8/8/2019 GH Poster I dont necessarily trust my childcare: Securing Electronic & Physical Sensitive Information - Poster

1/1

There is a need in HCI to study how issues of trust and privacy canand do affect the ad hoc negotiation of rules and how they aremanaged by humans in actual practice. In this paper we present someinitial studies, interviews and observations, to examine the physical andelectronic security practices of childcares and medical offices. We showthat the issues of human-mediated monitoring, informationredundancy, and the creation of a community of trust all affect aspectsof the human-side of security.

A tension existed betweensecurity and work. Tomange this tension, a thecommunity worked tocreate a standard of trust.Instantiations of thisinclude homey appearance

of childcares (examplepictured below), lack ofpasswords (They canaccess anything. Thatstheir job.), and the lack oflocked of filing cabinets-even though this is theexplicit policy.

I dont necessarily trust my childcareSecurity Practice in Information Rich Places

Childcare Directors Medical OfficeDirectors + Doctors

Parents

WhenSummer 2009 - Summer

2010Summer 2009 - Summer

2010Fall 2009

Number +

Gender

11 women, 1 man 14 women, 4 men 3 women, 18 men

MethodInterviews: 30 60

minutes; 61 hours ofobservation

Interviews: 30 minutes;60 hour of observation

Interviews: 30 minutes

Location Place of work Place of work Place of convenience

(i.e., coffee shop, work)

Three Themes of Security in Work Practice

Laurian Vega, Tom DeHart, Steve Harrison, & Dennis Kafura

Human-MediatedInformationMonitoring

InformationRedundancy as aForm of Security

Community of Trustas a mechanism forworking with security

Studies in Childcares & Medical Practices

The number medicalpractices that used

individual passwords 29%

The directors job extendsb e y o n d m a n a g i n g information, to managingaccess and privacy. Whena teacher comes in and

wants access to a file theyhave to come through me

first and they have to tellme their reason basically,you know, why do youneed to go in there?

Additionally, the spacefunctioned as a place

where admittance wasdebated; this was observedby the placement of thedirectors desk and thelocat ion of the f i l e

cabinets.

How is sensitive personal information handled

in work practice?

A tension exists betweenhaving information onhand, thus in numerousforms and place, with theneed securing it. Onedirector explained, We faxpatient information back

and forth... hundreds oftimes a day... Always withthe big disclaimer this ism e d i c a l l y p r o t e c t e dinformation, and this isintended for so-and-soonly. Observed formsinformation include acentral patientfile, an electroniccopy, and ambient

information.

Directors office with patient files

Directors office from the point ofview of t he director.

Teacher room. Childrensinformation available but concealed

Aspects of the Information Space & Management

Example of One Information Space

This diagram demonstrates all of the people and

information locations for one sample childcare that work tokeep the child and the childs information secure. Thediagram shows how information is distributed, and howdifferent people have different access to various peices of

DirectorsOffice

Busses

Classroom

Director

Mother

Buss Driver

Teacher

Father

Head Teacher

Computer

Report

File

Portion ofFile

Child

Owner

PeopleInformationLocations

Licensor

information. It additionally shows how the community works to havenecessary information on hand for the necessary work.

Please contact me for more information about this project and itsimplications for usable security. www.laurianvega.com

Childrens information kept in afolder on a shelf in each room.

A teachers profile. Placed to helpestablish a community of sharing.

An example artifact that accesseddaily but through the director.