Final submissions due: 1 May 2013
Publication date: January/February 2014
Most of us must look after an increasing number of devices that provide access to valuable services and data that, if compromised, can affect others—our employers, colleagues, service providers, family, and friends. They, in turn, might hold sensitive data about us—but we're not always aware of its nature and risk. This special issue addresses what we, as individuals and collectively, can do to protect ourselves and our information as it's gathered, shared, used, and changed. Articles will explore important questions, such as:
- How should we be notified about how information is being collected and used?
- How much time and effort will individuals invest to secure their devices and data?
- How can we help those who struggle to understand and manage the potential risks associated with new devices and services?
- Do e-government services create new personal data risks?
- What are the business opportunities for online reputation defenders for device and service protection?
- How do individuals interact with service providers, insurers, and law enforcement? How can we ensure that the security and privacy settings on one device are transferred as the information moves to other devices?
- Who is responsible for finding and fixing flaws in our devices?
- Who is responsible when personal data stored in the cloud is compromised?
- Most US states and many countries now have data breach notification laws. Do these help individuals protect themselves? If not, what additional mechanisms or measures are needed?
We welcome case studies, experience reports, practices, research results, and standards reports. Our readers are eager to hear about personal and industry experiences, especially those based on empirical studies that can provide reliable evidence to users, developers, researchers, and policymakers.
Possible topics for the special issue include:
- studies of individuals' use of their devices and data and associated protection behaviors;
- studies of individuals' knowledge and understanding of risks and benefits associated with their devices and data;
- novel, low-effort ways of helping individuals understand and manage personal data risks;
- studies of the impact of data breach notifications on individuals, groups of customers, or an industry sector;
- case studies of data disclosure and protection behaviors in online shopping or banking, e-government, online social networks, online games, and shared sensing environments;
- case studies of organizations that help their customers understand and manage personal data risks;
- case studies of peer groups or communities that empower individuals to manage personal data risks or organize collective awareness and behavior change; and
- case studies of commercial services that manage personal data risks for individuals or communities.
Submissions will be subject to the IEEE Computer Society's peer-review process. Articles should be a maximum of 6,000 words and 15 references and should be understandable to a broad audience of people interested in security, privacy, and dependability. The writing style should be down to earth, practical, and original. Authors should not assume that the audience will have specialized experience in a particular subfield. All accepted articles will be edited according to the IEEE Computer Society style guide. Submit your papers to ScholarOne at https://mc.manuscriptcentral.com/cs-ieee.
Contact the Guest Editors:Angela Sasse (firstname.lastname@example.org) and Charles C. Palmer (email@example.com)