The main work in this project would consist of case studies with respondents selected from a stratified group of UK users representing different social profiles (age of adult, gender, social class, location) to gain insight into the multiplicity of online interactions and the potential points of exposure to risk. Respondents will be recruited by promotions to community groups representing different profiles. A quota system will be used to select individuals representing a wide range of online service users in the UK.
The transaction logs will be examined to identify points at which personal data is disclosed or exchanged and the nature of the interactions where personal data is disclosed. Users will be invited to comment on the individual analyses so that the context is clear. As this is an intensive activity and a novel approach, the study will involve approximately 20 respondents from around the UK.
The outcome will be a detailed analysis of the types of risk that users are exposed to when they disclose personal data online.
A preliminary literature review will identify key areas for further investigation. Throughout the project the literature will be actively monitored and analysed. There is an established literature on privacy calculus and related issues such as the privacy paradox. The literature analysis will extend the scope of the literature review to include domains such as engineering, insurance industry and the health and safety sector. They all deal with risk and attempt to quantify risk in terms beyond those of personal perception.
Interviews with subject experts
A selection of experts in different sectors will be interviewed with attributions (were consent is given). This is intended to throw light on the way in which other sectors conceptualise and measure risk. This will feed into the development of a typology of online privacy risks.
One of the original outcomes envisaged by this research was a typology of risk. During the research and literature investigation it has become clear that a simple typology or taxonomy would not be sufficient to capture the complexity of relationships between risks concepts. An ontology of risk is therefore being developed to allow greater flexibility in the definition of relationships and to adopt approaches used in the semantic web. Synaptica’s Graphite system is being used to develop the ontology and the NodeXL system is used to generate graphical outputs. The ontology will eventually be tested against data extracted from online sources.
Towards the end of the project a one-day seminar will be organised with respondents from SNS providers, regulators, academics and researchers in the field. This will be an opportunity to test initial findings and to begin dissemination. It will also help to establish an agenda for future research and to cement links with other interested parties for further collaboration. It is anticipated that 15-20 people would attend the seminar.
The seminar will include presentation of preliminary results, invited contributions to set the agenda and structured workshops to finalise the typology of personal risk and to prioritise those risks in terms of probability and impact.
 The privacy paradox occurs when, despite reservations about disclosure, users release sensitive personal data in order to gain access to online services