ABSTRACT
Following the 2017 Equifax data breach, we conducted four preliminary interviews to investigate how consumers view credit bureaus and the information flows around these agencies, what they perceive as risks of the Equifax breach, and how they reacted in practice. We found that although participants could properly articulate the purpose of credit bureaus, their understanding of credit bureaus' data collection practices was divided and incomplete. Although most of them conceptualized identity theft as the primary risk of data breaches disclosing credit information, and noted a lack of trust/self-efficacy in controlling their data collected by credit bureaus, they did not take sufficient protective actions to deal with the perceived risks. Our findings provide implications for the design of future security-enhancing tools regarding credit data, education and public policy, with the aim to empower consumers to better manage their sensitive data and protect themselves from future data breaches.
- Ben Berliner. 2017. Equifax breach drives legislative push on data privacy. (2017). https://fcw.com/articles/2017/10/23/databreach-legislation-berliner.aspx.Google Scholar
- Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie Downs, and Saranga Komanduri. 2011. Bridging the gap in computer security warnings: A mental model approach. IEEE Security &Privacy 9, 2 (2011), 18--26. Google ScholarDigital Library
- L. Jean Camp. 2009. Mental models of privacy and security. IEEE Technology and Society Magazine 28, 3 (2009).Google ScholarCross Ref
- Federal Trade Commission. 2017. The Equifax Data Breach. (2017). https://www.ftc.gov/equifax-data-breach.Google Scholar
- Ponemon Institute. 2014. The Aftermath of a Data Breach: Consumer Sentiment. Technical Report. https://www.ponemon.org/local/upload/file/Consumer%20Study%20on%20Aftermath%20of%20a%20Breach%20FINAL%202.pdf.Google Scholar
- Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. "... No one Can Hack My Mind" Comparing Expert and Non-Expert Security Practices.. In SOUPS, Vol. 15. 1--20.Google Scholar
- Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. My data just goes everywhere: user mental models of the internet and implications for privacy and security. In Proc. of the 11th Symposium On Usable Privacy and Security (SOUPS). 39--52.Google Scholar
- Spyros Kokolakis. 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers &Security 64 (2017), 122--134. Google ScholarDigital Library
- Annamaria Lusardi and Olivia S. Mitchelli. 2007. Financial literacy and retirement preparedness: Evidence and implications for financial education. Business economics 42, 1 (2007), 35--44.Google Scholar
- Maureen Mahoney. 2014. Errors and Gotchas: How Credit Report Errors and Unreliable Credit Scores Hurt Consumers. Technical Report. http://consumersunion.org/wp-content/uploads/2014/04/Errors-and-Gotchas-report.pdf.Google Scholar
- Lennart Sjöberg. 2000. Factors in risk perception. Risk analysis 20, 1 (2000), 1--12.Google Scholar
- Rick Wash. 2010. Folk models of home computer security. In Proc. of the 6th Symposium on Usable Privacy and Security. ACM, 11. Google ScholarDigital Library
- Suzanne Woolley. 2017. Few Americans Are Freezing Their Credit After the Equifax Hack. (2017). https://www.bloomberg.com/news/articles/201710-06/few-americans-are-freezing-their-creditafter-the-equifax-hack.Google Scholar
- Yaxing Yao, Davide Lo Re, and Yang Wang. 2017. Folk Models of Online Behavioral Advertising. In Proc. of the 2017 ACM Conf. on Computer Supported Cooperative Work and Social Computing (CSCW). 1957--1969. Google ScholarDigital Library
Index Terms
- Concern But No Action: Consumers' Reactions to the Equifax Data Breach
Recommendations
Awareness, Intention, (In)Action: Individuals’ Reactions to Data Breaches
Data breaches are prevalent. We provide novel insights into individuals’ awareness, perception, and responses to breaches that affect them through two online surveys: a main survey (n = 413) in which we presented participants with up to three breaches ...
The Privacy Paradox in HCI: Calculus Behavior in Disclosing PII Online
HCI in Business, Government and Organizations. Information Systems and AnalyticsAbstractThe Privacy Paradox is an information privacy behavioral phenomenon wherein individuals are aware that the personally identifiable information (PII) they disclose in an online transaction may be compromised, yet disclose it nonetheless. One ...
The privacy paradox Investigating discrepancies between expressed privacy concerns and actual online behavior A systematic literature review
This paper presents a systematic literature review discussing the privacy paradox.Users are concerned about their privacy but undertake little to protect their data.Risk-benefit evaluation or little risk assessment drives information disclosure.Design ...
Comments