{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T21:14:00Z","timestamp":1776114840590,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":96,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,5,2]],"date-time":"2019-05-02T00:00:00Z","timestamp":1556755200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,5,2]]},"DOI":"10.1145\/3290605.3300424","type":"proceedings-article","created":{"date-parts":[[2019,4,29]],"date-time":"2019-04-29T17:04:32Z","timestamp":1556557472000},"page":"1-14","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["You `Might' Be Affected"],"prefix":"10.1145","author":[{"given":"Yixin","family":"Zou","sequence":"first","affiliation":[{"name":"University of Michigan, Ann Arbor, MI, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shawn","family":"Danino","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kaiwen","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Florian","family":"Schaub","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, MI, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2019,5,2]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"Diana Catherine Lavery, and Sasha Romanosky","author":"Ablon Lillian","year":"2016","unstructured":"Lillian Ablon , Paul Heaton , Diana Catherine Lavery, and Sasha Romanosky . 2016 . Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information. Technical Report. Rand Corporation . Lillian Ablon, Paul Heaton, Diana Catherine Lavery, and Sasha Romanosky. 2016. Consumer Attitudes Toward Data Breach Notifications and Loss of Personal Information. Technical Report. Rand Corporation."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3054926"},{"key":"e_1_3_2_2_3_1","volume-title":"Privacy and human behavior in the age of information. Science 347, 6221","author":"Acquisti Alessandro","year":"2015","unstructured":"Alessandro Acquisti , Laura Brandimarte , and George Loewenstein . 2015. Privacy and human behavior in the age of information. Science 347, 6221 ( 2015 ), 509--514. Alessandro Acquisti, Laura Brandimarte, and George Loewenstein. 2015. Privacy and human behavior in the age of information. Science 347, 6221 (2015), 509--514."},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501613"},{"key":"e_1_3_2_2_5_1","volume-title":"USENIX Security Symposium","volume":"13","author":"Akhawe Devdatta","year":"2013","unstructured":"Devdatta Akhawe and Adrienne Porter Felt . 2013 . Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness .. In USENIX Security Symposium , Vol. 13 . Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness.. In USENIX Security Symposium, Vol. 13."},{"key":"e_1_3_2_2_6_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS)","volume":"4","author":"Almuhimedi Hazim","year":"2014","unstructured":"Hazim Almuhimedi , Adrienne Porter Felt , Robert W Reeder , and Sunny Consolvo . 2014 . Your reputation precedes you: History, reputation, and the chrome malware warning . In Symposium on Usable Privacy and Security (SOUPS) , Vol. 4 . 2. Hazim Almuhimedi, Adrienne Porter Felt, Robert W Reeder, and Sunny Consolvo. 2014. Your reputation precedes you: History, reputation, and the chrome malware warning. In Symposium on Usable Privacy and Security (SOUPS), Vol. 4. 2."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702210"},{"key":"e_1_3_2_2_8_1","unstructured":"American Bankers Association. 2018. Data Security & Customer Notification Requirements for Banks. https:\/\/www.aba.com\/Tools\/ Function\/Technology\/Pages\/datasecuritynotification.aspx. Last accessed on: 09.13.2018.  American Bankers Association. 2018. Data Security & Customer Notification Requirements for Banks. https:\/\/www.aba.com\/Tools\/ Function\/Technology\/Pages\/datasecuritynotification.aspx. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_9_1","unstructured":"BBC. 2011. Using bullet points and numbers in lists. http:\/\/www.bbc.co.uk\/skillswise\/factsheet\/en13styl-l1-f-bulletedand-numbered-points. Last accessed on: 01.06.2019.  BBC. 2011. Using bullet points and numbers in lists. http:\/\/www.bbc.co.uk\/skillswise\/factsheet\/en13styl-l1-f-bulletedand-numbered-points. Last accessed on: 01.06.2019."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.5325\/jinfopoli.6.2016.0154"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.198"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501610"},{"key":"e_1_3_2_2_13_1","volume-title":"Is reading rate constant or flexible? Reading Research Quarterly","author":"Carver Ronald P","year":"1983","unstructured":"Ronald P Carver . 1983. Is reading rate constant or flexible? Reading Research Quarterly ( 1983 ), 190--215. Ronald P Carver. 1983. Is reading rate constant or flexible? Reading Research Quarterly (1983), 190--215."},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.84"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jcps.2014.08.002"},{"key":"e_1_3_2_2_16_1","unstructured":"Lauren Lyons Cole. 2017. After the Equifax breach consumers were advised to freeze their credit - but almost no one did it. http: \/\/www.businessinsider.com\/equifax-credit-freeze-2017--9. Last accessed on: 01.22.2018.  Lauren Lyons Cole. 2017. After the Equifax breach consumers were advised to freeze their credit - but almost no one did it. http: \/\/www.businessinsider.com\/equifax-credit-freeze-2017--9. Last accessed on: 01.22.2018."},{"key":"e_1_3_2_2_17_1","unstructured":"Council of European Union. 2017. General Data Protection Regulation (GDPR). http:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri= CELEX:32016R0679. Last accessed on: 04.28.2018.  Council of European Union. 2017. General Data Protection Regulation (GDPR). http:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri= CELEX:32016R0679. Last accessed on: 04.28.2018."},{"key":"e_1_3_2_2_18_1","first-page":"273","article-title":"Necessary but not sufficient: Standardized mechanisms for privacy notice and choice","author":"Cranor Lorrie Faith","year":"2012","unstructured":"Lorrie Faith Cranor . 2012 . Necessary but not sufficient: Standardized mechanisms for privacy notice and choice . J. on Telecomm. & High Tech. L. 10 (2012), 273 . Lorrie Faith Cranor. 2012. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. J. on Telecomm. & High Tech. L. 10 (2012), 273.","journal-title":"J. on Telecomm. & High Tech."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2911988"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3173575"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1086\/257897"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702442"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"crossref","unstructured":"Rudolf Franz Flesch etal 1949. Art of readable writing. Harper.  Rudolf Franz Flesch et al. 1949. Art of readable writing. Harper.","DOI":"10.2307\/1225957"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1408664.1408666"},{"key":"e_1_3_2_2_26_1","unstructured":"Brian Fung. 2018. Equifax's massive 2017 data breach keeps getting worse. https:\/\/www.washingtonpost.com\/news\/the-switch\/wp\/ 2018\/03\/01\/equifax-keeps-finding-millions-more-people-who-wereaffected-by-its-massive-data-breach\/?noredirect=on&utmterm= .52f7af5c120a. Last accessed on: 09.09.2018.  Brian Fung. 2018. Equifax's massive 2017 data breach keeps getting worse. https:\/\/www.washingtonpost.com\/news\/the-switch\/wp\/ 2018\/03\/01\/equifax-keeps-finding-millions-more-people-who-wereaffected-by-its-massive-data-breach\/?noredirect=on&utmterm= .52f7af5c120a. Last accessed on: 09.09.2018."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1745-6606.2012.01226.x"},{"key":"e_1_3_2_2_28_1","volume-title":"Data Breaches and Customer Loyalty","year":"2017","unstructured":"Gemalto. 2017. Data Breaches and Customer Loyalty 2017 . Technical Report. Gemalto . Gemalto. 2017. Data Breaches and Customer Loyalty 2017. Technical Report. Gemalto."},{"key":"e_1_3_2_2_29_1","unstructured":"General Assembly of Maryland. 2018. Md. Code Ann. Comm. Law 14--3504: Maryland's Personal Information Protection Act. http: \/\/mgaleg.maryland.gov\/webmga\/frmStatutesText.aspx?article= gcl\u00a7ion=14--3501&ext=html&session=2017RS&tab=subject5. Last accessed on: 06.05.2018.  General Assembly of Maryland. 2018. Md. Code Ann. Comm. Law 14--3504: Maryland's Personal Information Protection Act. http: \/\/mgaleg.maryland.gov\/webmga\/frmStatutesText.aspx?article= gcl\u00a7ion=14--3501&ext=html&session=2017RS&tab=subject5. Last accessed on: 06.05.2018."},{"key":"e_1_3_2_2_30_1","volume-title":"12th Symposium on Usable Privacy and Security (SOUPS). 321--340","author":"Gluck Joshua","year":"2016","unstructured":"Joshua Gluck , Florian Schaub , Amy Friedman , Hana Habib , Norman Sadeh , Lorrie Faith Cranor , and Yuvraj Agarwal . 2016 . How short is too short? Implications of length and framing on the effectiveness of privacy notices . In 12th Symposium on Usable Privacy and Security (SOUPS). 321--340 . Joshua Gluck, Florian Schaub, Amy Friedman, Hana Habib, Norman Sadeh, Lorrie Faith Cranor, and Yuvraj Agarwal. 2016. How short is too short? Implications of length and framing on the effectiveness of privacy notices. In 12th Symposium on Usable Privacy and Security (SOUPS). 321--340."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243767"},{"key":"e_1_3_2_2_32_1","unstructured":"Kelli Grant. 2017. Identity theft fraud cost consumers more than $16 billion. https:\/\/www.cnbc.com\/2017\/02\/01\/consumers-lost-morethan-16b-to-fraud-and-identity-theft-last-year.html Last accessed on: 06.19.2018.  Kelli Grant. 2017. Identity theft fraud cost consumers more than $16 billion. https:\/\/www.cnbc.com\/2017\/02\/01\/consumers-lost-morethan-16b-to-fraud-and-identity-theft-last-year.html Last accessed on: 06.19.2018."},{"key":"e_1_3_2_2_33_1","first-page":"121","article-title":"Did the Target data breach change consumer assessments of payment card security","volume":"11","author":"Greene Claire","year":"2017","unstructured":"Claire Greene and Joanna Stavins . 2017 . Did the Target data breach change consumer assessments of payment card security ? Journal of Payments Strategy & Systems 11 , 2 (2017), 121 -- 133 . Claire Greene and Joanna Stavins. 2017. Did the Target data breach change consumer assessments of payment card security? Journal of Payments Strategy & Systems 11, 2 (2017), 121--133.","journal-title":"Journal of Payments Strategy & Systems"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1177\/002194366900600202"},{"key":"e_1_3_2_2_36_1","unstructured":"HIPPA Journal. 2017. What are the HIPAA Breach Notification Requirements? https:\/\/www.hipaajournal.com\/hipaa-breach-notificationrequirements\/. Last accessed on: 09.13.2018.  HIPPA Journal. 2017. What are the HIPAA Breach Notification Requirements? https:\/\/www.hipaajournal.com\/hipaa-breach-notificationrequirements\/. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_37_1","unstructured":"Mark Hochhauser. 2001. Lost in the Fine Print: Readability of Financial Privacy Notices. https:\/\/www.privacyrights.org\/blog\/lost-fine-printreadability-financial-privacy-notices-hochhauser. Last accessed on: 09.13.2018.  Mark Hochhauser. 2001. Lost in the Fine Print: Readability of Financial Privacy Notices. https:\/\/www.privacyrights.org\/blog\/lost-fine-printreadability-financial-privacy-notices-hochhauser. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1080\/10570314.2013.866686"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/985692.985752"},{"key":"e_1_3_2_2_40_1","volume-title":"color, and information structure. Technical communication","author":"Keyes Elizabeth","year":"1993","unstructured":"Elizabeth Keyes . 1993. Typography , color, and information structure. Technical communication ( 1993 ), 638--654. Elizabeth Keyes. 1993. Typography, color, and information structure. Technical communication (1993), 638--654."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2499670"},{"key":"e_1_3_2_2_42_1","unstructured":"Jeffery Kosseff. 2016. My company has had a breach: Whom do I have to notify? https:\/\/iapp.org\/news\/a\/my-company-has-had-a-breachwho-do-i-have-to-notify\/. Last accessed on: 09.18.2018.  Jeffery Kosseff. 2016. My company has had a breach: Whom do I have to notify? https:\/\/iapp.org\/news\/a\/my-company-has-had-a-breachwho-do-i-have-to-notify\/. Last accessed on: 09.18.2018."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1108\/IJOPM-03-2015-0156"},{"key":"e_1_3_2_2_44_1","volume-title":"Jinjuan Heidi Feng, and Harry Hochheiser","author":"Lazar Jonathan","year":"2017","unstructured":"Jonathan Lazar , Jinjuan Heidi Feng, and Harry Hochheiser . 2017 . Research methods in human-computer interaction. Morgan Kaufmann . Jonathan Lazar, Jinjuan Heidi Feng, and Harry Hochheiser. 2017. Research methods in human-computer interaction. Morgan Kaufmann."},{"key":"e_1_3_2_2_45_1","unstructured":"Joseph Lazzarotti Jason Gavejian and Maya Atrakchi. 2018. Security Breach Notification Laws. http:\/\/www.ncsl.org\/research\/ telecommunications-and-information-technology\/security-breachnotification-laws.aspx. Last accessed on: 06.05.2018.  Joseph Lazzarotti Jason Gavejian and Maya Atrakchi. 2018. Security Breach Notification Laws. http:\/\/www.ncsl.org\/research\/ telecommunications-and-information-technology\/security-breachnotification-laws.aspx. Last accessed on: 06.05.2018."},{"key":"e_1_3_2_2_46_1","unstructured":"Johnny Lieu. 2017. Terms and Conditions are too long just ask a guy who read Amazon's for 9 hours. https:\/\/mashable.com\/2017\/03\/15\/ reading-amazons-terms-conditions\/#IQDa1u7BsOq0. Last accessed on: 09.13.2018.  Johnny Lieu. 2017. Terms and Conditions are too long just ask a guy who read Amazon's for 9 hours. https:\/\/mashable.com\/2017\/03\/15\/ reading-amazons-terms-conditions\/#IQDa1u7BsOq0. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2470654.2481371"},{"key":"e_1_3_2_2_48_1","unstructured":"Bernard Mar. 2018. GDPR: The Biggest Data Breaches And The Shocking Fines (That Would Have Been). https:\/\/www.forbes.com\/ sites\/bernardmarr\/2018\/06\/11\/gdpr-the-biggest-data-breaches-andthe-shocking-fines-that-would-have-been\/#199b5b4b6c10. Last accessed on: 09.18.2018.  Bernard Mar. 2018. GDPR: The Biggest Data Breaches And The Shocking Fines (That Would Have Been). https:\/\/www.forbes.com\/ sites\/bernardmarr\/2018\/06\/11\/gdpr-the-biggest-data-breaches-andthe-shocking-fines-that-would-have-been\/#199b5b4b6c10. Last accessed on: 09.18.2018."},{"key":"e_1_3_2_2_49_1","unstructured":"Maryland Coordination and Analysis Center. 2018. Maryland Data Breach Notification Law Updated. http:\/\/www.mcac.maryland.gov\/ newsroom\/Critical%20Infrastructure%20News\/maryland-databreach-notification-law-updated. Last accessed on: 06.05.2018.  Maryland Coordination and Analysis Center. 2018. Maryland Data Breach Notification Law Updated. http:\/\/www.mcac.maryland.gov\/ newsroom\/Critical%20Infrastructure%20News\/maryland-databreach-notification-law-updated. Last accessed on: 06.05.2018."},{"key":"e_1_3_2_2_50_1","unstructured":"Maryland's State Attorney General. 2018. Guidelines for businesses to comply with the Maryland Personal Information Protection Act. http:\/\/www.marylandattorneygeneral.gov\/Pages\/IdentityTheft\/ businessGL.aspx. Last accessed on: 06.05.2018.  Maryland's State Attorney General. 2018. Guidelines for businesses to comply with the Maryland Personal Information Protection Act. http:\/\/www.marylandattorneygeneral.gov\/Pages\/IdentityTheft\/ businessGL.aspx. Last accessed on: 06.05.2018."},{"key":"e_1_3_2_2_51_1","first-page":"543","article-title":"The cost of reading privacy policies","volume":"4","author":"McDonald Aleecia M","year":"2008","unstructured":"Aleecia M McDonald and Lorrie Faith Cranor . 2008 . The cost of reading privacy policies . ISJLP 4 (2008), 543 . Aleecia M McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4 (2008), 543.","journal-title":"ISJLP"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"crossref","unstructured":"Vyacheslav Mikhed and Michael Vogan. 2015. Out of sight out of mind: consumer reaction to news on data breaches and identity theft. (2015). Working Paper.  Vyacheslav Mikhed and Michael Vogan. 2015. Out of sight out of mind: consumer reaction to news on data breaches and identity theft. (2015). Working Paper.","DOI":"10.21799\/frbp.wp.2015.42"},{"key":"e_1_3_2_2_53_1","unstructured":"Drew Mitnick. 2018. No more waiting: it's time for a federal data breach law in the U.S. https:\/\/www.accessnow.org\/no-more-waitingits-time-for-a-federal-data-breach-law-in-the-u-s\/. Last accessed on: 09.18.2018.  Drew Mitnick. 2018. No more waiting: it's time for a federal data breach law in the U.S. https:\/\/www.accessnow.org\/no-more-waitingits-time-for-a-federal-data-breach-law-in-the-u-s\/. Last accessed on: 09.18.2018."},{"key":"e_1_3_2_2_54_1","volume-title":"Risk communication: A mental models approach","author":"Morgan M Granger","unstructured":"M Granger Morgan , Baruch Fischhoff , Ann Bostrom , and Cynthia J Atman . 2002. Risk communication: A mental models approach . Cambridge University Press . M Granger Morgan, Baruch Fischhoff, Ann Bostrom, and Cynthia J Atman. 2002. Risk communication: A mental models approach. Cambridge University Press."},{"key":"e_1_3_2_2_55_1","volume-title":"Conference of State Legislators. 2018. 2018","author":"National","year":"2018","unstructured":"National Conference of State Legislators. 2018. 2018 Security Breach Legislation. http:\/\/www.ncsl.org\/research\/telecommunications-andinformation-technology\/ 2018 -security-breach-legislation.aspx. Last accessed on: 09.13.2018. National Conference of State Legislators. 2018. 2018 Security Breach Legislation. http:\/\/www.ncsl.org\/research\/telecommunications-andinformation-technology\/2018-security-breach-legislation.aspx. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_56_1","unstructured":"Jakob Nielsen. 1997. How Users Read on the Web.  Jakob Nielsen. 1997. How Users Read on the Web."},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1745-6606.2006.00070.x"},{"key":"e_1_3_2_2_58_1","unstructured":"Don Norman. 2013. The design of everyday things: Revised and expanded edition. Constellation.  Don Norman. 2013. The design of everyday things: Revised and expanded edition. Constellation."},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1108\/JCM-07-2015-1487"},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300748"},{"key":"e_1_3_2_2_62_1","unstructured":"Privacy Rights Clearinghouse. 2016. What to Do When You Receive A Data Breach Notice. https:\/\/www.privacyrights.org\/consumerguides\/what-do-when-you-receive-data-breach-notice. Last accessed on: 09.13.2018.  Privacy Rights Clearinghouse. 2016. What to Do When You Receive A Data Breach Notice. https:\/\/www.privacyrights.org\/consumerguides\/what-do-when-you-receive-data-breach-notice. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_63_1","unstructured":"Privacy Rights Clearinghouse. 2018. Data Breaches. https:\/\/ www.privacyrights.org\/data-breaches. Last accessed on: 09.13.2018.  Privacy Rights Clearinghouse. 2018. Data Breaches. https:\/\/ www.privacyrights.org\/data-breaches. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_64_1","doi-asserted-by":"publisher","DOI":"10.1080\/10447310801937999"},{"key":"e_1_3_2_2_65_1","volume-title":"Symposium on Usable Privacy and Security (SOUPS)","volume":"4","author":"Rao Ashwini","year":"2016","unstructured":"Ashwini Rao , Florian Schaub , Norman Sadeh , Alessandro Acquisti , and Ruogu Kang . 2016 . Expecting the unexpected: Understanding mismatched privacy expectations online . In Symposium on Usable Privacy and Security (SOUPS) , Vol. 4 . 2. Ashwini Rao, Florian Schaub, Norman Sadeh, Alessandro Acquisti, and Ruogu Kang. 2016. Expecting the unexpected: Understanding mismatched privacy expectations online. In Symposium on Usable Privacy and Security (SOUPS), Vol. 4. 2."},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.1086\/688669"},{"key":"e_1_3_2_2_67_1","first-page":"39","article-title":"Disagreeable privacy policies: Mismatches between meaning and users' understanding","volume":"30","author":"Reidenberg Joel R","year":"2015","unstructured":"Joel R Reidenberg , Travis Breaux , Lorrie Faith Cranor , Brian French , Amanda Grannis , James T Graves , Fei Liu , Aleecia McDonald , Thomas B Norton , and Rohan Ramanath . 2015 . Disagreeable privacy policies: Mismatches between meaning and users' understanding . Berkeley Tech. LJ 30 (2015), 39 . Joel R Reidenberg, Travis Breaux, Lorrie Faith Cranor, Brian French, Amanda Grannis, James T Graves, Fei Liu, Aleecia McDonald, Thomas B Norton, and Rohan Ramanath. 2015. Disagreeable privacy policies: Mismatches between meaning and users' understanding. Berkeley Tech. LJ 30 (2015), 39.","journal-title":"Berkeley Tech. LJ"},{"key":"e_1_3_2_2_68_1","first-page":"485","article-title":"Privacy harms and the effectiveness of the notice and choice framework","volume":"11","author":"Reidenberg Joel R","year":"2015","unstructured":"Joel R Reidenberg , N Cameron Russell , Alexander J Callen , Sophia Qasir , and Thomas B Norton . 2015 . Privacy harms and the effectiveness of the notice and choice framework . ISJLP 11 (2015), 485 . Joel R Reidenberg, N Cameron Russell, Alexander J Callen, Sophia Qasir, and Thomas B Norton. 2015. Privacy harms and the effectiveness of the notice and choice framework. ISJLP 11 (2015), 485.","journal-title":"ISJLP"},{"key":"e_1_3_2_2_69_1","unstructured":"Alex Reynolds. 2017. GDPR matchup: US state data breach laws. https: \/\/iapp.org\/news\/a\/gdpr-match-up-u-s-state-data-breach-laws\/. Last accessed on: 09.18.2018.  Alex Reynolds. 2017. GDPR matchup: US state data breach laws. https: \/\/iapp.org\/news\/a\/gdpr-match-up-u-s-state-data-breach-laws\/. Last accessed on: 09.18.2018."},{"key":"e_1_3_2_2_70_1","doi-asserted-by":"publisher","DOI":"10.1002\/pam.20567"},{"key":"e_1_3_2_2_71_1","volume-title":"Why Users Ignore Privacy Policies--A Survey and Intention Model for Explaining User Privacy Behavior. In International Conference on Human-Computer Interaction. Springer, 587--598","author":"Rudolph Manuel","year":"2018","unstructured":"Manuel Rudolph , Denis Feth , and Svenja Polst . 2018 . Why Users Ignore Privacy Policies--A Survey and Intention Model for Explaining User Privacy Behavior. In International Conference on Human-Computer Interaction. Springer, 587--598 . Manuel Rudolph, Denis Feth, and Svenja Polst. 2018. Why Users Ignore Privacy Policies--A Survey and Intention Model for Explaining User Privacy Behavior. In International Conference on Human-Computer Interaction. Springer, 587--598."},{"key":"e_1_3_2_2_72_1","volume-title":"Content: The Impact of Risk and Presentation on Disclosure Decisions. In Thirteenth Symposium on Usable Privacy and Security (SOUPS","author":"Samat Sonam","year":"2017","unstructured":"Sonam Samat and Alessandro Acquisti . 2017 . Format vs . Content: The Impact of Risk and Presentation on Disclosure Decisions. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). 377--384. Sonam Samat and Alessandro Acquisti. 2017. Format vs. Content: The Impact of Risk and Presentation on Disclosure Decisions. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). 377--384."},{"key":"e_1_3_2_2_73_1","volume-title":"Raise the Curtains: The Effect of Awareness About Targeting on Consumer Attitudes and Purchase Intentions. In Thirteenth Symposium on Usable Privacy and Security ({SOUPS}","author":"Samat Sonam","year":"2017","unstructured":"Sonam Samat , Alessandro Acquisti , and Linda Babcock . 2017 . Raise the Curtains: The Effect of Awareness About Targeting on Consumer Attitudes and Purchase Intentions. In Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017). USENIX Association, 299--319. Sonam Samat, Alessandro Acquisti, and Linda Babcock. 2017. Raise the Curtains: The Effect of Awareness About Targeting on Consumer Attitudes and Purchase Intentions. In Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017). USENIX Association, 299--319."},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2017.75"},{"key":"e_1_3_2_2_75_1","volume-title":"Eleventh Symposium On Usable Privacy and Security (SOUPS","author":"Schaub Florian","year":"2015","unstructured":"Florian Schaub , Rebecca Balebako , Adam L Durity , and Lorrie Faith Cranor . 2015 . A design space for effective privacy notices . In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). 1--17. Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). 1--17."},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1086\/651235"},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"crossref","unstructured":"Barry Schwartz. 2004. The paradox of choice: Why more is less. Ecco New York.  Barry Schwartz. 2004. The paradox of choice: Why more is less. Ecco New York.","DOI":"10.1037\/e597322010-001"},{"key":"e_1_3_2_2_78_1","volume-title":"The optimism bias. Current biology 21, 23","author":"Sharot Tali","year":"2011","unstructured":"Tali Sharot . 2011. The optimism bias. Current biology 21, 23 ( 2011 ), R941--R945. Tali Sharot. 2011. The optimism bias. Current biology 21, 23 (2011), R941--R945."},{"key":"e_1_3_2_2_79_1","first-page":"370","article-title":"Beyond notice and choice: Privacy, norms, and consent","author":"Sloan Robert H","year":"2014","unstructured":"Robert H Sloan and Richard Warner . 2014 . Beyond notice and choice: Privacy, norms, and consent . J. High Tech. L. 14 (2014), 370 . Robert H Sloan and Richard Warner. 2014. Beyond notice and choice: Privacy, norms, and consent. J. High Tech. L. 14 (2014), 370.","journal-title":"J. High Tech."},{"key":"e_1_3_2_2_80_1","doi-asserted-by":"publisher","DOI":"10.1080\/00139157.1979.9933091"},{"key":"e_1_3_2_2_81_1","volume-title":"Foundations of Information Privacy and Data Protection","author":"Swire Peter","unstructured":"Peter Swire and Kenesa Ahmad . 2012. Foundations of Information Privacy and Data Protection . International Association of Privacy Professionals . Peter Swire and Kenesa Ahmad. 2012. Foundations of Information Privacy and Data Protection. International Association of Privacy Professionals."},{"key":"e_1_3_2_2_82_1","volume-title":"Nudge: Improving decisions about health, wealth, and happiness. HeinOnline.","author":"Thaler Richard H","year":"2008","unstructured":"Richard H Thaler and Cass R Sunstein . 2008 . Nudge: Improving decisions about health, wealth, and happiness. HeinOnline. Richard H Thaler and Cass R Sunstein. 2008. Nudge: Improving decisions about health, wealth, and happiness. HeinOnline."},{"key":"e_1_3_2_2_83_1","unstructured":"The California State Government. 2003. California Civ. Code s. 1798.82(a). https:\/\/leginfo.legislature.ca.gov\/faces\/ codesdisplaySection.xhtml?lawCode=CIV\u00a7ionNum=1798.82. Last accessed on: 06.05.2018.  The California State Government. 2003. California Civ. Code s. 1798.82(a). https:\/\/leginfo.legislature.ca.gov\/faces\/ codesdisplaySection.xhtml?lawCode=CIV\u00a7ionNum=1798.82. Last accessed on: 06.05.2018."},{"key":"e_1_3_2_2_84_1","unstructured":"The Federal Trade Commission. 2018. Gramm-Leach-Bliley Act. https:\/\/www.ftc.gov\/tips-advice\/business-center\/privacy-andsecurity\/gramm-leach-bliley-act. Last accessed on: 09.13.2018.  The Federal Trade Commission. 2018. Gramm-Leach-Bliley Act. https:\/\/www.ftc.gov\/tips-advice\/business-center\/privacy-andsecurity\/gramm-leach-bliley-act. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_85_1","unstructured":"The Privacy Rights Clearinghouse. 2018. Data Breaches. https:\/\/ www.privacyrights.org\/data-breaches. Last accessed on: 12.19.2018.  The Privacy Rights Clearinghouse. 2018. Data Breaches. https:\/\/ www.privacyrights.org\/data-breaches. Last accessed on: 12.19.2018."},{"key":"e_1_3_2_2_86_1","volume-title":"Government Printing Office","author":"The","year":"1996","unstructured":"The U.S. Government Printing Office . 1996 . Health Insurance Portability and Accountability Act of 1996, Public Law 104191. https:\/\/www.gpo.gov\/fdsys\/pkg\/PLAW-104publ191\/html\/PLAW104publ191.htm. Last accessed on: 09.18.2018. The U.S. Government Printing Office. 1996. Health Insurance Portability and Accountability Act of 1996, Public Law 104191. https:\/\/www.gpo.gov\/fdsys\/pkg\/PLAW-104publ191\/html\/PLAW104publ191.htm. Last accessed on: 09.18.2018."},{"key":"e_1_3_2_2_87_1","unstructured":"Susan Tompor. 2018. Credit freeze: A misunderstood freebie that you actually want. https:\/\/www.freep.com\/story\/money\/personalfinance\/susan-tompor\/2018\/09\/06\/equifax-freeze-credit-breach\/ 1156255002\/. Last accessed on: 09.13.2018.  Susan Tompor. 2018. Credit freeze: A misunderstood freebie that you actually want. https:\/\/www.freep.com\/story\/money\/personalfinance\/susan-tompor\/2018\/09\/06\/equifax-freeze-credit-breach\/ 1156255002\/. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_88_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1090.0260"},{"key":"e_1_3_2_2_89_1","volume-title":"States Congress. 1999","author":"United","year":"2018","unstructured":"United States Congress. 1999 . S.900 - Gramm-Leach-Bliley Act. https: \/\/www.congress.gov\/bill\/106th-congress\/senate-bill\/00900. Last accessed on: 09.13. 2018 . United States Congress. 1999. S.900 - Gramm-Leach-Bliley Act. https: \/\/www.congress.gov\/bill\/106th-congress\/senate-bill\/00900. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_90_1","volume-title":"USENIX Security Symposium. 65--80","author":"Ur Blase","year":"2012","unstructured":"Blase Ur , Patrick Gage Kelley , Saranga Komanduri , Joel Lee , Michael Maass , Michelle L Mazurek , Timothy Passaro , Richard Shay , Timothy Vidas , Lujo Bauer , 2012 . How does your password measure up? The effect of strength meters on password creation .. In USENIX Security Symposium. 65--80 . Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, et al. 2012. How does your password measure up? The effect of strength meters on password creation.. In USENIX Security Symposium. 65--80."},{"key":"e_1_3_2_2_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/TEM.2008.922634"},{"key":"e_1_3_2_2_92_1","doi-asserted-by":"publisher","DOI":"10.1177\/1080569912443081"},{"key":"e_1_3_2_2_93_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.02.004"},{"key":"e_1_3_2_2_94_1","unstructured":"Paul Wagenseil. 2017. What to Do After a Data Breach. https:\/\/ www.tomsguide.com\/us\/data-breach-to-dos news-18007.html. Last accessed on: 09.13.2018.  Paul Wagenseil. 2017. What to Do After a Data Breach. https:\/\/ www.tomsguide.com\/us\/data-breach-to-dos news-18007.html. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_95_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556288.2557413"},{"key":"e_1_3_2_2_96_1","unstructured":"Kelce Wilson. 2018. Data breach notifications may facilitate identity theft. https:\/\/iapp.org\/news\/a\/data-breach-notifications-mayfacilitate-identity-theft\/. Last accessed on: 09.13.2018.  Kelce Wilson. 2018. Data breach notifications may facilitate identity theft. https:\/\/iapp.org\/news\/a\/data-breach-notifications-mayfacilitate-identity-theft\/. Last accessed on: 09.13.2018."},{"key":"e_1_3_2_2_97_1","doi-asserted-by":"publisher","DOI":"10.1145\/2493432.2493436"},{"key":"e_1_3_2_2_98_1","volume-title":"Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS).","author":"Zou Yixin","year":"2018","unstructured":"Yixin Zou , Abraham H. Mhaidli , Austin McCall , and Florian Schaub . 2018 . \" I've Got Nothing to Lose\": Consumers' Risk Perceptions and Protective Actions after the Equifax Data Breach . In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS). Yixin Zou, Abraham H. Mhaidli, Austin McCall, and Florian Schaub. 2018. \"I've Got Nothing to Lose\": Consumers' Risk Perceptions and Protective Actions after the Equifax Data Breach. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS)."}],"event":{"name":"CHI '19: CHI Conference on Human Factors in Computing Systems","location":"Glasgow Scotland Uk","acronym":"CHI '19","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3290605.3300424","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3290605.3300424","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:53:21Z","timestamp":1750204401000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3290605.3300424"}},"subtitle":["An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications"],"short-title":[],"issued":{"date-parts":[[2019,5,2]]},"references-count":96,"alternative-id":["10.1145\/3290605.3300424","10.1145\/3290605"],"URL":"https:\/\/doi.org\/10.1145\/3290605.3300424","relation":{},"subject":[],"published":{"date-parts":[[2019,5,2]]},"assertion":[{"value":"2019-05-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}