Modeling Privacy Insurance Contracts and Their Utilization in Risk Management for ICT Firms

  • Athanassios N. Yannacopoulos
  • Costas Lambrinoudakis
  • Stefanos Gritzalis
  • Stylianos Z. Xanthopoulos
  • Sokratis N. Katsikas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5283)


The rapid expansion of Internet based services has created opportunities for ICT firms to collect and use, in an unauthorized way, information about individuals (e.g. customers, partners, employees etc.). Therefore, privacy issues are becoming increasingly important. In this paper we model the risk that an IT firm is exposed to, as a result of potential privacy violation incidents. The proposed model is based on random utility modeling and aims at capturing the subjective nature of the question: ”how important is a privacy violation incident to someone?”. Furthermore, we propose a collective risk model for the economic exposure of the firm due to privacy violation. These models are useful for the design and valuation of optimal privacy related insurance contracts for the firm and are supportive to its risk management process.


Privacy Risk Modeling Insurance Random Utility Models 


  1. 1.
    Warren, S.D., Brandeis, L.D.: The rights to privacy, Harvard Law Review, vol. 5(1), pp. 193–220 (1890)Google Scholar
  2. 2.
    Westin, A.F.: Privacy and Freedom. Atheneum, New York (1967)Google Scholar
  3. 3.
    Gritzalis, S.: Enhancing Web privacy and anonymity in the digital era. Information Management and Computer Security 12(3), 255–288 (2004)CrossRefGoogle Scholar
  4. 4.
    Phelps, J., Nowak, G., Ferrell, E.: Privacy Concerns and Consumer Willingness to Provide Personal Information. Journal of Public Policy and Marketing 19(1), 27–41 (2000)CrossRefGoogle Scholar
  5. 5.
    Fox, S.: Trust and privacy online: Why Americans want to rewrite the rules, Tech. rep. The Pew Internet & American Life Project, Washington D.C (2000)Google Scholar
  6. 6.
    Culnan, M.J., Milne, G.R.: The Culnan-Milne Survey on Consumers and Online Privacy Notices: Summary of Responses (December 2001),
  7. 7.
    Hoffman, D.L., Novak, T.P., Peralta, M.A.: Building Consumer Trust Online. Communications of the ACM 42(4), 80–85 (1999)CrossRefGoogle Scholar
  8. 8.
    Milberg, S.J., Smith, H.J., Burke, S.J.: Information Privacy: Corporate Management and National Regulation, Organization Science, vol. 11(1), pp. 35–57 (2000)Google Scholar
  9. 9.
    Smith, H.J.: Information Privacy and Marketing: What the U.S. Should (and Shouldn’t) Learn from Europe, California Management Review 43(2), 8–33 (2001)MathSciNetGoogle Scholar
  10. 10.
    Smith, J., Milberg, S., Burke, S.: Information Privacy: measuring individuals’ concerns about organizational practices. MIS Quarterly 20, 167–196 (1996)CrossRefGoogle Scholar
  11. 11.
    Dhillon, G.S., Moores, T.T.: Internet privacy: Interpreting key issues. Information Resources Management Journal 14(4), 33–37 (2001)CrossRefGoogle Scholar
  12. 12.
    Cranor, L.F., Reagle, J., Ackerman, M.S.: Beyond concern: Understanding Net Users’s Attitudes About Online Privacy, AT&T Labs -Research Technical Report TR 99.4.3 (1999),
  13. 13.
    Wang, H., Lee, M.K.O., Wang, C.: Consumer Privacy Concerns about Internet Marketing. Communications of the ACM 41(3), 63–70 (1998)CrossRefGoogle Scholar
  14. 14.
    Ackerman, M.S., Cranor, L.F., Reagle, J.: Privacy in e-commerce: examining user scenarios and privacy preferences. In: Proceedings of the First ACM Conference on Electronic Commerce, pp. 1–8 (1999)Google Scholar
  15. 15.
    Spiekermann, S., Grossklags, J., Berendt, B.: E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. In: Proceedings of the 3rd ACM Conference on Electronic Commerce, pp. 38–47 (2001)Google Scholar
  16. 16.
    Hann, I., Hui, K.L., Lee, T.S., Png, I.P.L.: Online information privacy: Measuring the cost-benefit trade-offs. In: Proceedings of the Twenty-Third International Conference on Information Systems, Barcelona, Spain, pp. 1–10 (2002)Google Scholar
  17. 17.
    Chellappa, R.K., Sin, R.: Personalization Versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma. Information Technology and Management 6(2-3) (2005)Google Scholar
  18. 18.
    Acquisti, A., Grossklags, J.: Losses, gains, and hyperbolic discounting: An experimental approach to information security attitudes and behavior. In: 2nd Annual Workshop on Economics and Information Security (WEIS) (2003)Google Scholar
  19. 19.
    Acquisti, A., Grossklags, J.: Privacy and Rationality in Individual Decision Making. IEEE Security and Privacy 3(1), 26–33 (2005)CrossRefGoogle Scholar
  20. 20.
    Westin, A.F.: Privacy and American Business Study (1997),
  21. 21.
    Faja, S.: Privacy in E-Commerce: Understanding user trade-offs. Issues in Information Systems VI(2), 83–89 (2005)Google Scholar
  22. 22.
    Laudon, K.C.: Markets and Privacy. Communications of the ACM 39(9), 92–104 (1996)CrossRefGoogle Scholar
  23. 23.
    Acquisti, A., Friedman, A., Telang, R.: Is there a cost to privacy breaches? an event study. In: Workshop on the Economics of Information Security (WEIS) (2006)Google Scholar
  24. 24.
    Mikosh, T.: Non-life insurance mathematics: An introduction using stochastic processes. Springer, Heidelberg (2006)Google Scholar
  25. 25.
    Buhlmann, H., Gisler, A.: A course on credibility theory and its applications. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  26. 26.
    Gritzalis, S., Yannacopoulos, A.N., Lambrinoudakis, C., Hatzopoulos, P., Katsikas, S.K.: A probabilistic model for optimal insurance contracts against security risks and privacy violations in IT outsourcing environments. International Journal of Information Security 6(4), 197–211 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Athanassios N. Yannacopoulos
    • 1
  • Costas Lambrinoudakis
    • 2
  • Stefanos Gritzalis
    • 2
  • Stylianos Z. Xanthopoulos
    • 3
  • Sokratis N. Katsikas
    • 4
  1. 1.Dept. of StatisticsAthens University of Economics and BusinessGreece
  2. 2.Dept. of Information and Communication Systems EngineeringUniversity of the AegeanGreece
  3. 3.Dept. of Statistics and Actuarial-Financial MathematicsUniversity of the AegeanGreece
  4. 4.Dept. of Technology Education and Digital SystemsUniversity of PiraeusGreece

Personalised recommendations