A model for Information Privacy Control Implementation on Online Social Networks
Nyaboke, Mogire Nancy
MetadataShow full item record
Research has shown that social network users typically understand the negative implications of unchecked exposure on social networks. Further, they are concerned about the privacy of some of their data that they consider sensitive. However many still fail to use privacy settings when they post sensitive data. As a consequence, users may share with the public private information that may be used negatively by unintended viewers. Privacy breaches have been reported many times as a result of uncontrolled social network information access. While the purpose of social networks is sharing of information, security must be preserved through control of information privacy to limit access on information to the intended audiences. Social network users have data that they would like to keep confidential as confirmed in the survey. However social networks in their original design leave the task of adjusting privacy settings to the user who as evidenced by research will often not change the default privacy settings. Consequently, the information privacy control task falls back to the social network service provider who has a corporate social responsibility to provide a secure networking environment. In effecting that responsibility, it is necessary to enforce privacy control on critical data items in order to achieve the acceptable minimum security. However there is still no widely accepted privacy enforcement model. This paper proposes an information control model targeted at designers of social networking websites. The model offers a data privacy enforcement scheme derived from analysis of sensitivity of data in relation to the security clearance level of a prospective viewer. If the sensitivity of data exceeds viewing permissions for a given prospective viewer, access is denied. However if permission level is greater than the sensitivity of data then access is granted. Enforcement actions are performed automatically by the system, while notifying the data owner using flags and allowing for a deliberate reversal of such enforcement.