How To Avoid a Privacy Nightmare with CyLab's Lean Privacy Review

Aaron AupperleeFriday, November 19, 2021

A recent study by CyLab researchers proposes a privacy review for applications and systems that is cheaper and makes it easier to receive direct user feedback early in the development process.

A recent study by Carnegie Mellon University CyLab researchers proposes a privacy review that is cheaper and makes it easier to receive direct user feedback early in the development process.

The study, "Lean Privacy Review: Collecting Users' Privacy Concerns of Data Practices at a Low Cost," was published in the current issue of ACM Transactions on Computer-Human Interaction.

"Lean Privacy Review can help reveal privacy concerns actual people can have at a tiny fraction of the cost and wait-time for a formal review," says Haojian Jin, a Ph.D. student in the Human-Computer Interaction Institute (HCII) and the study's lead author.

Companies sometimes perform privacy reviews on new applications or services to try to catch any potential issues before they're released. These reviews typically involve privacy experts and lawyers and cost quite a bit of money and time, making them impractical for many companies. They also rarely involve actual user feedback.

The authors say that a Lean Privacy Review (LPR) isn't meant to replace the formal privacy review — privacy experts and lawyers are still necessary — but rather to supplement the formal review to make the whole process easier and run more smoothly. They say that LPR is especially useful in the early stages of design.

"If you can find these problems much earlier on, and cheaper, it's actually good for everybody," says CyLab's Jason Hong, a professor in the HCII and a co-author of the study. "The speed and low cost of LPR increases its flexibility and allows it to be used more often and throughout the entire design process rather than just a one-time formal privacy review."

Read more about Lean Privacy Reviews and the research by Jin and the team in this story on CyLab's website.

For More Information

Aaron Aupperlee | 412-268-9068 | aaupperlee@cmu.edu