Idris Adjerid

Your Location has been Shared 5,398 Times!: A Field Study on Mobile App Privacy Nudging

Smartphone users are often unaware of the data collected by apps running on their devices. We report on a study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data collected by their apps. Our study provides both qualitative and quantitative evidence that these approaches are complementary and can each play a significant role in empowering users to more effectively control their privacy. For instance, even after a week with access to the permission manager, participants benefited from nudges showing them how often some of their sensitive data was being accessed by apps, with 95% of participants reassessing their permissions, and 58% of them further restricting some of their permissions. We discuss how participants interacted both with the permission manager and the privacy nudges, analyze the effectiveness of both solutions, and derive some recommendations.

Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online

Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security tradeoffs, the decision-making hurdles affecting those choices, and ways to mitigate such hurdles. This article provides a multi-disciplinary assessment of the literature pertaining to privacy and security decision making. It focuses on research on assisting individuals’ privacy and security choices with soft paternalistic interventions that nudge users toward more beneficial choices. The article discusses potential benefits of those interventions, highlights their shortcomings, and identifies key ethical, design, and research challenges.

The Impact of Timing on the Salience of Smartphone App Privacy Notices

In a series of experiments, we examined how the timing impacts the salience of smartphone app privacy notices. In a web survey and a field experiment, we isolated different timing conditions for displaying privacy notices: in the app store, when an app is started, during app use, and after app use. Participants installed and played a history quiz app, either virtually or on their phone. After a distraction or delay they were asked to recall the privacy notices content. Recall was used as a proxy for the attention paid to and salience of the notice. Showing the notice during app use significantly increased recall rates over showing it in the app store. In a follow-up web survey, we tested alternative app store notices, which improved recall but did not perform as well as notices shown during app use. The results suggest that even if a notice contains information users care about, it is unlikely to be recalled if only shown in the app store.

The Impact of Privacy Regulation and Technology Incentives: The Case of Health Information Exchanges

Health information exchanges (HIEs) are healthcare information technology efforts designed to foster coordination of patient care across the fragmented U.S. healthcare system. Their purpose is to improve efficiency and quality of care through enhanced sharing of patient data. Across the United States, numerous states have enacted laws that provide various forms of incentives for HIEs and address growing privacy concerns associated with the sharing of patient data. We investigate the impact on the emergence of HIEs of state laws that incentivize HIE efforts and state laws that include different types of privacy requirements for sharing healthcare data, focusing on the impact of laws that include requirements for patient consent. Although we observe that privacy regulation alone can result in a decrease in planning and operational HIEs, we also find that, when coupled with incentives, privacy regulation with requirements for patient consent can actually positively impact the development of HIE efforts. Among all states with laws creating HIE incentives, only states that combined incentives with consent requirements saw a net increase in operational HIEs; HIEs in those states also reported decreased levels of privacy concern relative to HIEs in states with other legislative approaches. Our results contribute to the burgeoning literature on health information technology and the debate on the impact of privacy regulation on technology innovation. In particular, they show that the impact of privacy regulation on the success of information technology efforts is heterogeneous: both positive and negative effects can arise from regulation, depending on the specific attributes of privacy laws. This paper was accepted by Anandhi Bharadwaj, information systems .

Beyond the Privacy Paradox: Objective versus Relative Risk in Privacy Decision Making

Privacy decision making has been examined from various perspectives. A dominant “normative” perspective has focused on rational processes by which consumers with stable preferences for privacy weigh the expected benefits of privacy choices against their potential costs. More recently, an alternate “behavioral” perspective has leveraged theories from behavioral decision research to construe privacy decision making as a process in which cognitive heuristics and biases predictably occur. In a series of experiments, we compare the predictive power of these two perspectives by evaluating the impact of changes in objective risk of disclosure and the impact of changes in relative perceptions of risk of disclosure on both hypothetical and actual consumer privacy choices. We find that both relative and objective risks can, in fact, impact consumer privacy decisions. However, and surprisingly, the impact of objective changes in risk diminishes between hypothetical and actual choice settings. Vice versa, the impact of relative risk is more pronounced going from hypothetical to actual choice settings. Our results suggest a way to integrate diverse streams of IS literature on privacy decision making: consumers may both over-estimate their response to normative factors and under-estimate their response to behavioral factors in hypothetical choice contexts relative to actual choice contexts.

Reducing Medicare Spending Through Electronic Health Information Exchange: The Role of Incentives and Exchange Maturity

Health information exchanges HIEs are entities that have emerged in healthcare delivery markets across the United States. By providing an interorganizational information system IOIS and governance over use of this system and the information exchanged through it, HIEs enable more routine and efficient electronic sharing of patient information between disparate and fragmented healthcare providers. This should result in improved quality and efficiency of care. However, significant questions persist about the extent to which HIEs produce these benefits in practice, particularly in terms of reducing healthcare spending. We use transaction cost economics TCE to theorize that HIEs establish a quasi-hierarchy that decreases frictions associated with information sharing in ways that reduce healthcare spending, and that the magnitude of reductions is greater when 1 insurer and provider incentives align, and 2 HIE capabilities mature. We can test these conjectures because HIEs, unlike other efforts that provide IOIS, are typically confined to regional markets and develop heterogeneously between these markets, introducing variation in insurer-provider incentive alignment and HIE maturity. Leveraging a unique national panel data set, we evaluate whether HIEs reduce spending for the largest insurer in the United States, i.e., Medicare, and whether incentives and HIE maturity modify the magnitude of reductions. We find significant spending reductions in healthcare markets that have established operational HIEs, with an average reduction of

A Query-Theory Perspective of Privacy Decision Making

139 per Medicare beneficiary per year 1.4% decrease or a

Reducing Medicare Spending Through Electronic Information Exchange: The Role of Incentives and Exchange Maturity

3.12 billion annual reduction in spending if HIEs were nationally implemented in 2015. We also find that these reductions occur disproportionately in healthcare markets where providers have financial incentives to use an HIE to reduce spending and when HIEs are more mature. Our results inform an important open empirical question in the healthcare domain related to the value of HIEs, while also joining perspectives from TCE with the IOIS literature to understand the factors that may be relevant to IOIS value creation more generally.

A Tutorial on Empirical ICT4D Research in Developing Countries: Processes, Challenges, and Lessons

Long-standing policy approaches to privacy protection are centered on consumer notice and control and assume that privacy decision making is a deliberative process of comparison between costs and benefits from information disclosure. An emerging body of work, however, documents the powerful effects of factors unrelated to objective trade-offs in privacy settings. In this paper, we investigate how focusing on the process by which individuals make privacy choices can help explain the impact of rational and behavioral factors on privacy decision making. In an online experiment, we borrow from query-theory literature and measure individuals’ considerations (that is, queries) across manipulations of rational and behavioral factors. We find that effects of rational and behavioral factors are associated with differences in the order and valence of queries considered in privacy settings. Our results confirm that understanding how differences in privacy choice emerge can help harmonize disparate perspectives on privacy decision making.

Sleights of privacy: framing, disclosures, and the limits of transparency

Health information exchanges (HIEs) are entities that have emerged in healthcare delivery markets across the U.S. They enable the electronic sharing of patient information between disparate and fragmented healthcare providers and other stakeholders. HIEs are a type of inter-organizational information system (IOIS) – a technology infrastructure that permeates diverse industries (e.g. EDI, B2B exchanges) – and are intended to improve the quality and efficiency of care. Significant questions persist as to the extent of these benefits in practice, particularly in terms of reducing healthcare spending. We use transaction cost economics (TCE) to theorize that reductions in healthcare spending from HIEs will be pronounced when (1) incentives for payers and providers align and (2) HIE capabilities mature. We are able to test these conjectures because HIEs, unlike traditional IOIS, are typically confined to regional markets and develop heterogeneously between these markets, introducing variation in market incentives and HIE maturity. Leveraging a unique national panel dataset, we evaluate whether HIEs reduce spending for the largest insurer in the U.S. – Medicare – and whether incentives and HIE maturity modify the magnitude of reductions. We find significant cost reductions in healthcare markets that have established operational HIEs, with an average reduction in spending of