"Avoid a Privacy Nightmare With 'Lean Privacy Review'"

Sometimes companies conduct privacy reviews on new applications or services to identify any potential privacy issues before they are released. Privacy reviews are typically carried out with involvement from privacy experts and lawyers. Therefore, these reviews tend to cost a considerable amount of money and time, thus making them infeasible for many companies. In addition, they rarely involve actual feedback from users. A new study conducted by Carnegie Mellon University CyLab researchers proposes a new type of privacy review that is not only cheaper but also makes it easy to get feedback directly from users early in the development process. The study titled "Lean Privacy Review: Collecting Users' Privacy Concerns of Data Practices at a Low Cost" has been published in an issue of ACM Transactions on Computer-Human Interaction. According to Haojian Jin, the study's lead author, Lean Privacy Review (LPR) can reveal privacy concerns that actual people have, at a significantly lower cost and wait time than that of a formal review. The authors emphasized that LPR is not meant to replace the formal privacy review, as privacy experts and lawyers are still essential to the process. Rather, it improves the formal review to make it easier and more efficient. LPR is said to be especially useful in the early design stages. This article continues to discuss how LPR improves upon the formal privacy review and how the researchers evaluated LPR. 

CyLab reports "Avoid a Privacy Nightmare With 'Lean Privacy Review'"