Cumulative Revelations of Personal Data (Wendy Moncur transfer)

Cumulative Revelations in Personal Data takes a multidisciplinary approach to investigating how small, apparently innocuous pieces of employees' personal information, which are generated through interactions with/in networked systems over time, collectively pose significant yet unanticipated risk to personal reputation and employers' operational security. Such cumulative revelations come from personal data that are shared intentionally by an individual, from data shared about an individual by others, from recognition software that identifies and tags people and places automatically, and from common cross-authentication practices that favour convenience over security (e.g. signing into AirBnB via Facebook). Brought together, these data can provide unintended insights to others into (for example) an individual's personal habits, work patterns, personality, emotion, and social influence. Collectively these data thus have the potential to create adverse consequences for that individual (e.g. through reputational damage), their employer (e.g. by creating opportunities for cybercrime), and even for national security.

The research brings together multidisciplinary expertise in Socio-Digital Interaction, Co-design, Interactive Information Retrieval, and Computational Legal Theory, all working in collaboration with a key industry partner, the Royal Bank of Scotland, which employs more than 92,000 staff across 12 national, international and private banks and for which security concerns are paramount, as well as UK Government security agencies, via the Government Office for Science and the Centre for Research and Evidence on Security Threats.

The research will examine the potential adverse revelations delivered by an individual employee's holistic digital footprint through the development of a prototype software tool that maps out a portrait of a user's digital footprint and reflects it back to them. This tool will enable individuals to understand the cumulative nature of their personal data, and better comprehend the associated vulnerabilities and risks. Responding to employers' concerns over organisational security risks created by cumulative revelations of their employees' data, the research will also identify conflicts and ambiguities in security service design and implementation when the motivations and actions of individual employees are balanced against organisational security philosophy, enabling mitigation against the attendant risks, issues and consequences of cumulative revelations from organisational and individual perspectives.