October 19, 2011
Title: Measuring Privacy
Abstract: The study of privacy is often lost in a debate over values, whether a data subject's privacy itself is a good thing or a bad thing, and how/when it may be reasonably invaded. This research ignores this debate, reasoning that privacy is legisted so the values issue is no longer relevant, and proposes a mechanism for measuring privacy based on the need that knowledge about a data subject's state of privacy is necessary for computer science. Presenting different sets of factors derived from multiple disciplines, this research takes on the work of finitely identifying the list of considerations from which a state of privacy may be derived in an electronic environment (online or off line) on the assumption that states of privacy are finite and based on identifiability. The choice to represent privacy in a finite state machine is ultimately intended to assist a daemon representing the individual to make decisions about privacy on their behalf. For example, visiting a social networking site at a library computer may yield a privacy state of 7; visiting the same online social networking site through a mobile application may yield a privacy state of 9. Similarly, online gaming while talking on the phone to a different data subject may yield of a privacy state of 4 for the game, and 9 for the phone call. Used by the individual to understand and make informed privacy choices in an electronic environment, the secondary point of the measurement is to provide an instrument by which multiple disciplines can interact, research and study on privacy in a common framework.
Bio: Tracy Ann Kosa is a Computer Science doctoral candidate in the Faculty of Science at the University of Ontario Institute of Technology. For 15 years, she has researched, written and presented in Canada and abroad. Her recent research has examined the use of artificial intelligence techniques for predicting privacy preferences, trust models for privacy, privacy analysis of GSM services, and a model for predicting privacy risk for organizations. She is in the process of writing a paper on value extraction from the privacy legislation, beginning with the development of technical privacy design requirements. Ms. Kosa began her career in privacy working for the provincial agency responsible for the development of ehealth initiatives across the province. She left to work in the risk and IT department in a hospital network that served three downtown hospitals with over one million patient visits a year and a staff of 12,000 where she was part of a two-person team responsible for assessment, complaint handling and training. She is now employed by the provincial Government as Team Lead for the Government's Privacy Centre of Excellence, which provides technical advice, assessment services and training to over 600 different Government programs.