[KSCI] Korea Science Citation Index Service

Information Privacy Concern in Context-Aware Personalized Services: Results of a Delphi Study

Lee, Yon-Nim (College of Business, Kyung Hee University)
Kwon, Oh-Byung (College of Business, Kyung Hee University)

Publication Information

Asia pacific journal of information systems / v.20, no.2, 2010 , pp. 63-86 More about this Journal

Abstract

Personalized services directly and indirectly acquire personal data, in part, to provide customers with higher-value services that are specifically context-relevant (such as place and time). Information technologies continue to mature and develop, providing greatly improved performance. Sensory networks and intelligent software can now obtain context data, and that is the cornerstone for providing personalized, context-specific services. Yet, the danger of overflowing personal information is increasing because the data retrieved by the sensors usually contains privacy information. Various technical characteristics of context-aware applications have more troubling implications for information privacy. In parallel with increasing use of context for service personalization, information privacy concerns have also increased such as an unrestricted availability of context information. Those privacy concerns are consistently regarded as a critical issue facing context-aware personalized service success. The entire field of information privacy is growing as an important area of research, with many new definitions and terminologies, because of a need for a better understanding of information privacy concepts. Especially, it requires that the factors of information privacy should be revised according to the characteristics of new technologies. However, previous information privacy factors of context-aware applications have at least two shortcomings. First, there has been little overview of the technology characteristics of context-aware computing. Existing studies have only focused on a small subset of the technical characteristics of context-aware computing. Therefore, there has not been a mutually exclusive set of factors that uniquely and completely describe information privacy on context-aware applications. Second, user survey has been widely used to identify factors of information privacy in most studies despite the limitation of users' knowledge and experiences about context-aware computing technology. To date, since context-aware services have not been widely deployed on a commercial scale yet, only very few people have prior experiences with context-aware personalized services. It is difficult to build users' knowledge about context-aware technology even by increasing their understanding in various ways: scenarios, pictures, flash animation, etc. Nevertheless, conducting a survey, assuming that the participants have sufficient experience or understanding about the technologies shown in the survey, may not be absolutely valid. Moreover, some surveys are based solely on simplifying and hence unrealistic assumptions (e.g., they only consider location information as a context data). A better understanding of information privacy concern in context-aware personalized services is highly needed. Hence, the purpose of this paper is to identify a generic set of factors for elemental information privacy concern in context-aware personalized services and to develop a rank-order list of information privacy concern factors. We consider overall technology characteristics to establish a mutually exclusive set of factors. A Delphi survey, a rigorous data collection method, was deployed to obtain a reliable opinion from the experts and to produce a rank-order list. It, therefore, lends itself well to obtaining a set of universal factors of information privacy concern and its priority. An international panel of researchers and practitioners who have the expertise in privacy and context-aware system fields were involved in our research. Delphi rounds formatting will faithfully follow the procedure for the Delphi study proposed by Okoli and Pawlowski. This will involve three general rounds: (1) brainstorming for important factors; (2) narrowing down the original list to the most important ones; and (3) ranking the list of important factors. For this round only, experts were treated as individuals, not panels. Adapted from Okoli and Pawlowski, we outlined the process of administrating the study. We performed three rounds. In the first and second rounds of the Delphi questionnaire, we gathered a set of exclusive factors for information privacy concern in context-aware personalized services. The respondents were asked to provide at least five main factors for the most appropriate understanding of the information privacy concern in the first round. To do so, some of the main factors found in the literature were presented to the participants. The second round of the questionnaire discussed the main factor provided in the first round, fleshed out with relevant sub-factors. Respondents were then requested to evaluate each sub factor's suitability against the corresponding main factors to determine the final sub-factors from the candidate factors. The sub-factors were found from the literature survey. Final factors selected by over 50% of experts. In the third round, a list of factors with corresponding questions was provided, and the respondents were requested to assess the importance of each main factor and its corresponding sub factors. Finally, we calculated the mean rank of each item to make a final result. While analyzing the data, we focused on group consensus rather than individual insistence. To do so, a concordance analysis, which measures the consistency of the experts' responses over successive rounds of the Delphi, was adopted during the survey process. As a result, experts reported that context data collection and high identifiable level of identical data are the most important factor in the main factors and sub factors, respectively. Additional important sub-factors included diverse types of context data collected, tracking and recording functionalities, and embedded and disappeared sensor devices. The average score of each factor is very useful for future context-aware personalized service development in the view of the information privacy. The final factors have the following differences comparing to those proposed in other studies. First, the concern factors differ from existing studies, which are based on privacy issues that may occur during the lifecycle of acquired user information. However, our study helped to clarify these sometimes vague issues by determining which privacy concern issues are viable based on specific technical characteristics in context-aware personalized services. Since a context-aware service differs in its technical characteristics compared to other services, we selected specific characteristics that had a higher potential to increase user's privacy concerns. Secondly, this study considered privacy issues in terms of service delivery and display that were almost overlooked in existing studies by introducing IPOS as the factor division. Lastly, in each factor, it correlated the level of importance with professionals' opinions as to what extent users have privacy concerns. The reason that it did not select the traditional method questionnaire at that time is that context-aware personalized service considered the absolute lack in understanding and experience of users with new technology. For understanding users' privacy concerns, professionals in the Delphi questionnaire process selected context data collection, tracking and recording, and sensory network as the most important factors among technological characteristics of context-aware personalized services. In the creation of a context-aware personalized services, this study demonstrates the importance and relevance of determining an optimal methodology, and which technologies and in what sequence are needed, to acquire what types of users' context information. Most studies focus on which services and systems should be provided and developed by utilizing context information on the supposition, along with the development of context-aware technology. However, the results in this study show that, in terms of users' privacy, it is necessary to pay greater attention to the activities that acquire context information. To inspect the results in the evaluation of sub factor, additional studies would be necessary for approaches on reducing users' privacy concerns toward technological characteristics such as highly identifiable level of identical data, diverse types of context data collected, tracking and recording functionality, embedded and disappearing sensor devices. The factor ranked the next highest level of importance after input is a context-aware service delivery that is related to output. The results show that delivery and display showing services to users in a context-aware personalized services toward the anywhere-anytime-any device concept have been regarded as even more important than in previous computing environment. Considering the concern factors to develop context aware personalized services will help to increase service success rate and hopefully user acceptance for those services. Our future work will be to adopt these factors for qualifying context aware service development projects such as u-city development projects in terms of service quality and hence user acceptance.

Keywords

Information Privacy; Privacy Concern; Context-aware Computing;

Citations & Related Records

Reference

1	Hayne, S. and Pollard, C, "A Comparative Analysis of Critical Issues Facing Canadian Information Systems Personnel: A National and Global Perspective," Information and Management, Vol. 38, No.2, 2000, pp. 73-86. DOI ScienceOn
2	Helle, M.R, Reijnown, M., and Mannermaa, J.P., "Using a Delphi Survey to Access the Value of Pharmaceutical Process Validation. Part 1: Survey Methodology," Pharmaceutical Technology Europe, Vol. 15, No.4, 2003, p. 43.
3	Herlocker, J. and Konstan, J., "ContentIndependent, Task-Focused Recommendations," IEEE Internet Computing, Vol. 5, 2001, pp. 40-47.
4	Floridi, L., "Four Challenges for a Theory of Informational Privacy," Ethics and Information Technology, Vol. 3, No.8, 2006, pp. 109-119.
5	Friedman, B., Kahn Jr., P.H, Hagman, J., and Severson, R.L., "The Watcher and the Watched: Social Judgments about Privacy in a Public Place," Human-Computer Interaction, Vol. 21, No.2, 2006, pp. 235-272. DOI ScienceOn
6	Gandon, F.L. and Sadeh, N.M., "Semantic Web Technologies to Reconcile Privacy and Context Awareness," Web Semantics: Science, Services and Agents on the World Wide Web, Vol. 1, No.3, 2004, pp. 241-260. DOI ScienceOn
7	Delbecq, A.L., Gustafsson, D.H., and Van de Van, A.H., Group Techniques for Program Planning: A Guide to Nominal Group and Delphi Processed, Scott-Foresman and Co. Glenview, IL, 1975.
8	Wang, H., Lee, M.K.O., and Wang, C., "Consumer Privacy Concerns about Internet Marketing," Communications of the ACM, Vol. 41, No.3, 1998, pp. 63-70. DOI ScienceOn
9	Westin, A, Privacy and freedom. New York: Athaneum, 1967.
10	Hasson, F., Keeney,S., and McKenna, H, "Research Guidelines for the Delphi Survey Technique," Journal of Advanced Nursing, Vol. 32, No.4, 2000, pp. 1008-1015.
11	Dritsas, S., Gritzalis, D., and Lambrinoudakis, C, "Protecting Privacy and Anonymity in Pervasive Computing: Trends and Perspectives," Telematics and informatics, Vol. 23, No.3, 2006, pp. 196-210. DOI ScienceOn
12	Edmunds, H, The Focus Group Research Handbook, NTC Business Books, 1999.
13	Sakagami, H, Kamba, T., Sugiura, A, and Koseki, Y., "Effective Personalization of Push-Type Systems-Visualizing Information Freshness," Computer Networks and ISDN Systems, Vol. 30, No. 1/7, 1998, pp. 53-63. DOI
14	Soppera, A and Burbridge, T., "Maintaining Privacy in Pervasive Computing-Enabling Acceptance of Sensor-Based Services," BT Technology Journal, Vol. 22, No.3, 2004, pp. 106-118. DOI
15	Spiekermann, S., "Perceived Control: Scales for Privacy in Ubiquitous Computing Environments," Proceedings of 10th International Conference on User Modeling, 2005.
16	Eymann, T. and Morito, H, "Privacy Issues of Combining Ubiquitous Computing and Software Agent Technology in a LifeCritical Environment," Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, Den Haag, IEEE Press, 2004.
17	Cheverst, K, Mitchell, K, and Davies, N., "Exploring Context-aware Information Push," Personal and Ubiquitous Computing, Vol. 6, No.4, 2002, pp. 276-281. DOI ScienceOn
18	Clarke, R, "Internet Privacy Concerns Confirm the Case for Intervention," Communications of the ACM, Vol. 42, No.2, 1999, pp. 60-67. DOI ScienceOn
19	Stone, E.F., Gardner, D.G., Geugal, H.G., and McClure,S., "A Field Experiment Comparing Information-Privacy Values, Beliefs and Attitudes Across Several Types of Organizations," Journal of Applied Psychology, Vol. 68, No.3, 1983, pp. 459-468. DOI
20	Viehland, D. and Hughes, J., "The Future of the Wireless Application Protocol," Proceedings of the Eighth Americas Conference on Information Systems, Dallas, 2002, pp. 1883- 1891.
21	Scheffler, T. and Schnor, B., "Privacy Requirements for Embedded Sensor Devices," IEEE 16th International Symposium on Personal, Indoor and Mobile Radio Communications, Vol. 2, 2005, pp. 790-794.
22	Schmidt, R.C, "Managing Delphi Surveys Using Nonparametric Statistical Techniques," Decision Sciences, Vol. 28, No.3, 1997, pp. 763-774. DOI ScienceOn
23	Smith, H.J. and Milberg, S.J., "Information Privacy: Measuring Individuals' Concerns about Organizational Practices," MIS quarterly, Vol. 20, No.2, 1996, pp. 167-196. DOI ScienceOn
24	Czinkota, M.R and Ronkainen, I.A, "International Business and Trade in the Next Decade: Report From a Delphi Study," Journal of International Business Studies, Vol. 28, No.4, 1997, pp. 827-844. DOI ScienceOn
25	Brancheau, J.c., Janz, B.D., and Wetherbe, J.c., "Key Issues in Information Systems Management: 1994-1995 SIM Delphi Results," MIS Quarterly, Vol. 20, No.2, 1996, pp. 225-242. DOI ScienceOn
26	Cas, J., "Privacy in Pervasive Computing Environments-a Contradiction in Terms?," IEEE Technology and Society Magazine, 2005, pp. 24-33.
27	Schmidt, R.C, Lyytinen, K., Keil, M., and Cule, P., "Identifying Software Project Risks: An International Delphi Study," Journal of Management Information Systems, Vol. 17, No.4, 2001, pp. 5-36. DOI
28	Shoji, T. and Nakajima, T., "Privacy-Concern for Context-Aware Environments," Proceedings of IEEE Workshop on Software Technologies for Future Embedded and Ubiquitous Systems, 2004, pp. 85-89.
29	Nowak, G.J. and Phelps, J., "Direct Marketing and the Use of Individual-Level Consumer Information: Determining How and When Privacy Matters," Journal of Direct Marketing, Vol. 11, No.4, 1997, pp. 94-109. DOI ScienceOn
30	Okoli, C and Pawloski,S., "The Delphi Method as a Research Tool: An Example, Design, Considerations and Applications," Information and Management, Vol. 42, No.1, 2004, pp. 15-29. DOI ScienceOn
31	Nambisan, S., Agarwal, R. and Tanniru, M., "Organizational Mechanisms for Enhancing User Innovation in Information Technology," MIS Quarterly, Vol. 23, No. 3, 1999, pp. 365-395. DOI ScienceOn
32	Chellappa, R.K. and Sin, R.G., "Personalization versus Privacy: An Empirical Examination of the Online Consumer's Dilemma," Information Technology and Management, Vol. 6, No. 2/3, 2005, pp. 181-202. DOI
33	Beer, T., Rasinger, J., and Hopken, W., "Exploiting E-C-A Rules for Defining and Processing Context-Aware Push Messages," Lecture Notes in Computer Science, Vol. 4824, 2007, pp. 199-206.
34	Palen, L. and Dourish, P., "Unpacking "Privacy" for a Networked World," Human Factors in Computing Systems: CHI 2003, Vol. 5, No.1, 2003, pp. 129-136.
35	Robinson, J.B.L., "Delphi Methodology for Economic Impact Assessment," Journal of Transportation Engineering, Vol. 117, No.3, 1991, pp. 335-349. DOI
36	Sacramento, V., Endler, M., and Nascimento, F.N., "A Privacy Service for Context- aware Mobile Computing," First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005, pp. 182-193.
37	Neustaedter, C. and Greenberg, S., "The Design of a Context-Aware Home Media Space for Balancing Privacy and Awareness," UbiComp 2003, 2003, pp. 297-314.
38	Nguyen, D.H., Kobsa, A, and Hayes, G. R., "An Empirical Investigation of Concerns of Everyday Tracking and Recording Technologies," Proceedings of the 10th International Conference on Ubiquitous Computing, 2008, pp. 182-191.
39	Beresford, A.R and Stajano, F., "Location Privacy in Pervasive Computing," IEEE Pervasive Computing, Vol. 2, No.1, 2003, pp. 46-55. DOI ScienceOn
40	Bookbinder, J.H., Imada, S.J., and Lynch, M., "The Future of Logistics in Canada: A Delphi-Based Forecast," Logistics and Transportation Review, Vol. 30, No. 1, 2004, pp.95-112.
41	Nissenbaum, H, "Protecting Privacy in an Information Age: The Problem of Privacy in Public," Law and Philosophy, Vol. 17, No. 5/6, 1998, pp. 559-596.
42	Mobasher, B., Cooley, R., and Srivastava, J., "Automatic Personalization Based on Web Usage Mining," Communications of the ACM, Vol. 43, No.8, 2000, pp. 142-151. DOI
43	Morgan, D.L., The Focus Group Guidebook, Focus Group Kit 1, Sage, Beverly Hills, CA, 1998.
44	Langheinrich, M., "Privacy Invasions in Ubiquitous Computing, Workshop on Socially- informed Design of Privacy-enhancing Solutions in Ubiquitous Computing," UbiComp 2002, 2002, Goteborg, Sweden.
45	Ackerman, M., Darrel, T., and Weitzner, OJ, "Privacy in Context," Human-Computer Interaction, Vol. 16, No. 2/4, 2001, pp. 167-176. DOI
46	Adams, A., "Multimedia Information Changes the Whole Privacy Ballgame," Proceedings of Computers, Freedom, and Privacy, 2000.
47	Mulligan, P., "Specification of a Capability-Based IT Classification Framework," Information and Management, Vol. 39, No, 8, 2002, pp, 647-658. DOI ScienceOn
48	Myles, G., Friday, A, and Davies, N., "Preserving Privacy in Environments with Location-Based Applications," IEEE Pervasive Computing, Vol. 2, No.1, 2003, pp. 56- 64. DOI ScienceOn
49	Lai, V. and Chung, W., "Managing International Data Communications," Information and Management, Vol. 45, No.3, 2002, pp. 89-93.
50	Lapkin, A, "Context-Aware Computing: Four Questions CIOs Should be Asking," Gartner Special Report (http://www.gart ner.com/DisplayDocument?ref = g_search &id = 1144612&Subref = simplesearch), 2009.
51	Linstone, H. and Turoff, M., The Delphi Method: Techniques and Applications. Addison Wesley, Reading, MA, 1975, pp. 3-12.
52	Malhotra, N.K., Kim, S.S. and Agarwal, J., "Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale and a Causal Model," Information Systems Research, Vol. 15, 2004, pp. 336-355. DOI ScienceOn
53	Kuo, F.Y., Lin, C.S., and Hsu, M.H., "Assessing Gender Differences in Computer Professionals' Self-Regulatory Efficacy Concerning Information Privacy Practices," Journal of Business Ethics, Vol. 73, No.2, 2007, pp. 145-160. DOI ScienceOn
54	Kang, J.M. and Bang, K.C, "A Study on Protection Technology and Scope about Information Privacy in Ubiquitous Sensing Network Environment," Journal of Digital Society, Vol. 7, No.4, 2006, pp. 301- 308.
55	Kendall, J.E., Kendall, K.E., Smithson, S., and Angell, I.O., "SEER: A Divergent Methodology Applied to Forecasting the Future Roles of the Systems Analyst," Human Systems Management, Vol. 11, No.3, 1992, pp. 123-135.
56	Kuhn, M.G., "Electromagnetic Eavesdropping Risks of Flat-Panel Displays," Lecture Notes in Computer Science, Vol. 3424, 2005, pp. 88-107.
57	Hoffman, D.L., Novak, T.P., and Peralta, M.A, "Information Privacy in the Marketspace: Implications for the Commercial Uses of Anonymity on the Web," The Information Society, Vol. 15, No.2, 1999, pp. 129-140. DOI ScienceOn
58	Jiang, X. and Landay, JA, "Modeling Privacy Control in Context-Aware Systems," IEEE Pervasive Computing, Vol. 1, No.3, 2002, pp. 59-63. DOI ScienceOn
59	Holsapple, P. and Joshi, K., "Knowledge Manipulation Activities: Results of a Delphi study," Information and Management, Vol. 39, No.6, 2002, pp. 477-490. DOI ScienceOn
60	Hui, K.L., Tan, B.C.Y., and Goh, C.Y., "Online Information Disclosure: Motivators and Measurements," ACM Transactions on Internet Technology, Vol. 6, No.4, 2006, pp. 415-441. DOI
61	Jiang, X., Hong, J.I., and Landay, J.A., "Approximate Information Flows: Sodally- Based Modeling of Privacy in Ubiquitous Computing," UbiComp 2002, 2002, pp. 176-193.
62	Junglas, I.A and Spitzmuller, C, "A Research Model for Studying Privacy Concerns Pertaining to Location-Based Services," Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences, (HICSS'OS), 2005, pp. 180-182.