Corresponding Security Level with the Risk Factors of Personally Identifiable Information through the Analytic Hierarchy Process

[[abstract]]Since Taiwan government has announced the New Version of Personal Information Protection Act , People began to pay attention to their personal information and privacy. Many industries significantly increased their responsibilities and faced more serious challenges. In order to cope with the requirements of the new law, BS10012 specification can help enterprises to reduce impact of personal data protection law. Enterprises need to rethink policy objectives, and make risk assessment of personally identifiable information (PII). This study using analytic hierarchy process (AHP) to identify the security level of PII. Corresponding security level with the risk factors of personal information, so that find the suitable countermeasure to protect users PII. Rarely see research about risk assessment of PII by using AHP, therefore the feasibility of the application of AHP in this regard is worthwhile to explore

Differences in Perceived Information Sensitivity During Smartphones Use Among UK University Graduates

The level of sensitivity with which smartphone users perceive information influences their privacy decisions. Information sensitivity is complex to understand due to the multiple factors influencing it. Adding to this complexity is the intimate nature of smartphone usage that produces personal information about various aspects of users’ lives. Users’ perceive information differently and this plays an important role in determining responses to privacy risk. The different levels of perceived sensitivity in turn point out how users could be uniquely supported through information cues that will enhance their privacy. However, several studies have tried to explain information sensitivity and privacy decisions by focusing on single-factor analysis. The current research adopts a different approach by exploring the influences of the disclosure context (smartphone ecosystem), three critical factors (economic status, location tracking, apps permission requests) and privacy attributes (privacy guardian, pragmatist, and privacy unconcerned) for a more encompassing understanding of how smartphone user-categories in the UK perceive information. The analysis of multiple factors unearths deep complexities and provides nuanced understanding of how information sensitivity varies across categories of smartphone users. Understanding how user-categories perceive information enables tailored privacy. Tailored privacy moves from “one-size-fits-all” to tailoring support to users and their context. The present research applied the Struassian grounded theory to analyse the qualitative interview data collected from 47 UK university graduates who are smartphone users. The empirical research findings show that smartphone users can be characterised into eight categories. However, the category a user belongs depends on the influencing factor or the information (identity or financial) involved and the privacy concern category of the user. This study proposes a middle-range theory for understanding smartphone users’ perception of information sensitivity. Middle-range theories are testable propositions resulting from in-depth focus on a specific subject matter by looking at the attributes of individuals. The propositions shows that an effective privacy support model for smartphone users should consider the varying levels of information sensitivity. Therefore, the study argues that users who perceive information as highly sensitive require privacy assurance to strengthen privacy, whereas users who perceive information as less sensitive require appropriate risk awareness to mitigate privacy risks. The proposition provides the insight that could support tailored privacy for smartphone users