and what kind of information they would be willing to disclose to another ‘reliable person’. Respondents were randomly selected from a large database containing more than 150 million records, in order to have the same number of individuals in each subset: 300. The subsets represent the countries the individuals were from: US, UK, Spain, Japan, Lebanon, Romania and Australia. The sex ratio was 1:1, meaning that in each sub-sample, the number of males was equal to the number of females.

 

 

The hypothesis: sensitive information sharing vs cultural background and beliefs

The experiment was designed to test some hypothesis:

a)  The higher the interviewees’ cultural knowledge, the stricter their attitude/conduct towards privacy.

b)  The stricter interviewees’ cultural background, the stricter their attitude about the privacy of their data.

c)  The greater the interviewees’ needs for freedom, the less strict their attitude about private information disclosure.

 

The time frame for this experiment was six months – after six months of discussions, the trust of the participants had been gained, meaning that they started to talk about themselves without restrictions.

 

At the very beginning of the discussions, the participants in the study were pretty concerned about their personal privacy. But as conversations continued and trust between interlocutors was gradually obtained, anxiety disappeared.

 

 

The results : what kind sensitive information has been  disclosed ?

 The information provided is shown in Table 1.

Table 1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The results support the three hypotheses: all of them could predict the likelihood of users protecting their sensitive data.

 

 

Data privacy : conclusions

While the decision-making process behind private information disclosure is an extremely complicated process, likely to fail unless the right triggers are activated, the virtual world appears to makes it easier in both directions. People are more willing to share because of their suspended sense of risk in the absence of social cues; cybercriminals are better equipped to trick their victims based on what information is made available about potential human sources of authority. A case of ultimate efficiency: beating the regular unwary users with other unwary, but more authoritative users’ weapons.

 

The experiment revealed interesting results, but it certainly does not provide the last word in the privacy debate.


Comments





bottom roundness