Privacy in India: Attitudes

1
Privacy in India Attitudes Awareness
Ponnurangam K Dr. Lorrie Cranor Computation,
Organizations and Society School of Computer
Science Carnegie Mellon University 1st June
2005 ponguru_at_cs.cmu.edu
2
Motivations

• Business Process Outsourcing in India
• Security and privacy laws needed
• Privacy law currently being drafted
• Privacy has not been studied in India
• Recent interest in privacy in India
• Privacy and new technology (e.g. mobile phones)
• Studies in the US, Australia and Europe
• Westin (1978 2004)
• Office of the Federal Privacy Commissioner in
  Australia
• Others

3
Methods

• Written Survey 407 subjects
• Sharing of different types of data
• Internet privacy (e.g. web cookies, browser
  settings)
• Interviews 29 subjects
• Computerization of the data
• Information collection and misuse
• Privacy technologies
• Website study 89 websites
• Google Shopping directory
• Web privacy policies

4
General Privacy Concern
Source for US Westin 1992 and 1993 study with
Harris Interactive
5
Sharing of different data types
US Data Source Cranor, Lorrie, et al.,
"Beyond Concern Understanding Net Users'
Attitudes About Online Privacy." 1999.
6
Some quotes from the interviews

• General
• I really dont have anything to hide
• My friends and relatives know all my financial,
  medical and personal information
• About shop
• They dont know anything other than my physical
  presence
• About government
• They would not abuse it

7
Web Privacy Policies

• Google Directory
• E-commerce websites 89
• 29 had privacy policies
• No website with Platform for Privacy Preferences
  (P3P)
• US commercial websites 86 had privacy policies
• Policies
• Do not have all attributes of privacy policy
  Consent, Choice, Notice, etc.
• Mostly discuss only Security aspect
• Very few specify about web cookies
• Very few have opt-in and opt-out options

Source http//directory.google.com/Top/Regional/A
sia/India/Business_and_Economy/Shopping/ Privacy
Online A report on information practices and
policies of commercial websites, March 2002
8
Observations

• Identity Theft physical impersonation
• Publicly available travel information
• Age, gender, source station, destination station,
  seat number, first name, last name, etc.
• University grades
• Notice boards
• Trust factor finding
• 86 of people highly trusted the organizations
• 87 of the people highly trusted the government

9
Conclusions

• Unaware about privacy issues and related
  consequences
• Trust is the driving factor for their behavior
• Personal information is available, people are
  starting to misuse it
• Some types of data are more sensitive than others
• Need to create more awareness among public about
  the issues related to sharing of information
• Consider the results from such studies while
  drafting privacy laws

10
Future Work

• To conduct a study with representative samples
  across different states in India
• To compare our results with other recent studies
  in the US and other countries
• Conducting similar studies in the US and in India
  at the same time
• To conduct periodic studies to see the trend in
  the behavior
• To consider the results obtained in such studies
  for designing technological solutions

11
Thanks toCUPS Lab, CMUCyLab, CMUDr. Raj
ReddyElaine Newton, EPP, CMUDr. Granger Morgan,
EPP, CMU

12
Thank You
13
Backup slides
14
Communication Technology Diffusion as of 2003
Source ITU - 2003 World Telecommunication
development report 2003
15
India USA - Internet penetration

Source http//www.itu.int/ITU-D/ict/statistics/at
_glance/Internet03.pdf for 2003
16
Peculiar
The Customers shall not disclose to any other
person, in any manner whatsoever, any
information relating to or its Affiliates of a
confidential nature obtained in the course of
availing the services through the website.
Failure to comply with this obligation shall be
deemed a serious breach of the terms herein and
shall entitle or its Affiliates to terminate
the services, without prejudice to any damages,
to which the customer may be entitled otherwise.
Name of the organization removed.