Summer 2016 Projects-MSIT-Privacy Engineering - Carnegie Mellon University

Summer 2016 Capstone Projects

Prevalence of PII data in the clear on personal computers

Sponsor:  Intersections, Inc.

Presented by: Lieyong Zhou & Xi Zheng

Project Description:

Problem:  People commonly store personal data (SSN, credit card numbers, user names and passwords, etc.) on their devices in the clear.  Devices, meaning mobile phones, laptops, desktops, tablets, etc.

Goals:

  • Develop methods to scan personal computers (with the users' consent), search for personal data in the clear, and categorize the type of data found.
  • The resulting data will be used to determine how prevalent the issue is, determine what type of data is most commonly at risk, and identify ways of increasing user awareness.
  • The project will focus on windows machines

Data Subject Notice and Consent under the EU GDPR

Sponsor:  PrivacyCheq

Presented by: Jonathan Liao, Vijay Kalani, Arnab Kumar

Project Description:

Problem:  The EU GDPR (General Data Protection Regulation is going to change requirements revolving around notice and consent when collecting and processing data associated with EU residents.  This capstone will take a close look at these changes and work with PrivacyCheq to identify opportunities to refine and extend its current product portfolio and in particular its recently launched ConsentCheck GDPR "Compliance Development Kit."

Goals:

The objective of this capstone is to investiage what effect GDPR-grade notice and consent might have in terms of user experience if/when it is implemented on Americans (arguably accustomed to a less rigorous notice/consent user experience).  What would be the level of acceptance or delight with enhanced notice, more granular consent and added available benefits such as right of access, erasure, portability, etc.?