Cumulative Revelations of Personal Data *

Lead Research Organisation: Northumbria University
Department Name: Fac of Arts, Design and Social Sciences

Abstract

Cumulative Revelations in Personal Data takes a multidisciplinary approach to investigating how small, apparently innocuous pieces of employees' personal information, which are generated through interactions with/in networked systems over time, collectively pose significant yet unanticipated risk to personal reputation and employers' operational security. Such cumulative revelations come from personal data that are shared intentionally by an individual, from data shared about an individual by others, from recognition software that identifies and tags people and places automatically, and from common cross-authentication practices that favour convenience over security (e.g. signing into AirBnB via Facebook). Brought together, these data can provide unintended insights to others into (for example) an individual's personal habits, work patterns, personality, emotion, and social influence. Collectively these data thus have the potential to create adverse consequences for that individual (e.g. through reputational damage), their employer (e.g. by creating opportunities for cybercrime), and even for national security.

The research brings together multidisciplinary expertise in Socio-Digital Interaction, Co-design, Interactive Information Retrieval, and Computational Legal Theory, all working in collaboration with a key industry partner, the Royal Bank of Scotland, which employs more than 92,000 staff across 12 national, international and private banks and for which security concerns are paramount, as well as UK Government security agencies, via the Government Office for Science and the Centre for Research and Evidence on Security Threats.

The research will examine the potential adverse revelations delivered by an individual employee's holistic digital footprint through the development of a prototype software tool that maps out a portrait of a user's digital footprint and reflects it back to them. This tool will enable individuals to understand the cumulative nature of their personal data, and better comprehend the associated vulnerabilities and risks. Responding to employers' concerns over organisational security risks created by cumulative revelations of their employees' data, the research will also identify conflicts and ambiguities in security service design and implementation when the motivations and actions of individual employees are balanced against organisational security philosophy, enabling mitigation against the attendant risks, issues and consequences of cumulative revelations from organisational and individual perspectives.
 
Description We designed two online methods, determined by the necessary move to enabling online participation of respondents during Lockdown, as opposed to the planned for face-to-face participatory design workshops. These methods directly built on the outcomes from the data narrative study, with the first one trialled with some of the same participants.
Findings included:
That our multi-method approach prompted changes in participants' thought or action concerning their personal online safety and approaches to mitigating risk. Knowledge was exchanged during the research interaction as well as across our wider multi-method approach (including the earlier data narrative study), improving participants' data literacy. The 'ongoingness' of digital traces requires careful management to cope with what Pink et al. (2018) call the 'processual element of the everyday'. Participants' coping strategies include retrospective curation of their information, using pseudonyms, entering fake information, encrypting data, changing privacy settings and using sparingly a particular technology e.g. location tracking.

The online Mural format enabled participants to articulate approaches to mitigating online risk and demonstrate their awareness of the care required to control and maintain separation between one's digital traces, e.g. between the public, private, personal and professional self, something that had been challenging for them in the earlier interviews. Mostly, participants discussed these separations and collision of traces from their own perspective and experiences, showing how the online tool and the case of 'Alex Smith' in combination with the discussions with the researcher encouraged some to narrate and self-disclose quite personal information.

It was apparent that participants thought digital traces only provide a fragment and/or an incomplete picture of a personality and their values, and that this partial representation could invite inaccurate or harmful inferences. Most were cognisant that the persistent function of someone's online information means that it is always contingent on its context of reception and 'not a reflection of who they are now'.

Grounded in these findings we went on the design a more extensive assemblage of 'Taylor Addison's' online information in collaboration with the Strathclyde team. This browser-based cyber safety tool has the dual aim of collecting research data while promoting respondents' awareness of the potential for diachronical (across traces) and synchronical (across time) functions of cumulative risk within digital traces, for deployment amongst a much wider population.
Exploitation Route We are trialling the first method in a school; there is a multiplicity of potential future applications for organisations and their employees, and amongst groups that are the potential target of others' dataveillance (e.g. those in high profile public service/the public eye).
Sectors Education,Financial Services, and Management Consultancy,Government, Democracy and Justice,Security and Diplomacy

 
Description Cumulative Revelations University PhD Scholarship (UKRI level stipend and fees)
Amount £60,000 (GBP)
Organisation Northumbria University 
Sector Academic/University
Country United Kingdom
Start 01/2021 
End 12/2023
 
Description 'Alex Smith' tool used in youth work for raising awareness of online safety 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Local
Primary Audience Schools
Results and Impact The online 'Alex Smith' tool was used by a youth charity in North Shields to promotes awareness-raising of the cumulative, temporal aspects of online safety. Briggs provided the digital content and sufficient training to enable the experienced youth worker to run sessions, the first of which took place with year 10 pupils (aged around 14) in March 2022. The youth charity conducts a multiplicity of outreach/schools-based activities relating to post-digital aspects of personal safety (how on-line risks and threats can escalate into offline physical, psychological and reputational harms) and support young people in envisioning potential future consequences of of their online behaviours, to promote their agency around responsible personal information sharing and online identity management.
Year(s) Of Engagement Activity 2022
 
Description Cybersecurity in FinTech: Joining the Dots - Personal Data Security of FinTech employees 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact Presentation on the Northumbria design work package by Briggs and 30min demo of the "Alex Smith tool" with Briggs and Nash each facilitating a breakout room.

Other project investigators also presented. Around 20 participants in all from academia and external organisations.

The event was aimed at those working in FinTech and aligned activities.

The event presented mid-term findings from the EPSRC-funded Cumulative Revelations in Personal Data project, which examines:
- Ways in which people unintentionally reveal more information to others than they intend to across multiple online channels and over time.
- How this can create reputational and security risks to people and their employers.

This event involve a demo of our research method comprising a digital tool designed by the Northumbria team led by Briggs. It invites people to reflect on risks created when sharing personal information, and assists them in anticipating and managing these risks. CN and JB ran one of the \breakout rooms' from a larger event and invited discussions on the research's mid-term findings, and exploration around potential future directions for research within the FinTech community.
The event took place online on 25 May 2021 organised by the University of Strathclyde. Any requests for further information will have been directed to the PI of the project rather than our small team.
Year(s) Of Engagement Activity 2021
URL https://www.engage.strath.ac.uk/event/791