“I don’t necessarily trust my childcare”

Security Practice in Information Rich Places

Laurian Vega, Tom DeHart, Steve Harrison, & Dennis Kafura

How is sensitive personal information handled Three Themes of Security in Work Practice
in work practice? Human-Mediated Information Community of Trust
There is a need in HCI to study how issues of trust and privacy can Information Redundancy as a as a mechanism for
and do affect the ad hoc negotiation of rules and how they are Monitoring Form of Security working with security
managed by humans in actual practice. In this paper we present some
initial studies, interviews and observations, to examine the physical and The director’s job extends A tension exists between A tension existed between
beyond managing having information on security and work. To
electronic security practices of childcares and medical offices. We show
information, to managing hand, thus in numerous mange this tension, a the
that the issues of human-mediated monitoring, information access and privacy. “When forms and place, with the community worked to
redundancy, and the creation of a community of trust all affect aspects a teacher comes in and need securing it. One create a standard of trust.
of the human-side of security. wants access to a file they director explained, “We fax Instantiations of this
have to come through me patient information back include homey appearance
Studies in Childcares & Medical Practices first and they have to tell
me their reason basically,
and forth... hundreds of of childcares (example
times a day... Always with pictured below), lack of
you know, why do you the big disclaimer this is passwords – (“They can
need to go in there?” m e d i c a l l y p r o t e c t e d access anything. That’s
  Childcare Directors
Medical Office
Parents Additionally, the space information, and this is their job.”), and the lack of
Directors + Doctors functioned as a place intended for so-and-so locked of filing cabinets-
where admittance was only.” Observed forms even though this is the
Summer 2009 - Summer Summer 2009 - Summer debated; this was observed infor mation include a explicit policy.
When Fall 2009
2010 2010 by the placement of the central patient
The number medical
Number +
Gender
11 women, 1 man 14 women, 4 men 3 women, 18 men
director’s desk and the
location of the file
cabinets.
file, an electronic
copy, and ambient practices that used
information. individual passwords
% 29
Method
Interviews: 30 – 60
minutes; 61 hours of
Interviews: 30 minutes;
60 hour of observation
Interviews: 30 minutes Aspects of the Information Space & Management
observation
Place of convenience
Location Place of work Place of work
(i.e., coffee shop, work)

Example of One Information Space

Director’s office with patient files

Information
People
Locations Busses Director’s office from the point of
view of the director. Children’s information kept in a
Director Computer folder on a shelf in each room.
A teacher’s profile. Placed to help
Owner Report Director’s establish a community of sharing.
Office
Licensor File
Portion of Teacher room. Children’s
Mother File Classroom
information available but concealed
Father

Child
This diagram demonstrates all of the people and
Buss Driver information locations for one sample childcare that work to An example artifact that accessed
Head Teacher keep the child and the child’s information secure. The daily but through the director.

diagram shows how information is distributed, and how

Teacher
different people have different access to various peices of Please contact me for more information about this project and it’s
information. It additionally shows how the community works to have
necessary information on hand for the necessary work. implications for usable security. www.laurianvega.com