PI 2012 Complete Report

Privacy in India: Attitudes and Awareness V 2.
0
Ponnurangam Kumaraguru (PK)
Niharika Sachdeva
PreCog-TR-12-001
Nov 22, 2012
Indraprastha Institute of Information Technology, Delhi

Okhla
New Delhi, 110 020
c
2012
PreCog
All rights reserved
This research was partially funded by International Development Research Centre (IDRC), Canada
entitled Privacy in India. Any opinions, findings, conclusions or recommendations expressed in
this publication are those of the authors and do not necessarily reflect those of the funding agencies
and others who supported the study. For any inputs / feedback / clarifications / correspondence,
write to [email protected].
Keywords (in alphabetical order): Awareness, credit cards, government, India, Internet, mobile
phones, online social networks, Personally Identifiable Information, privacy, user perceptions.
Privacy is the claim of individuals, groups or institutions to determine for themselves

when, how, and to what extent information about them is communicated to others.
. . . each individual is continually engaged in a personal adjustment process in which he
balances the desire for privacy with the desire for disclosure and communication . . .
Dr. Alan Westin, Privacy and Freedom, 1967
Acknowledgments
Given that our work on Privacy in India: Attitudes and Awareness received a warm welcome
among the community in 2005 and thereafter, we were always keen to do a larger study to understand the privacy perceptions of people in India and create a bench-mark for empirical data for
the same. We would like to thank International Development Research Centre (IDRC), Canada
for supporting the research through a Pan-South-Asia project on privacy. We would personally
like to thank Vickram Crishna for inviting PK to write a proposal on this topic, while PK was
still a graduate student at Carnegie Mellon University, USA. Thanks to Gus Hosein from Privacy
International / London School of Economics to work closely with us throughout the project and
giving us valuable inputs as and when needed.
There are many many people who have helped us in formalizing this study, and collecting data.
Thanks to Supriya Singh to review the first draft of the protocol for the interviews and focus
group discussions. We would like to thank all the members of PreCog who have given us continued
support throughout the project; special thanks to Aditi Gupta, Srishti Gupta, Siddhartha Asthana,
Deepansha Sachdeva and Anuradha Gupta. Many others around the country have helped us with
data collection, we hope, we have covered you here, if we miss, it is totally because of our mistake:
Nandkumar Saravade, Sucheta Dalal, Nagarjuna Gadiraju, Ravi Singh Pippal, Shashikala Tapaswi,
Dharma Prakash, Shyam Sundar, Divya Bansal, Lakshmi Santhanam, Sunil Abraham, members of
Advisors Council of CSO Forum, NASSCOM, DSCI, Raghu Raman, Burgess Cooper, Anuradha Das
Mathur, members of the Pan-South-Asia privacy project. We thank Mala Bhandari for conducting
the initial studies and focus group discussions. We thank our family members for being with us for
this endeavor.
Even though others have contributed to this work, we are responsible for the content, conclusions,
errors, or omissions in this report.
Contents
1 Executive Summary
2 Introduction
2.1
India today . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2
Cultural status of privacy in India . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3
Motivation and rationale
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.4
Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.5
Main contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 Interviews
3.1
Interview sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2
Interview methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.3
Interview conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Focus Group Discussions
12
4.1
FGD sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2
FGD methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.3
FGD conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.3.1
Inferences from the discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.3.2
Marking information as personally identifiable information . . . . . . . . . . . 15
4.3.3
Marking Facebook privacy settings . . . . . . . . . . . . . . . . . . . . . . . . 15
5 Survey
19
5.1
Survey sample
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.2
Survey methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.3
Survey conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
ii
6 Conclusions
48
7 Appendixes
52
iii
List of Figures
3.1
One of the interviews that we conducted in Delhi.
4.1
One of the focus group discussions (18 24 years group). . . . . . . . . . . . . . . . 14
4.2
General privacy settings in Facebook. . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.3
Advanced privacy settings in Facebook. . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.4
Request for permissions by a Facebook application. . . . . . . . . . . . . . . . . . . . 18
iv
. . . . . . . . . . . . . . . . . . . 10
List of Tables
3.1
Demographics of the participants in the interviews. . . . . . . . . . . . . . . . . . . .
4.1
Gender and education characteristics of the participants in the Focus Group Discussions (FGD). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2
Percentage of participants marking the data as Personally Identifiable Information

(PII). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3
Percentage of participants marking the data as Personally Identifiable Information

(PII). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Chapter 1
Executive Summary
India, worlds largest democracy, has witnessed enormous development in information technology
over past few years. It has become a necessity to share personal information for every service,
from getting a mobile phone connection to registering for online banking. India being a collectivist
society (one of the developing countries part of BRIC 1 nations), has different expectations of
privacy than other developed nations. The concept of privacy in India has not been investigated in
detail, and we also lack empirical data with respect to privacy perceptions among Indian citizens.
Recent developments in the Indian scenario e.g. privacy bill, UID project signify a need for privacy
awareness and understanding in Indian masses. It is also important for policy makers to comprehend
sentiments and opinion of masses for structuring effective laws and policies for the citizens of India.
Our study focuses on understanding privacy perceptions and expectations of Indian citizens. In
the first phase, we conducted interviews among 20 participants and 4 focus group discussions with
31 participants, to collect qualitative data about the privacy perceptions. In the second phase, we
developed a survey questionnaire to collect quantitative data. We collected responses (10,427) from
various cities in India. We hope the understanding developed through the responses collected during
the study, helps decision makers and technology developers in producing customizable solutions
and laws for Indian users. Also, it will help us in identifying conflicting nature of users in their
expectations and practices on privacy matters.
Key takeaways from this research work are stated below; these are drawn from the interviews, focus
group discussions, and surveys that we conducted to study the privacy perceptions in India. As
far as our knowledge goes, this is the largest ever study on privacy perceptions in India, we also
believe that, this is the case around the world too. 2
General Privacy:
Participants related to communication privacy and Internet privacy mostly, when asked
about the first reactions for the word privacy. Participants showed more concerns
1
BRIC is an acronym which refers to the four countries - Brazil, Russia, India and China
The main intent for this technical report is to give the raw data that we collected, and some preliminary analysis
without delving deeper into the analysis and implications of the conclusions. We hope the reader will read the report
by referring to the appropriate appendixes, as referred in the report. We are working on an academic paper with this
data.
2
about privacy through mobile phones, and Internet than other forms of privacy issues
(physical, territorial, work place, etc.).
Majority of the participants felt passwords to be the most protected Personally Identifiable Information (PII) and then, financial information (bank, credit card details). In
comparison to this, religion, mobile phone number, and health related information were
rated as less protected PII.
Privacy awareness about issues in public places was low. Participants were not aware of
various privacy issues related to cameras in public places, and others taking pictures in
public places.
Mobile Phones:
Mobile phones are becoming the next destination for storing private information. Participants stored personal information like passwords, credit card numbers, Permanent
Account Number (PAN), PINs, etc. Privacy seems to be the primary concern for not
storing personal information on the mobile phones for the rest.
Majority of the participants felt comfortable with the protection provided by the mobile
service providers.
Most participants tend to delete the information on phone (e.g. contacts, messages,
videos, audios, etc.) before discarding the devices.
Privacy invasion through somebody specifically taking picture of the individual is of
more concern than pictures / videos taken through CCTV and the likes.
Internet and Online Social Media:
About 40% of the participants would never save / share personal information in / through
emails. Privacy seems to be the primary reason for this behavior.
Survey participants were more aware about privacy policies and tend to read these
policies more than the earlier study in 2004.
Minority of the participants had no privacy concerns with online social networks.
Majority of the participants felt pictures to be the most privacy invasive data on the
OSNs.
About 5% of the survey participants tend to accept friend requests from strangers or
people whom they dont know, but just have common friends. This behavior seems to
be same even with the third party applications.
Financial Privacy:
Participants were aware of privacy issues related to financial data; thanks to various
financial frauds and thefts that has created the awareness.
About 15% of the survey respondents felt that the credit cards should display personal
information like name, date of birth, and phone number.
About 80% of the survey respondents were aware of identity theft issue through credit
cards.
Government:
Citizens have misinformed mental models of the privacy situation; e.g. Participants felt
there were privacy laws where as there is no privacy law in India.
About 17% of the survey participants said that personal information collected by UID
and NATGIRD projects will not be misused.
Trust in the government has reduced from 2004.
Chapter 2
Introduction
2.1
India today
India is one of the leading IT services provider to the businesses across the globe with USD 60
billion outsourcing industry [12]. It has experienced considerable growth in the domestic sector,
which emerged as a vital IT investor. The predicted increase in the IT spending in the country is
16.3% (USD 43.57 billion in 2012), as reported by IDCs report Indian IT Market Overview Report2012 [19]. According to the report, expected IT spending in Small and Medium Enterprises (SME)
would grow by 43% by 2015. These developments have attracted huge Government investments
into IT enabled sectors. Government agencies are spending more than USD 10 billion in several of
e-Governance projects [12]. Celnets report [5] Payment in India is going e-way, mentioned 30% of
the total transaction are e-transactions and 75% of the total payment to be in the form of electronic
payments. India was ranked 6th in the world with 61.338 million Internet users in 2009 [1], and is
predicted to have the 3rd largest Internet user base by 2013 (Forresters Research) [11]. Internet
penetration is at about 7.1% but is marked to be rising exponentially. With the increase in the
number of Internet users and increased penetration of technology in modern Indias individual,
the exposure to the e-threats and privacy breach has increased as well. These threats can cause
potential damages to financial, social, and personal interests of the individuals, e.g. targeted
advertising. The commercialization with e-facilities has lead to development of a large sector
involved in targeted advertising. Realizing the frustration and annoyance caused by such services
and to protect the users, schemes e.g. National Do Not Call registry and regulatory guidelines
for banking industry, were introduced. This got some respite for the users but was not of much
significance. The panorama of consumer privacy in the country changed with proposed amendments
in IT Act, getting privacy to the table of discussion among various fraternities e.g. legislation, social
communities in the country. The last few years also witnessed conceptualization of countrywide
projects such as UID (Aadhar) and NATGRID (National Intelligence Grid).
2.2
Cultural status of privacy in India
Indian culture may play a significant role in shaping attitudes about privacy. Cultural values are
known to affect a populations attitudes about privacy [2], [4], [10], [18]. Hofstede developed a
5
number of cultural values indices to measure cultural differences between societies. According to
Hofstede, India is a collectivist society with lower Individualism Index (IDV) and higher Power
Distance Index (PDI) compared to the US, which is an individualist society with higher IDV and
lower PDI. Hofstede has shown that individuals in collectivist societies have more trust and faith
in other people than individuals in individualist societies [13], [14]. Anecdotal evidence of Indians
tendency to trust that their personal information will not be misused can be found in recent Indian
popular news media reports that Indians are largely unaware of the extent to which databases of
personal information are sold and traded among companies. When informed of this practice, the
news media reports that individuals are often shocked and outraged. News magazine India Today,
featured a cover story titled Privacy on Sale, illustrated with a cover photo of a man with a
bar code stamped on his head [3]. The Times of India featured a special report on The Death
of Privacy [20]. Similar stories have been showing up in the Western press for several years, but
have only recently appeared in India. The Indian joint family tradition [9], in which it is common
for households to include multiple brothers, their wives, and their children (all living in a relatively
small house by US standards), results in more routine sharing of personal information among a
wider group of people than is typical in the US. Information that might typically be disclosed only
to ones spouse or parents in the US is more frequently shared among uncles, aunts, and cousins
in India. In addition, as it is common for Indian businesses to be owned and operated by large
extended families, personal financial information is typically shared fairly widely among Indians.
The urban cities in India support a large population base. Each year witnesses increased migration
from rural to urban areas [1] leading society towards urbanization. India originally is a collectivistic
society, exhibiting a culture of joint families and life driven by rules and norms of the society,
but the increased urbanization is influencing society towards individualism. An increase in the
Individualism Index (IDV) marks the beginning of individualism in India Society and also accounts
for the increased awareness about individual rights. In spite of large proportion of population being
uneducated and illiterate, the government is making constant efforts to get all individuals under
IT enabled services and projects e.g. UID, NATGRID. Mobile phones have come out as an evident
tool for large communities and has hence become inevitable for the individuals not to use services
on the mobile phones. Increasingly services such as banking, insurance, telecom are introducing
Information Technology (IT) enabled services increasing the purview of IT on life. Various studies
in the past [15], [16], [17], [21] have shown Indian population to be less sensitive to the privacy
in comparison to countries of the world, significantly because of the collectivistic nature of Indian
society. However, increased exposure to technology could lead to change in this behavior. In 2009,
the Government of Indian launched the national database, a Unique Identification number (UID),
which aims at providing unique numbers to all individuals. The numbers are assigned based on
the biometric information of the individuals e.g. iris, fingerprints, etc. The project rose concerns
in the country regarding privacy of the data collected as it had major privacy challenges to handle
e.g. De-duplication, maintaining a large centralized database against privacy breach, etc. Another
aspiring project, NATGRID by the government faced significant opposition due to the involved
threats to the privacy of the Indian individuals.
2.3
Motivation and rationale
Given the background of lack of empirical data on privacy perceptions in India and the country
becoming a major player in many spheres, we felt it as an utmost importance to study the privacy
attitudes and awareness in India. There are many studies done across the world on privacy [4], [6],
[7], [8], [13], [14], [18], [21] but a very few in India; one of the first ones done on this topic are [16], [17].
Most of the studies are focussed on the US or the European Union. One of our primary motivation
was to get India in the world map of privacy discussion; towards achieving this goal, we have
attempted to create a bench-mark for privacy perceptions in India and we hope this type of study
will be done in a longitudinal basis to understand the changes in the privacy awareness in the
society over the years.
2.4
Methodology
To achieve the above mentioned goals, we followed a typical research methodology approach of
conducting the interviews, succeeded by the focus group discussions and finally, a large survey. We
describe below a quick snapshot of the methodology.
Interviews: To get qualitative insights onto what people think about privacy and what
topics to study in detail, we conducted 20 interviews among various stakeholders in Delhi
and National Capital Region (NCR). The conclusions from interviews helped us in designing
FGDs and later the surveys. More about the methodology in Section 3.2.
Focus group discussions: Using the interviews, we developed the FGD protocol. We
conducted 4 FGDs (each of it having about 8 participants) among various stakeholders of
privacy. More about the methodology in Section 4.2.
Survey: Using our understanding from interviews and FGDs, we developed a protocol to
conduct survey among large participants. In total, we have about 10,427 completed participants; one of the largest studies conducted on privacy in India. More about the methodology
in Section 5.2.
2.5
Main contributions
Our main contributions are as follows:

To the best of our knowledge, this is one of the largest study on privacy perceptions in India. 1
We have developed an empirical understanding of privacy perceptions and awareness with
a sample of 10,427 participants across India; and have developed a bench-mark for privacy
perceptions through this study.
We also believe that this is one of the largest surveys in the world, specifically focused on privacy.
Chapter 3
Interviews
Our interest in doing the interviews was to get an insight on what Indian citizens perceive about
privacy. In order to understand the privacy perceptions, we kept the questions of the interview
to be open-ended and let the participants speak about their reactions. In this chapter, we discuss
about the interviews we conducted and the privacy results along with the insights from the interviews. Section 3.1 describes the sample that we had in the interviews; Section 3.2 describes the
methodology that we used in collecting data; Section 3.3 concludes with some of the takeaways
from the interviews.
3.1
Interview sample
We recruited participants through word-of-mouth from Delhi (in India) region. We completed 20
individual interviews lasting for about 120 mins each. We had 9 females and 11 males in the
interview. The participants were spread across various walks of life (e.g. age group, education, and
occupation). Table 3.1 gives some of the important demographics of the participants. Complete
screening questionnaire that we used for the interview with the results is presented in Appendix 1:
Interview - Background Questionnaire. We had about 88 questions in the interview. We define N
as the number of participants interviewed during the study.
3.2
Interview methodology
Administrator of the study met with the participants in different places (e.g. coffee shop, at participants home, etc.) and did the interviews. We used the screening questionnaire to select the
participants for the interviews. Figure 3.1 shows one of the interviews that we conducted in Delhi.
All 20 interviews were recorded, transcribed for our analysis. Questions were compartmentalized
into different sections like general privacy, mobile phone privacy, credit cards / ATM privacy, websites / Internet / online social networks, and government. Appendix 2: Interview - Questionnaire
gives the entire protocol that we used in the interviews. No personal information (name, email
address, etc.) that would re-identify any subject was recorded with the interview data. We used
randomly generated numbers to identify the subjects in our notes so as to maintain subjects pri-
Table 3.1: Demographics of the participants in the interviews. Values in the table are in percentage.
N=20
Percentages
Gender
Female
Male
Age
20 24
25 29
30 39
40 49
50+
Marital status
Single
Married
Education
Less than graduate
Graduate
Post graduate
Ph.D.
Professional
Occupation
Student
Work from home
Job in public sector
Job in private sector
Housewife
Business
Civil engineer
Journalist
Management
NGO
45
55
10
10
35
25
20
40
60
5
20
40
10
25
10
10
15
30
5
10
5
5
5
5
vacy. We got all the participants sign a consent form before taking part in the interviews and we
compensated all participants for their time and efforts. We collected the data in January 2011.
3.3
Interview conclusions
In this section, we present our analysis of general understanding and concerns about privacy;
awareness about privacy and technology; concerns about mobile phones; knowledge of privacy laws,
and privacy in various government projects; and knowledge of privacy issues related the Internet
and online social media services.
Figure 3.1: Picture of one of the interviews that we conducted in Delhi.
When participants were asked about privacy in general (Question: When you hear the word
privacy, what comes to your mind?), seven of them mentioned privacy from other people, seven
mentioned some form of information privacy (e.g. Internet, telephone, etc.), one mentioned being
let alone and one mentioned there are multiple definitions of privacy and it is very complicated to
explain e.g. Everybody has a different definition of privacy. we define different spheres around
us and it would involve different levels of privacy. While discussing what personal information
constitutes, most of the participants mentioned economic status or income, and their age. One
participant mentioned I cannot share my phone number but can share my email ID. Majority of
the participants thought privacy is going to become an issue in future; one participant mentioned
I, being a student, do not consider privacy so important in life, but am sure that 10 years down the
line, it would hold tremendous importance for me. By then a lot would have happened in my life
that I would like to keep private to myself. Other student participants had similar views. Another
participant who had a similar sentiment mentioned In future, I dont know how it will play. It is
a scary though for me because in future, 10 years down the line, there would be no concept like
personal, everywhere some or the other form of information will be available about you.
Most participants were ignorant about various privacy issues related to the Internet and online
social media. For example, about 75% of the participants had never read the privacy policy on
any website that they interact with and about the same percentage of participants had never read
the privacy policy of a website before sharing his / her personal information. About 50% of the
participants have changed their default settings on a social network that they use. Participants were
unaware of their information on social networks and on the Internet I do not know where my
photos or information would be going online. Another common behavior among participants were,
they changed their behavior online over the time (less concerned to more concerned) Initially I
had for all. Now the privacy settings are friends.
One of the patterns, that we saw across participants was that, all of them felt very concerned
about financial privacy. About 75% mentioned that they dont disclose any credit card details to
anybody over the phone. Fifty percent of the participants have not read the privacy policy of
their credit card and only one participant said that he / she has read the policy. About 50% of the
participants said no to Do you think the ATM centers provide enough privacy for making money
10
transactions? We also believe that various financial organizations and media have played a great
role in creating awareness about the financial privacy issues to citizens. Most of them credited their
understanding of the issue to either financial organizations or the media No, I never give credit
card details to anybody over the phone. All credit card agencies have instructed not to give credit
card details to anyone on phone so I do not.
While discussing about the awareness and existence of privacy laws and various government projects
in India, a common reaction was Yes government has all kinds of information but under various
heads, it is not consolidated. Participants, in general assume the government to protect them and
take care of their information, for example, one participant, said The government is not expected
to auction my personal information to anybody and everybody. If at all anyone gets an access, it will
definitely bother me. More number of participants were aware about the UID project compared to
NATGRID project. One of the participant mentioned It is important to have this kind of facility
in our country. It is police / security project. regarding NATGRID.
11
Chapter 4
Focus Group Discussions

In this chapter, we present the details from Focus Group Discussions (FGDs) that we did to
understand the privacy perceptions of the users. Section 4.1 describes the sample of participants
who were part of the FGDs; Section 4.2 describes the methodology that we used in collecting data
through FGDs; Section 4.3 concludes with some of the takeaways from the focus group discussions.
4.1
FGD sample
In total, we conducted four FGDs, each of which lasted for about 3 hours. Table 4.1 presents
some characteristics of participants from the FGDs. Complete screening questionnaire that we
used for the FGD with the results is presented in Appendix 3: FGD - Background Questionnaire.
We conducted four FGDs in Delhi; our aim was to conduct each FGD with different stakeholders
of privacy. We did one with age group 18 25 years, student community (FGD1); one with 46+
years (FGD2); one with 26 35 years, working professionals / industry (FGD3); one with 26 35
years, academia (FGD4). In total, we had 31(represented as N in this section) participants for the
FGDs.
4.2
FGD methodology
Through word of mouth, we recruited participants for our FGDs. We used the Screening Questionnaire (Appendix 3: FGD - Background Questionnaire) for recruiting participants into the study.
We screened only those participants who were in the category of people that we were looking for
(e.g. 18 24 years participants for that group of study). We conducted the four FGDs in four different locations; we worked it out with different organizations (academics / industry organization)
to have a room where we could do the FGDs. We asked about 20 questions in the FGD and we got
consent forms signed by each of the participants before starting the FGD. We also compensated
the participants for their time and efforts.
Figure 4.1 presents one of the FGDs that we did among students in Delhi. We used voice recorders
to tape the discussion; we introduced ourselves and gave a brief background on the goals of study
and then started with asking some basic questions. We tried to get each of the participant to
12
Table 4.1: Gender and education characteristics of the participants in the Focus Group Discussions. Values
in the table are in percentage.
Gender
Female
Male
Education
Less than graduate
Graduate
Post graduate
Ph.D.
Professional
FGD1
N=8
FGD2 FGD3 FGD4

N=8
N=8
N=7
Percenatges
Total
N=31
50.00
50.00
50.00
50.00
62.50
37.50
57.14
42.86
54.84
45.16
25.00
50.00
25.00
0.00
0.00
25.00
25.00
25.00
0.00
25.00
0.00
37.50
50.00
0.00
12.50
0.00
0.00
42.86
57.14
0.00
12.90
29.03
35.48
12.90
9.68
speak their views about each of the questions that were posted to the group. Appendix 4: FGD Moderator Guide has the questionnaire for the FGDs. As and when we felt the discussion was going
in a different direction, we would request participants to discuss about the privacy implications.
All FGD audios were transcribed and analyzed. We conducted the studies in April and May, 2011.
We also asked them to fill a form (see Appendix 5: FGD - Personally Identifiable Information) that
we had given them as a printout, to identify which one of these they would classify as Personally
Identifiable Information (PII). Please tick, what according to you is Personal Information (Personally Identifiable Information)? We also showed printouts of three Facebook setting pages for
them to mark their own settings; the three screenshots that we presented included basic privacy
settings (Figure 4.2), detailed privacy settings (Figure 4.3), and the request for permission while
allowing / disallowing third party applications (Figure 4.4).
4.3
FGD conclusions
In this section, we discuss (1) the inferences from the discussion that we had with the participants;
(2) the outcomes of the task for marking information as personally identifiable information; and
(3) takeaways from the task on marking privacy settings in Facebook.
4.3.1
Inferences from the discussion
Participants repeatedly mentioned that privacy is not something easy to define and may vary
according to the context and the individual. One participant mentioned, Notion of privacy, as
such is very vague. Most participants defined it as something or some information they do
not want to share with others. We got similar reactions from all our FGDs. There was a lack of
awareness about the privacy laws in India, a common response we got was there are some cyber
laws on privacy, but what exactly we do not know or there are no privacy laws in India. We
are not aware of any. Most of the participants were responding to the questions from the security
13
Figure 4.1: Picture of one of the focus group discussions; this was the 18 24 years group.
point of view (unauthorized access, data being stolen, etc.) and not privacy. Even after repeated
emphasis on privacy, participants in FGD3 and FGD4 talked about security and not privacy.
Almost all participants in FGDs were annoyed by the spam SMSs that they receive; on an average,
most of the participants received 3-4 spams a day. A common sentiment on this was It is intrusive.
and they believed that none of the government policies (e.g. TRAI) are going to help reduce the
problem. It is not just the spam SMS is a problem, it is also the spam calls, one of the participant
said When we are working we get unnecessary calls. XXXX 1 Company, about property, etc. It
creates unnecessary tension when my phone rings at odd hours, I am sleeping and in middle of the
night I might get a call of no relevance to me. All participants who mentioned this issue think
that their phone numbers are getting leaked to various parties, which is a privacy issue. Some
participants also talked about privacy related to location inference through mobile phones. One
participant said I think with my phone [GPS location] anybody can come to know about my
location and therefore interferes with my privacy.
Some participants (specifically the elderly people) in the FGDs were not on online social media,
most of them did not feel the need for being on these services. One of the participant, mentioned, I
dont feel necessity to post pictures therefore [I] not on Facebook. Among the participants on social
media, nobody has read the privacy policy of these services. One of the academician remarked,
I believe that even if I made these privacy settings, I am not sure if what I want is actually
happening. I had removed a friend but still I am not sure how they got to see my details. showing
1
Anonymized to preserve the privacy.
14
the sentiment that it is of no value even if we update the privacy settings. Some participants also
mentioned These [online social media services] things are misused a lot. as reason for not being
on online social media services.
Camera in mobile phones seemed a big concern for the female participants, one female participant
even shared an incident when one of their friends recorded some funny picture / video of them and
posted it online on Facebook. One girl said, sometimes they even feel people recording a video or
clicking a picture, but they cannot do anything about it.
Most people said they use credit and debit cards, but said they would avoid using online banking
and money transactions, as they do not have much faith in the online process. One participant
shared an experience, when an identity theft with respect to a credit card happened to his friend
A credit card was delivered to an address after the person had moved from that address, hence
that credit card was taken by someone else, and used for shopping, and the concerned person (his
friend) got to know only at the end of the month when he received the bills.
4.3.2
Marking information as personally identifiable information
During the FGDs, we presented a list to the participants for them to identify whether they are PII
or not. Appendix 5: FGD - Personally Identifiable Information has the content that we presented
to the users for them to mark. Table 4.2 presents the percentage of participants who marked
the information as PII from each of the FGD; last column in the table presents the total of all
the four FGDs. From the Table, we see that most of the participants (more than 90%) considered
these information as PII: Bank account number, Credit card number / Debit card number, Property
details, Passport number, and Email and other Passwords. This shows a lot of emphasis on financial
/ information details among citizens. Participants considered Gender, Religion, and Category-SC
/ ST / OBC / General as the least in terms of PII. We found a clear difference between the
professionals from industry and academia participants; no piece of information was considered as
PII by academia while maximum pieces of information was not at all considered personal (0%) by
industry professionals.
4.3.3
Marking Facebook privacy settings
Photographs seemed the most sensitive information people consider as private on Facebook. Facebook privacy setting handouts: all participants had seen and modified the main privacy settings
page of Facebook (Figure 4.2), but when we showed the second handout of Facebook privacy settings (the level 2 settings, Figure 4.3), only one participant had seen that page. Rest did not know
that they can even control those privacy settings on Facebook (the screenshots were taken in the
month of March).
15
Figure 4.2: General privacy settings in Facebook.
Figure 4.3: Advanced privacy settings in Facebook.
16
Table 4.2: Percentage of participants marking the data as Personally Identifiable Information (PII). One
participant in FGD2 did not provide the information, therefore effective value for FGD2=7 and total=30 for
this response.
FGD1
N=8
Full name
Designation
Date of Birth
Birth Place
Caste
Gender
Religion
Family member names
Photograph (Hard copy)
Marital status
Photograph (Digital copy)
Permanent address
Passport photocopy
Temporary address
Voters card photocopy
Educational qualification
Category-SC/ST/OBC/General
Ration card photocopy
Phone number (landline)
ID card photocopy
Mobile number
CV / Resume
CVV number
Photocopy of other identify proofs, like
PAN card etc.
Bank account number
Medical records
Credit card number / Debit card number
Property details
Ration card number
Tax details (House / income etc.)
Vehicle registration number
Academic grades or marksheet copy
Passport number
Your bank name
Your phone service providers name
Email and other Passwords
Fingerprints and other biometric details
17
FGD2
N=8
Total
N=31
12.50
12.50
62.50
37.50
12.50
12.50
12.50
62.50
75.00
37.50
100.00
62.50
75.00
50.00
100.00
0.00
12.50
50.00
87.50
62.50
75.00
25.00
25.00
87.5
FGD3 FGD4
N=8
N=7
Percenatges
14.29
0.00
28.57
0.00
75.00
28.57
14.29
12.50
57.14
0.00
0.00
28.75
14.29
0.00
14.29
0.00
0.00
14.29
0.00
0.00
14.29
28.57
0.00
71.43
85.71
50.00
85.71
14.29
0.00
28.57
71.43
50.00
85.71
28.57
0.00
71.43
100.00 62.50
85.71
0.00
0.00
42.86
100.00 75.00
71.43
28.57
0.00
14.29
0.00
0.00
14.29
85.71
50.00
71.43
57.14
25.00
57.14
85.71
75.00
85.71
85.71
37.50
71.43
85.71
12.50
57.14
71.43
100.00 42.86
100.00 50.00
71.43
100.00
50.00
100.00
75.00
50.00
87.50
62.50
50.00
75.00
37.50
0.00
100.00
75.00
100.00
85.71
100.00
100.00
57.14
85.71
85.71
71.43
100.00
57.14
28.57
100.00
71.43
100.00
50.00
96.67
93.33
46.67
76.67
50.00
36.67
83.33
40.00
16.67
100.00
66.67
100.00
0.00
87.50
100.00
25.00
50.00
12.50
0.00
62.50
25.00
12.50
100.00
25.00
100.00
71.43
100.00
100.00
42.86
85.71
42.86
28.57
100
42.86
28.57
100.00
100.00
13.33
30.00
36.67
16.67
10.00
6.67
6.67
40.00
73.33
20.00
76.67
40.00
80.00
23.33
86.67
10.00
6.67
63.33
56.67
76.67
66.67
43.33
60.00
76.67
Table 4.3: Percentage of participants marking the data as Personally Identifiable Information (PII).
FGD1
N=8
Pancard number
ATM pin number
Organization / Institutes Name
and other details like phone number, address etc.
Salary
E-mail address
FGD2
N=8
Total
N=31
87.50
100.00
FGD3 FGD4
N=8
N=7
Percenatges
100.00 62.50
100.00
100.00 100.00 100.00
25.00
75.00
25.00
42.86
71.43
85.71
36.67
76.67
40.00
25.00
75.00
12.50
Figure 4.4: Request for permissions by a Facebook application.
18
57.14
85.71
42.86
86.67
100.00
Chapter 5
Survey
After completing the interviews and FGDs, we developed the survey questionnaire and collected
data from different parts of India. In this chapter, we present the results from the data that
we collected. Section 5.1 describes the sample of the participants who were part of the survey
data collection; Section 5.2 describes the methodology that we used in collecting data; Section 5.3
concludes with some of the takeaways from the survey.
5.1
Survey sample
In total, we collected data from 10,427 survey respondents; to the best of our knowledge, we believe
this is one of the largest study on privacy in the world, and definitely in India. As our goal was to
collect data from different walks of life, we did data collection in school, universities, organizations,
metro stations, households, etc. We collected data from different parts of India. Our sample
consisted of respondents from different cities in India; we travelled to multiple cities to collect the
data and we also took help from different organizations to collect the data. Our data consists of
respondents from every state and union territory in the country, except for one state.
5.2
Survey methodology
We collected data through different means using web, and physical printouts. We collected
data from July 2011 until April 2012. Before starting to do the actual data collection, we did
pilot data collection for about 70 surveys. Appendix 6: Survey - Questionnaire gives the actual
questionnaire that we used for data collection. Majority (60%) of the participants got to know
about our survey through various research market organizations that we worked with to collect
the data and about 31% of the respondents got to know it through friends and acquaintances.
Majority of the participants (63%) filled the survey in Public space e.g. shopping mall, cinema,
market, and park and about 28% filled it in their campus or organization.
19
5.3
Survey conclusions
Here, we present each of the questions presented to the participants, along with the percentage of
participants who responded to the options presented to them. We have presented N, the sample
for each of the questions in the survey. Since the questionnaire were also filled in physical copies
where we did not have any control over the participants; some of the mandatory questions were
also skipped. If the N is not present in the question / table, please assume that it is 10,427. All
values in the tables are in percentages.1
Section 1: General Privacy
1. When you hear the word privacy, what comes to your mind?
Bodily privacy (e.g. your physical body)

Communication privacy (e.g. calls received or dialed
through telephone)
Information privacy (e.g. information exchanged on the
Internet)
Territorial privacy (e.g. your living space, working space)
All of the above
Others
There is a possibility of 0.01 rounding error.
20
N=10,372
32.54
48.33
51.24
31.59
28.43
0.68
2. Which of the following information is personal to you that you would NOT like to share?
Annual house hold income

Bank account details
Credit card number
Date of birth
Email address
Family details
Full name
Health and medical history
Landline number
Marital status
Mobile number
Passport number
Passwords
Personal income
Pictures and videos featuring self
Physical details - height, weight, eye colour
Postal mailing address
Religion
All of the above
Others
N=10,377
53.64
64.63
68.18
5.80
6.25
14.86
2.03
27.17
8.42
3.95
13.45
64.45
88.39
62.77
18.67
8.47
5.51
2.70
3.65
2.00
3. Does privacy for you change with situation and context, i.e. what information you share with
whom may be different at different time and context?
N=9,633
52.79
17.83
29.38
Yes
No
May be
21
22

(N=10,403)
Bank
account
details
(N=10,390)
Credit
card
number
(N=10,349)
Date of birth (N=10,371)
Email address (N=10,360)
Family details (N=10,348)
Full name (N=10,354)
(N=10,336)
Landline number (N=10,352)
Marital status (N=10,295)
Mobile number (N=10,342)
Passport number (N=10,319)
Passwords (N=10,308)
Personal income (N=10,308)
Pictures and videos featuring
self (N=10,322)
Physical
detailsheight,
weight, eye colour (N=10,363)
Postal
mailing
address
(N=10,351)
Religion (N=10,349)
Family
58.32
47.82
38.65
40.03
39.69
50.46
26.45
59.66
44.41
34.05
43.80
34.49
13.38
41.99
56.53
50.75
41.29
25.84
Friends
17.30
7.53
5.02
31.38
32.36
35.47
20.74
26.79
36.45
27.06
39.54
9.00
2.1
12.1
44.81
33.97
32.05
18.12
4. With whom would you share the following information?
19.16
29.46
29.84
36.57
25.14
34.90
6.85
1.3
9.43
34.74
27.91
26.74
39.22
17.93
27.96
3.75
6.83
Relatives
15.42
6.40
6.00
3.74
5.63
7.84
5.57
1.35
0.52
1.43
3.02
7.59
6.44
6.47
5.92
2.85
0.91
1.10
Society
2.17
8.07
15.04
3.74
11.38
9.58
16.54
5.36
0.80
5.04
2.12
13.54
11.85
8.17
9.75
3.99
10.66
24.24
Banks
7.44
8.94
15.46
6.14
8.74
10.02
12.54
11.22
1.01
6.16
3.47
12.85
9.98
11.57
10.09
5.97
5.05
14.14
61.94
47.16
34.85
47.34
57.89
46.31
4.2
1.24
2.9
23.75
54.54
51.57
32.24
68.98
14.42
1.31
1.14
3.46
2.77
6.19
2.11
2.15
3.79
55.73
83.97
51.55
10.09
1.67
1.81
5.54
1.17
17.94
54.66
43.46
Government Everybody Nobody

21.40
2.54
35.01
5. Imagine you are walking through a shopping mall, where you observe a camera capturing
the movements of people in the shops, what would be your reaction? (Choose one which is
applicable)
I would not change my actions

I would try to avoid the camera
I would never go to the shopping mall again
If at all, a camera captures my movements, I would be curious to know the reasons for capturing the video
Others
N=10,299
49.75
27.22
7.98
14.25
0.80
6. How much do you agree / disagree with these statements?
Consumers have lost all control

over how personal information about
them is circulated and used by companies
Most businesses handle the personal
information they collect about consumers in a proper and confidential
way
Mobile phones can be privacy invasive
Landline phones can interfere with
individuals privacy
Websites can hinder privacy by collecting personal information
Credit cards can be privacy invasive
Phone banking can invade privacy
Strongly Agree
agree
23.66
52.97
N=10,415
Neutral Disagree Strongly
Disagree
15.94
5.84
1.13
13.76
44.87
27.37
13.49
1.97
14.42
55.17
21.35
7.75
0.63
14.29
45.4
27.18
11.39
1.00
20.23
50.99
20.60
6.41
0.84
18.98
15.95
44.93
47.24
24.99
24.71
9.40
9.14
0.93
1.57
23
7. Consider a scenario where you visit a coffee shop which provides a free Wi-Fi connectivity
for its customers. It doesnt ask for password for connectivity. Would you access the Wi-Fi
facility to log-in your email?
N=10,343
19.72
33.88
11.58
10.56
24.26
Definitely would
Probably would
Not sure
Probably not
Definitely not
8. Imagine for checking your results of an entrance exam you went to the institute and saw
that the results have been displayed on a notice board with your name, marks and category
(general / OBC / SC) mentioned.
How would you feel about

your marks being displayed
on the notice board
How would you feel about
your category (general /
OBC / SC) being displayed
on the notice board?
Always
FC
34.42
35.22
N=10,402,
Usually
FC
41.87
35.53
FC = Feel Comfortable
Sometimes Rarely Never
FC
FC
FC
11.53
4.31
7.74
9.63
5.9
13.05
9. While traveling in long-distance trains, a reservation chart with details e.g. last name, first
name, age, gender, boarding station, destination, seat number, PNR number for each passenger is displayed on the platform and the compartment. How would you feel about your
information being displayed as in this scenario?
N=10,164
36.74
43.43
8.06
4.45
7.33
Always feel comfortable

Usually feel comfortable
Sometimes feel comfortable
Rarely feel comfortable
Never feel comfortable
24
Section 2: Mobile Privacy

10. Do you save personal information in your mobile phone?
N=10,323
52.49
43.56
3.94
Yes
No
Dont remember
11. What is the personal information which you dont mind storing in your mobile phone?
Business related information (meeting details)

Credit card number(s) / ATM card number(s) / PIN
number(s)
Information e.g. date of birth, PAN number, ID number,
account number
Password(s)
Videos, photographs,etc.
All of the above
Others
N=5,637
24.68
26.20
30.51
25.00
64.57
10.40
2.29
12. What are the reasons for which you dont store personal information on your mobile phone?
Worried about phone being stolen / lost

Concerned about somebody accessing the phone at work, or
outdoors without permission
Concerned about somebody accessing the phone at home
without permission
Dont feel the need
All of the above
Others
25
N=5,925
40.08
38.51
24.86
34.16
9.91
0.41
13. Imagine you visited a mobile service provider (e.g. Vodafone) to buy a new mobile connection;
they asked you to fill a form giving details e.g. name, date of birth, ID proof. Which of the
information given below you would share with them, if they are NOT mandatory fields?
N=10,093
42.46
33.71
24.56
67.18
30.12
63.51
18.19
8.33
8.23
4.00
0.26
Alternative address proof

Another contact number
ID proof
Permanent address proof
Photograph(s)
Proof of place of work
Parents details
All of the above
None of the above
Others
14. How much do you agree / disagree with these statements?
Mobile service providers give

reasonable protection for the
information they collect
(N=10,379)
Mobile service providers can keep a
record and can access the
information exchanged through
mobile phone (N=10,373)
Phone conversations can be tapped
by mobile service providers in
national interest (N=10,363)
Mobile service providers can share
the customers information with
government organization when
required, even without informing
the customers (N=10,366)
Mobile service providers can share
private information you provide
them with third parties
(N= 10,305)
Strongly Agree
agree
13.52
49.69
Neutral Disagree
20.86
13.06
Strongly
Disagree
2.87
11.40
53.92
22.24
10.61
1.82
20.64
47.53
21.19
7.90
2.72
20.01
47.40
19.90
9.06
3.03
14.07
33.24
22.04
19.43
11.23
26
15. Do you use phone banking services to check your balance in the account?
Yes, it is safe to use

Yes, because I dont have a choice
No, because I fear information may be leaked through phone
tapping
No, because I am not sure of who is on the other side
Others
N=10,349
15.73
8.53
21.11
33.93
20.69
16. Would you use phone banking services to transfer money from your account?

No, because I fear information may be leaked through phone
tapping
Others
N=10,291
12.77
6.89
22.71
37.34
20.29
17. While exchanging information on mobile phone, what according to you, is the extent of
confidentiality provided by the mobile service provider for information being exchanged?
N=10,204
11.49
37.50
24.60
9.77
1.69
14.96
Very high
High
Neutral
Low
Very low
I dont know
27
18. What do you do before you sell your mobile phone?
Copy the details and other information from SIM card and
phone memory
Copy the information from SIM card and phone memory
and then delete information
Delete all information that is stored in the mobile phone
Delete only specific details e.g. phone numbers and messages
Dont do anything
Others
N=10,299
12.64
40.40
31.30
4.89
6.68
4.08
19. While exchanging information on land-line phone, what according to you, is the extent of
confidentiality provided by the land-line service provider for information being exchanged?
N=10,260
8.25
37.41
26.51
10.98
1.84
15.01
Very high
High
Neutral
Low
Very low
I don t know
20. While moving in a shopping mall, imagine you see somebody taking your picture using a
mobile phone, what would be your reaction?
No reaction
I dont like a stranger taking my picture without my permission
I dont like being photographed at all in public places
Others
28
N=10,249
32.27
48.94
17.34
1.45
21. While travelling (i.e. in roaming), the mobile service providers use regional languages to
present information e.g. user busy, phone switched off. For example, if your phone connection
is from Delhi and if you are traveling in Mumbai, the messages are presented in Marathi.
Would you consider this feature as privacy invasive?
N=10,335
10.02
43.97
22.94
19.24
3.83
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
Section 3: Credit Cards
22. Do you have a credit card issued in your name?
N=10,297
57.18
11.94
30.88
Yes
No,but I have used them
No, I dont use them at all
23. Do you lend your credit cards to others?
N= 6,191
34.58
65.42
Yes
No
29
24. To whom do you lend your credit card for using it?
N=2,716
10.38
26.33
53.68
3.94
10.24
29.23
0.88
2.91
Children
Friends
Parents
Relatives
Professional Colleagues
Spouse
None
Others
25. Whose (owned by whom) credit card would you also use?
N=5,760
4.90
20.47
43.11
2.43
5.59
19.10
8.85
20.02
Children
Friends
Parents
Professional colleagues
Relatives
Spouse
None
Others
26. Whose (owned by whom) credit card would you use?

N=2,655
7.83
27.19
57.15
6.44
9.15
16.50
10.17
2.82
Children
Friends
Parents
Relatives
Spouse
None
Others
30
27. What is true for you with respect to using credit cards in todays world?
It is unavoidable
It is handy; use it frequently for various purposes e.g. shopping, petrol pumps, and grocery shops
Use only for specific tasks e.g. online ticketing
Use as a back-up for emergency situations
Others
N=7,023
20.12
39.70
17.04
22.70
0.44
28. Imagine that you went to a restaurant to have food with your friends / family. Which of the
following is true if you make the payment of the bill through your credit card?
You would give the card to waiter, for making the payment
If you can go youself, you would take the card yourself to
cash counter, get it swiped in front of you
If you cannot go yourself, you would give the card to waiter
and check the details of bill carefully
You would give it only to the waiter only if its a trustworthy
restaurant
You know it can be misused, but cannot do anything about
it
You would not like to use credit card to make the payment
Others
N=7,099
19.31
39.94
14.45
9.14
3.83
13.11
0.21
29. Do you think credit cards should display the details e.g. name, phone number, date of birth
on them?
It should not display any personal information, as it makes

information public
It should display only relevant details required for identification
It should display all details as these are required for verification
It does not bother me
Others
31
N=7,069
32.75
44.80
14.68
7.36
0.41
30. Do you think it is possible for anybody to steal your identity and impersonate you, using
your credit card?
Yes, it is fairly easy

Yes, but its not easy
No, its not possible under any circumstance
I have never thought about it
Others
N=7,066
44.52
35.58
14.53
5.00
0.37
31. Imagine you go to withdraw money from ATM; while you are withdrawing money, you notice
other people peeping into the ATM while you enter the PIN. How would you consider entering
details of your account in this scenario?
N=7,050
17.76
30.95
9.25
16.17
23.15
2.72
Definitely would
Probably would
Not sure
Probably not
Definitely not
I have no other choice
32. Imagine you go to withdraw money from ATM; how would you consider using the ATM center
if there are two machines in the same center and someone else is using the other machine?
N=7,068
25.78
39.09
10.74
7.98
13.09
3.32
Definitely would
Probably would
Not sure
Probably not
Definitely not
32
Section 4: Internet and Online Social Network

33. On visiting various websites, a lot of personal information is collected. How comfortable do
you feel sharing below mentioned information with any website?

(N=7,544)
(N=7,554)
Credit card number
(N=7,523)
Date of birth (N=7,503)
Email address (N=7,517)
Family details (N=7,469)
Full name(N=7,492)
(N=7,500)
Landline number (N=7,504)
Marital status (N=7,492)
Mobile number (N=7,511)
Passport number (N=7,505)
Passwords (N=7,497)
Personal income (N=7,450)
Pictures and videos featuring
self (N=7,443)
Physical details - height,
weight, eye colour (N=7,515)
(N=7,510 )
Religion (N=7,486)
Always
FC
7.83
FC =
Usually
FC
9.29
Feel Comfortable
Sometimes Rarely
FC
FC
6.68
13.56
Never
FC
62.63
3.02
6.72
6.08
11.31
72.88
3.08
6.10
6.41
10.54
73.87
32.96
33.38
20.98
42.33
16.64
30.57
32.37
24.30
27.55
18.28
17.26
16.80
17.26
14.80
17.47
10.36
10.10
17.15
8.78
22.17
8.85
7.36
20.31
6.54
25.44
22.40
34.26
24.5
4.76
2.79
4.20
21.67
29.38
27.28
26.24
7.98
4.08
9.96
23.82
19.35
17.39
18.63
5.18
3.17
6.27
18.8
13.15
10.52
14.42
13.03
6.36
9.54
13.8
15.71
10.54
16.22
69.05
83.59
70.03
21.91
26.15
27.89
18.59
12.50
14.88
30.73
28.44
17.56
11.54
11.72
39.87
25.09
15.26
9.47
10.31
34. Have you ever removed cookies in your browser after using the Internet?
N=8,149
22.24
33.99
5.13
23.36
7.57
7.71
Often
Sometimes
Hardly ever
Never
Not familiar with cookies
Dont know
33
35. Which of the following email services do you use?

N=7,926
80.18
24.78
16.16
49.66
4.77
2.76
Gmail
Hotmail
Official email
Yahoo mail
Do not use any email services
Others
36. Do you exchange personal information, e.g. bank account numbers, passport details through
your email?
N=7,581
14.21
26.51
18.26
38.52
2.51
Yes, frequently
Sometimes
Only in emergency
No, not at all
I dont remember
37. Do you save personal information, e.g. bank account numbers, passport details in your email
for future use?
N=7,565
15.36
24.35
12.97
44.57
2.75
Yes, frequently
Sometimes
Only in emergency
No, not at all
I dont remember
38. What are your privacy concerns while exchanging / saving personal information through email
services?
I have no concerns
I believe that the privacy of my data is maintained
I am concerned, but I do not have a choice
I am concerned so I dont save/exchange
Dont know
34
N=7,546
18.75
40.70
22.26
14.68
3.60
39. Do you read the privacy policy of an e-commerce website e.g. PayPal, eBay, bank websites
while creating an account?
N=7,814
34.00
33.91
24.29
6.99
0.81
Yes, I do
I browse through it
Never
Dont remember
Others
40. Do you read the privacy policy of an email provider while creating an account?
N=7,836
34.48
31.20
27.63
6.29
0.40
Yes, I do
I browse through it
Never
Dont remember
Others
41. Which of the following OSN services do you use?
N=8,222
71.55
48.36
17.92
10.64
31.56
18.20
40.53
16.10
0.36
Facebook
Google +
LinkedIn
MySpace
Orkut
Twitter
YouTube
Do not use any
Others
35
42. What do you feel about privacy of your personal information on your OSN?
It is not a concern at all

Since I have specified my privacy settings, my data is secure
from a privacy breach
Even though, I have specified my privacy settings, I am concerned about privacy of my data
It is a concern, but I still share personal information
It is a concern; hence I do not share personal data on OSN
N=6,855
19.30
42.13
23.84
8.02
6.71
43. If you receive a friendship request on your most frequently used OSN, which of the following
people will you add as friends?
Colleagues
Family Members
Friends
People from my hometown
Person of opposite gender
Person with nice profile picture
Strangers (people you do not know)
Somebody, whom you do not know or recognize but have
mutual / common friends with
Anyone
Others
N=6,929
61.97
71.21
79.03
27.39
19.51
10.12
4.99
8.31
2.99
0.74
44. Have you ever modified your default privacy settings on your OSN website?
Yes, I have modified my privacy settings

No, I have never changed default settings
I dont remember
Dont know
N=6,892
63.19
21.08
10.95
4.77
45. Do you have a Facebook account?

N=6,898
85.1
14.89
Yes
No
36
46. What privacy settings do you have for the following information on Facebook? Please provide
your response to the best of your knowledge.
Age
Date of Birth
E mail ID
Gender
Location
Marital Status
Name
Other Profile
Information e.g.
education and work
details
Pictures / Photos
Religion
Videos
Not
Shared
Friends
Network Everyone Customized
40.64
44.59
44.17
32.49
33.13
32.59
25.28
40.34
Friends
of
Friends
7.65
8.68
10.96
11.46
12.48
12.33
10.82
13.12
13.24
7.36
6.49
2.97
5.77
8.13
4.22
5.95
2.44
4.60
4.91
5.70
5.70
4.98
4.83
6.32
33.14
31.89
30.77
45.95
39.83
39.08
53.13
30.37
2.89
2.88
2.7
1.45
3.09
2.89
1.72
3.91
7.18
8.96
11.01
48.95
32.18
45.41
11.14
10.96
10.40
5.41
5.41
5.27
21.02
40.20
21.20
6.29
2.28
6.71
47. Do you read the permission box that appears when you first access any third party application
e.g. FarmVille, Mafia Wars?
Yes, I see but I dont read it and just allow, otherwise I

cannot access the application
Yes, I read the permissions the application asks, but always
allow the application
Yes, I read the permissions the application asks, and accordingly decide to allow or not allow the application
I do not remember seeing any such permission box ever
No, I will never allow third-party application to access my
personal information
No, I dont use third party applications
37
N=5,920
22.22
28.44
19.34
9.61
7.92
12.47
48. When would you use third-party applications on an online social network?
When a friend recommends an application

When I see the application on my friends news feed / wall
When online social network recommends an application
When I randomly stumble on some interesting application
Others
N=5,885
40.56
37.66
18.15
19.01
6.07
49. Have you connected / inter-linked your various social networking accounts together e.g. Facebook, Twitter, YouTube, Buzz, Orkut?
Yes
No
I do not know of any such linking service
N=6,869
46.15
44.91
8.94
50. Do you think it is possible for somebody to steal your identity on your social network website
i.e. create a profile with your name, pictures and details?
Yes, it is possible, but it has never happened to me

Yes, it is possible, and it has happened to me
No, it is not possible
Dont know
N=6,882
60.39
24.03
10.07
5.51
51. Do you read the privacy policy of an OSN provider while creating an account?
N=6,890
46.33
27.45
18.30
7.92
Yes, I do
I browse through it
Never
Dont remember
38
Section 5: Government initiatives / Legal aspects of privacy

52. Does the Indian constitution have a provision for privacy of Indian citizens?
Yes, I know about it

Yes, but I dont know what it is
Not sure, I assume there is a provision, but, I am not aware
of it
I do not know about this kind of a provision
No, there is no provision
N=10,315
34.44
27.61
22.63
12.26
3.06
53. Do we have privacy laws in India that protect Indian citizens privacy?
N=10,330
49.01
27.34
23.65
Yes
No
Not sure
54. Are you aware of Unique Identification Number (UID), a Government of India initiative for
every citizen in India?
Yes
No
Heard about it, but do not know the details
39
N=10,318
67.23
21.11
11.66
55. How much do you agree with the statement?
Personal information and biometric

data e.g. fingerprints, iris scan
could be accessible to other private
corporate through UID with whom
you would NOT like to share this
information otherwise (N=7,202)
Government agencies could have
access to details e.g. banking, land
records, Internet logs, phone
records, arms records, driving
license, property records,
insurance, and income tax records
which can be misused by
government agencies (N=7,193)
Strongly
agree
9.55
Agree
Neutral Disagree
46.79
25.78
12.69
Strongly
Disagree
5.18
12.18
43.11
26.76
15.07
2.88
56. Are you aware of the NATGRID (National intelligence Grid) project?
N=10,126
27.70
58.89
13.41
Yes
No
57. How much do you agree with the statement?
Projects such as NATGRID (National Intelligence Grid) which can

access details and movement records
of an individual, can be misused by
government agencies (N=3,228)
Strongly
agree
13.07
40
Agree
Neutral Disagree
45.85
21.38
18.15
Strongly
Disagree
1.55
Section 6: Demographics
58. How old are you?
N=10,346
1.54
21.31
32.20
25.90
14.09
4.46
0.50
Less than 18 years

18 24 years
25 29 years
30 39 years
40 49 years
50 64 years
65 and above
59. What is your nationality?
N=10,204
99.73
0.27
Indian
Others
41
60. Which of the following state do you belong to (State of origin)?

N=10,350
0.08
7.73
0.14
7.10
1.10
0.08
0.01
6.88
0.28
8.14
1.96
8.58
0.52
0.21
0.03
0.74
3.19
9.38
0.35
0.00
0.03
0.04
0.25
0.02
2.94
11.29
0.02
8.57
0.05
9.39
9.53
0.21
0.17
0.06
0.48
0.43
Andaman and Nicobar

Andhra Pradesh
Arunachal Pradesh
Assam
Bihar
Dadra and N. Haveli
Daman and Diu
Delhi
Goa
Gujarat
Haryana
Karnataka
Himachal Pradesh
Jammu and Kashmir
Lakshwadeep Islands
Kerala
Madhya Pradesh
Maharashtra
Manipur
Mizoram
Meghalaya
Nagaland
Odisha
Puducherry
Punjab
Rajasthan
Sikkim
Tamil Nadu
Tripura
Uttar Pradesh
West Bengal
Jharkhand
Chattisgarh
Chandigarh
Uttarakhand
Others
42
61. Choose the states where you have lived in the past five years:
N=10,341
0.15
8.17
0.29
7.18
0.77
0.12
0.01
11.65
0.34
8.08
2.86
9.85
0.45
0.26
0.07
0.59
4.04
12.07
0.44
0.12
0.77
0.21
0.29
0.10
3.45
12.15
0.21
8.76
0.40
9.69
11.00
0.31
0.26
0.21
0.73
0.41
Andaman and Nicobar

Andhra Pradesh
Arunachal Pradesh
Assam
Bihar
Dadra and N. Haveli
Daman and Diu
Delhi
Goa
Gujarat
Haryana
Karnataka
Himachal Pradesh
Jammu and Kashmir
Lakshwadeep Islands
Kerala
Madhya Pradesh
Maharashtra
Manipur
Mizoram
Meghalaya
Nagaland
Odisha
Puducherry
Punjab
Rajasthan
Sikkim
Tamil Nadu
Tripura
Uttar Pradesh
West Bengal
Jharkhand
Chattisgarh
Chandigarh
Uttarakhand
Others
43
62. What is your gender?

N=10,228
67.57
32.43
Male
Female
63. What is the highest level of educational degree you have received?
N=10,289
9.75
24.74
46.16
16.19
1.34
1.83
Less than High school

High School
College Graduate
Post Graduate
Doctorate
Others
64. What is your profession?
N=10,242
18.65
13.25
28.77
2.67
20.20
4.75
11.72
Computer / IT related
Housewife
Manufacturing / Business
Professional (Doctor, CA, etc.)
Student
Teaching / Research
Others
65. What is your occupation?
N=10,253
28.11
26.30
5.91
11.04
22.76
5.87
Business / self employed

Not employed
Student
Others
44
66. In which of the following places do you use a computer?

N=9,583
19.59
26.90
55.94
7.85
5.49
36.94
5.08
18.65
College
Cyber Caf
Home
Library
School
Work / office
All the above
Others
67. For what purpose do you use computers?
N= 9,357
59.39
61.55
50.66
51.58
18.32
23.58
50.56
17.38
Entertainment / Gaming
Exchanging e-mails / instant messages
Official / Work purpose
Online social networking
Purchasing products online
Word Processing
World Wide Web / Internet browsing
Others
68. Do you own a personal computer?
N=10,083
59.63
40.37
Yes
No
45
69. How long have you been using computers?

N=7,850
16.23
27.83
16.38
34.92
4.64
0-2 years
More than 2 to 3 years
More than 5 years
Dont remember
70. How long have you been using the Internet ?
N=7,798
18.83
27.39
18.56
30.52
4.71
0-2 years
More than 5 years
Dont remember
71. How often do you use the Internet?
N=7,692
21.24
37.48
11.88
14.22
9.19
2.70
1.52
1.76
Always connected
Several times a day
Once a day
Several times a week
Once a week
Several times a month
Once a month
Few times a year
46
72. Which of the following electronic communication media and devices you use?
N=10,300
55.40
67.18
33.24
89.37
13.62
42.14
4.49
0.20
Credit / Debit card

Internet
Landline phone
Mobile phone
Mobile banking
Online Social Networks
All of the above
Others
N=10337
16.72
5.70
4.44
1.80
2.06
13.74
0.41
64.29
College / office
e-mail
IIIT -Delhi website
9 dot 9
Newspaper
OSN
Through friends and acquaintances
Others
Online on Survey Monkey

In your campus / organization
Public space e.g. shopping mall, cinema, market, and park
Others
47
N=9511
7.98
28.85
0.00
8.81
Chapter 6
Conclusions
The concept of privacy in India has not been investigated in detail, and also lack of empirical data
with respect to privacy perceptions among Indian citizens. Recent developments in the Indian
scenario e.g. privacy bill, NATGRID, UID project, signify need for privacy awareness and understanding in Indian masses. It is also important for policy makers to comprehend sentiment and
opinion of masses for structuring effective laws and policies for citizens of India. Our study focuses
on understanding privacy perceptions and expectations of Indian citizens. In the first phase, we
conducted interviews among 20 participants and 4 focus group discussions with 31 participants in
total, to collect qualitative data about the privacy perceptions. In the second phase, we developed
a survey questionnaire to collect quantitative data. We collected responses (10,427) from various
cities in India which could help in creating an information base for masses and policy makers,
showcasing the true (perceived) picture of privacy in India on various platforms e.g. mobile phone,
credit cards, online social networks, and government related issues.
Key takeaways from this research work are stated below:
Citizens have misinformed mental models of the privacy situation; e.g. some portion of the
participants felt that there is a law which protects them where there is no privacy law in
India, but.
Most participants felt passwords to be the most protected Personally Identifiable Information
(PII) and then, financial information (bank, credit card details). In comparison to this,
religion, mobile phone number, and health related information were rated as less protected
PII.
Mobile phones are becoming the next destination for storing private information. Participants stored personal information like passwords, credit card numbers, Permanent Account
Number (PAN), PINs, etc. Privacy seems to be the primary concern for not storing personal
information on the mobile phones for the rest.
About 5% of the survey participants tend to accept friends request from strangers or people
whom they dont know, but just have common friends. This behavior seems to be same even
with the third party applications.
About 80% of the survey respondents were aware of identity theft issue through credit cards.
48
About 65% of the survey respondents felt comfortable to use the ATM center with more than
one machine in it.
About 5% of the survey participants tend to accept friends requests from strangers or people
whom they dont know, but just have common friends. This behavior seems to be same even
with the third party applications.
We are in the process writing a more academic style paper on reasons, and implications of the
results from this data. We are also working on comparing the numbers from this study to the
numbers with 2004 study from India and compare our results with other prior privacy studies
around the world.
49
Bibliography
[1] The
world
factbook.
factbook/geos/in.html.
https://www.cia.gov/library/publications/the-world-
[2] Bellman, S., Johnson, E. J., Kobrin, S. J., and Lohse, G. L. International Differences
in Information privacy concerns: A global survey of consumers. The Information Society 20
(2004), 313 324.
[3] Bhupta, M. Privacy on sale. India Today International.
[4] Boni, M. D., and Prigmore, M. Cultural Aspects of Internet Privacy. In Proceedings of
the UKAIS 2002 Conference (2002).
[5] Celenet. Payment in India is going e-way. http://www.celent.com/reports/payments-indiagoing-e-way.
[6] Cranor, L. F., Reagle, J., and Ackerman, M. S. Beyond Concern: Understanding Net Users Attitudes About Online Privacy. Tech. rep., Retrieved June 18, 2005,
http://www.research.att.com/resources/trs/TRs/99/99.4/99.4.3/report.htm, September 2527, 1999.
[7] Culnan, Mary J, G. R. M. The culnan-milne survey on consumers & online privacy notices.
http://www.ftc.gov/bcp/workshops/glb/supporting/culnan-milne.pdf.
[8] Culnan, M. J. Georgetown internet privacy policy survey:report to the federal trade commission. http://www.msb.edu/faculty/culnanm/GIPPS/mmrpt.PDF.
[9] Encyclopedia Britannica Online.
The joint family.
http://www.britannica.com/eb/article?tocId=26070.
Retrieved Aug 4, 2005.,
[10] Fjetland, M. Global Commerce and The privacy clash. The Information Management
Journal (January/February 2002).
[11] Forrester. Forrester forecast: Global online population to hit 2.2 billion by 2013.
http://www.pressreleasepoint.com/node/310679/pdf.
[12] Godse, V. Policy paper: Privacy in india. DSCI (May 2010).
[13] Hofstede, G. Cultural and Organizations - Software of the Mind - Intercultural Cooperation
and its importance for survival. 1991.
50
[14] Hofstede,
G.
Geert Hofstede Analysis.
http://www.cyborlink.com/besite/hofstede.htm.
Retrieved
Oct
2,
2004.,
[15] Ion, I., Sachdeva, N., Kumaraguru, P., and Capkun, S. Home is safer than the cloud!
privacy concerns for consumer cloud storage. In Symposium on Usable Privacy and Security
(SOUPS) (2011).
[16] Kumaraguru, P., and Cranor, L. Privacy in India: Attitudes and Awareness. In Proceedings of the 2005 Workshop on Privacy Enhancing Technologies (PET2005) (30 May - 1 June
2005).
[17] Kumaraguru, P., Cranor, L. F., and Newton, E. Privacy perceptions in india and
the united states: An interview study. In The 33rd Research Conference on Communication,
Information and Internet Policy (TPRC) (September 2005).
[18] Sandra J Milberg, et al. Information privacy: Corporate management and national
regulation. Organizational Science, 2000 INFORMS 11, 1 (January-February 2000), 35 57.
[19] spending in India to grow at 16.3% to $43.57 bn in 2012: IDC.,
I.
http://articles.economictimes.indiatimes.com/2012-07-23/news/32804967 1 enterprisesinvestments-idc-india-senior-analyst.
[20] Suraiya, J., and Vikas, S.
The death of
http://timesofindia.indiatimes.com/articleshow/991395.cms.
privacy.
Times
of
India.
[21] Wang, Y., Norcie, G., and Cranor, L. Who is concerned about what? a study of
american, chinese and indian users privacy concerns on social network sites. TRUST.
51
Chapter 7
Appendixes
Appendix 1: Interview - Background Questionnaire
All values are in percentages, N = 20
1. Gender
Male : 45
Female : 55
2. Age (In years)
<20 : 0
20-24 : 10
25-29 : 10
30-39 : 35
40-49 : 25
50+ : 20
3. Marital Status
Married : 40
Single : 60
4. Which state/city do you originally belong to?
UP : 25
Rajasthan : 10
Orissa : 5
Maharashtra: 5
Delhi : 35
Bihar : 5
52
Kerela : 5
West Bengal : 5
Punjab : 5
5. Which state/city do you currently live?
UP : 55
Maharashtra: 5
Delhi : 40
6. Educational Qualifications:
Less than Graduate : 5
Graduate : 20
Post - Graduate : 40
Professional (Doctor/Engineer) : 25
Ph.D. : 10
Other : 0
7. Do you have any technical qualification? Have you studied the subject of computer science
as an academic course?
Yes : 50
No : 50
8. Occupation
Student : 10
Job in public sector : 15
Job in private sector : 30
Operate from home : 10
Housewife : 5
Other : 30
9. Personal Income (approx)
Upto Rs. 50,000/month : 40
Above Rs. 50,000/month : 15
None : 45
10. Do you own a credit card?
Yes : 80
No : 20
53
11. Do you buy things/do transactions online?

Yes : 55
No : 45
12. Do you save your credit card information on websites where you buy things/do transactions
online (Amazon, Skype, online banking)?
Yes : 15
No : 85
13. Do you leave your laptop, mobile phone or wallet in the car?
Yes : 45
No : 55
14. Have you ever changed the privacy settings in your browser?
Yes : 45
No : 55
Dont Know : 0
15. Have you ever created a web page?
Yes : 25
No : 75
Dont Know : 0
16. Whom of the following do you trust more? Sort by giving numbers where 1 is the most
trusted is the least trusted.
Family
Friends
Relatives /
Acquaintances
Government
Any other
1
85
5
5
2
15
80
25
3
0
15
70
4
0
0
0
5
0
0
0
0
85
10
10
30
0
45
5
15
0
17. Have you fixed someones computer for them when they were having problems?
Yes : 25
No : 75
Dont Know : 0
54
How much do you agree/disagree with each of the following statements?

18. I accept that my information might not remain private if I store it on an online website.
Strongly agree : 75
Somewhat agree : 25
Neither / Not sure : 0
Somewhat disagree : 0
Strongly disagree : 0
19. I expect to have the same legal ownership rights over my data if stored online as when stored
on my computer.
Strongly agree : 85
Somewhat agree : 10
20. It concerns me that my medical information is being seen today by many organizations beyond
those that I go to for health care services.
Strongly agree : 40
Somewhat agree : 40
21. If privacy is to be preserved, the use of computers and Internet must be sharply restricted in
the future.
Strongly agree : 5
Somewhat agree : 15
22. Government can generally be trusted to look after our interests.
Strongly agree : 10
Somewhat agree : 25
55
23. I have personally been the victim of what I felt was an improper invasion of privacy.
Strongly agree : 10
Somewhat agree : 20
24. I am very concerned about the threats to personal privacy today.
Strongly agree : 45
Somewhat agree : 35
56
Appendix 2: Interview-Questionnaire

1. When you hear the word privacy, what comes to your mind?

2. By the word privacy, if you mean keeping your personal information to yourself, then
what all would constitute personal information according to you.

3. How important is privacy for you and why?

4. Do you think it is your basic right to have privacy?

5. If yes, whom do you think you need to have privacy from?
Family / Friends / Relatives / Colleagues / Formal institutions/ Government / any other
If Family, who is family for you?

6. Where do you think privacy is required? List the areas where you think privacy must
be exercised?

7.
In Indian culture, we tend to ask/probe our friends and relatives on personal
life/issues, do you think it is correct for others to ask such questions?

8.
In the context of above question, how do you handle such situations?

9.
Do you have a personal phone, mobile?

10. Where did you buy your mobile from?

11. Did your service provider ask you for personal information? Did you divulge any?

12. Do you ever fear that the basic information given to the service provider may be
shared by him with others?

13. There are inbuilt cameras in mobiles these days. Does your mobile have a camera?
What do you use it for?

14. If somebody takes your picture with his/her mobile, how do you react?

With your knowledge:

Do you mind / ask him the purpose / have it taken merrily / donot react

Without your knowledge:

Do you mind / ask him the purpose / have it taken merrily / donot react

15. Do you think they will share your pictures? If yes, would you like it?

16. Has it ever occurred to you that the picture taken by others mobile may be misused?

17. Do you find phone banking risky in nature?

20. Do you think these marketing/promotional/unsolicited calls breach your privacy?

If yes, how?

21. Do you answer/respond to these marketing/promotional/unsolicited calls?

22.

23.
24.

25.

26.

27.

28.

29.

30.

31.

32.
What do you think one can do to reduce these marketing/promotional/unsolicited

calls?
If Do Not Call Registry was not mentioned in the previous answer Are you aware of
Do Not Call Registry? If Do Not Call Registry was mentioned in the previous answer

Is it protecting your privacy?

How many SMS spams do you get everyday?
What can one do to reduce these SMS spams?
Are you aware that mobiles provide location-based services. Your movement/position
can be tracked and informed by the service provider. Do you approve of this facility?
Do you think that the location based facility makes you vulnerable for misuse?
There are many polls/surveys being conducted via SMS service on mobiles. Do you
participate in them?
Do you think your participation in these competitions such as the ones organized via
radio or T.V. would expose your identity to those whom you are not concerned with?
Do you have a credit card? If yes, what do you use it for?
Do you ever disclose your credit card details to anybody over phone?
Are you afraid that the person at other end of the phone will convey/share your
information with others?

33. Do you think your ATM card is fool proof?

34. Do you think the ATM centers provide enough privacy for making money
transactions?

35. Do you think credit cards must display your name, phone No., date of birth and
address etc.?

36. Do you give/lend your credit card for usage out of your sight? When you pay in a
restaurant, do you mind having it swept in your absence?

37. Have you read the Privacy Policies of your credit card provider?

38. How often do you use / surf Internet and for what purpose?

39. Do you surf unknown websites?

Do you divulge your personal information if sought at any website? If yes, which
ones?

41. Have you ever used Internet to file your Income Tax return?

42.

43.

44.
At the end of each website, there is a mention about their privacy policy. Do you ever
read it? Do you think that the service providers abide by the text written as their
privacy policy?
Do you read the privacy policy or verify authenticity of a website before giving your
personal information?
Has it ever happened that you divulged the information sought on a website and you
saw it in another form on another or same website? For example your name and the
comments given by you for a certain event / happening.

45. Which kind of information must be kept secret by the service provider? Is it the name,
age, gender, address, phone no., occupation etc.

46. Are you aware of the following security provisions at websites / Internet?

Cookies

Auto passwords save

Privacy settings

47. Which social network sites do you use / have account?

48. What do you do on these sites?

49. What are your privacy settings? Have you ever changed from the default privacy
settings?

50. Did you ever change your privacy settings?

Self / Friends / Friend of Friend / All / Any other

51. Do you know that when you upload your personal data and pictures on social
websites, it gets stored therein?

52. Have you ever wondered what happens to this data when you close your account on
that website?

Do you think you are at risk due to your friends (because they could share
information about you) on social networks?

Anything else that you would like to add about social networks?

53 Do you think that this strategy impeaches your privacy by letting strangers know your
interests? Is there any redressal system whereby you can lodge a complaint in case of
such scenarios?

54. These days, the strategy of Behavioral marketing is in vogue. The service provider
studies your surfing behavior and bombards you with advertisements/websites, which
may be related to your query. Do you agree with this kind of Behavioral targeting by
service providers like Google?

55. Does our Indian Constitution have a provision for privacy?

56.

57.

58.

59.

60.

61.

54
a)
b)
c)
d)
e)

63.

64.

65.
66.

67.
68.

69.

70.
As a citizen, are you aware what are the privacy laws in India that protect your
privacy?
Are you aware of the governments initiative for UID?
Do you think it is proper for each citizen to have a UID?
Do you think the information like name, age, date of birth address etc. collected by
UID is relevant?
Do you feel that UID would make public the personally identifiable information of a
person?
Do you fear that your personal information and biometric data would be readily
accessible to others (authorities) through UID?
Do you think UID:
Is beneficial to you?
Is beneficial to security agencies?
Breaks privacy?
Prone to misuse by government?
Helps govt. to improve service delivery?
Since UID involves many service providers like health, finance, insurance etc. do you
think, sharing your basic information with whom would be a breach of your privacy?
Do you know about NATGRID -- National Intelligence Grid project of the Indian
government?
What do you know about NATGRID?
Does it cause any privacy issue for you?
Do you think NATGRID:
a)
Is beneficial to you?
b)
Is beneficial to security agencies?
c)
Breaks privacy?
d)
Prone to misuse by government?
e)
Helps govt. to improve service delivery?

Do you think having government agencies having details like land records, Internet
logs, phone records, arms records, driving license, property records, insurance, and
income tax records is a breach of your individual privacy?
Do you trust that the safety and security mechanisms put in place by the government
to prevent misuse of your data would be enough?
Do you think projects like UID and NATGRID, which can monitor each and every
action/movement of yours can be misused by the following:
a)
Government agencies to harass innocent people
b)
Corporate - targeted marketing
71.

72.

73.

74.

75.

77.

78.

79.

82.
c)
Criminals - blackmailing and other crimes

Do you think that divulgence of your personal information on a card such as UID
would enhance / improve the countrys security scenario?
People sometimes say: Data security and privacy are not really a problem because I
have nothing to hide. Please tell me what you think of this argument?
Do you know what identity theft is?
Are you concerned about identity theft? If so, how large is your concern? Have you
ever experienced such a situation, if yes, what action did you take?
Which of the following do you do to avoid data theft:
Shredder?
Check credit reports how often
Do you know a victim of ID theft? Did it change your behavior?
Have you observed the video surveillance cameras at metro stations, shopping malls
and other places which track your movement and activities?
Do you wonder who sees these video clips and for what purposes?
Do you think this is a breach of your personal privacy?
Consider technologies that exist today, or that soon might be developed. Are there
some that you think pose a threat to privacy or data security? What potential harms
concern you about those technologies?
Determine what you like to read. Is that possible?
Prompts:
Do you think there are laws about doing this?
Do you think there should be laws about doing this? If so, what should they be?
Is it possible for companies that provide people with internet access to keep copies of
all the e-mails their customers send or receive, and all the web sites they visit?
Do you think they should be allowed to sell that information to other companies
who want to use it for marketing?
Do you think they should be allowed to make that information available to the
police whenever the police get a warrant?
Do you think they should be allowed to make that information available to the
police or government officials whenever they ask to see it?
Please think for a few minutes and select a store or a company from which you often
buy things. Take a few minutes and tell me everything you think they know about you.
I don't actually want the specific information - just the categories of information like
your name, gender, address, and so on. Write down a list of what they report without
any prompting.
Prompt:
Anything else?
Is there any other kind of information they may know about you?
83.

84.

85.

86.

87.

88.
Now tell me how you think they could abuse that information and how likely you think
it is that they will do that.
Prompt:
How would you express that quantitatively? One-tenth? One-third? Certain?
Anything else?
Consider the company selling that information to another organization such as a bank
or insurance company or potential employer. Now tell me how you think they could
abuse that information and how likely you think it is that they will do that.
Prompt:
How would you express that quantitatively? One-tenth? One-third?
Certain?
Anything else?
How would you express that quantitatively? One-tenth? One-third? Certain?
Now consider the Indian government, as a whole - all the different parts of it. Again
take a few minutes and tell me every-thing you think they know about you - not the
specific information, again just the categories of information like your name and so on.
Write down a list of what they report without any prompting.
Prompt:
Anything else?
Now tell me how you think that some part of the government could abuse that
information and how likely you think it is that they will do that.
Prompt:
How would you express that quantitatively? One-tenth? One-third?
Certain?
Anything else?
Please think ahead a few years. If technology continues to develop the way it is now,
please tell me what additional things, if any, the company you told me about, and the
Indian government, will be able to know about you?
This is my last interview question. I'd like to go back to an earlier topic / question.
Now that you've had a chance to think more about your personal data and the issues
of privacy and security, what privacy concerns do you have now, if any? Do you have
more or less concerns as you did at the beginning of the interview?
Appendix 3: FGD-Background Questionnaire

All values are in percentages, N = 31
1. Specify your age
FGD1 FGD2
N=8
N=8
Age
18-25 100.00 0.00
26-35 0.00
0.00
46-55 0.00
37.50
56+
0.00
62.5
FGD3
N=8
FGD4
N=7
Total
N=31
0.00
100
0.00
0.00
0.00
100
0.00
0.00
25.81
48.38
9.67
16.13
2. Specify your gender

FGD1 FGD2
N=8
N=8
Gender
Female
50.00 50.00
Male
50.00 50.00
FGD3
N=8
FGD4
N=7
Total
N=31
62.50
37.50
57.14
42.86
54.84
45.16
FGD4
N=7
42.86
57.14
Total
N=31
45.16
54.84
3. Select your marital status
Single
Married
FGD1
N=8
100.00
0
FGD2
N=8
0.00
100.00
FGD3
N=8
37.50
62.50
4. Which state/city do you originally belong to?
Bihar
Delhi
UP
West Bengal
Manipur
Haryana
Madhya Pradesh
Kerala
FGD1
N=8
25.00
50.00
12.5
0.00
12.50
0.00
0.00
0.00
FGD2
N=8
0.00
0
100.00
0.00
0.00
0.00
0.00
0.00
FGD3
N=8
0.00
12.50
25.00
12.50
0.00
25.00
12.50
12.50
FGD4
N=7
0.00
71.43
28.57
0.00
0.00
0.00
0.00
0.00
63
Total
N=31
6.45
32.26
41.94
3.23
3.23
6.45
3.23
3.23
5. Which state/city do you currently live?

FGD1 FGD2 FGD3 FGD4
N=8
N=8
N=8
N=7
Delhi
100.00 0.00
37.50 100.00
Haryana 0.00
0.00
62.50 0.00
UP
0.00
100.00 0.00
0.00
Total
N=31
58.06
16.13
25.81
6. Please specify your educational background

FGD1 FGD2 FGD3 FGD4
N=8
N=8
N=8
N=7
Education
Less than graduate 25.00 25.00 0.00
0.00
Graduate
50.00 25.00 37.50 0.00
Post graduate
25.00 25.00 50.00 42.86
Ph.D.
0.00
0.00
0.00
57.14
Professional
0.00
25.00 12.50 0.00
7. Is any of
FGD1
N=8
Yes 0.00
No 100.00
your degree in the field of

FGD2 FGD3 FGD4
N=8
N=8
N=7
12.50 25.00 28.57
87.50 75.00 71.43
8. Please specify your occupation

FGD1 FGD2
N=8
N=8
Teaching
0.00
0.00
Retiered
0.00
37.50
Student
100
0.00
Research scholar
0.00
0.00
Operate from home
0.00
0.00
Housewife
0.00
37.50
Job in Public sector
0.00
12.50
Job in Private Sector 0.00
12.50
Total
N=31
12.90
29.03
35.48
12.90
9.68
computer science / information technology

Total
N=31
16.13
83.87
FGD3
N=8
0.00
0.00
0.00
0.00
0.00
0.00
0.00
100.00
64
FGD4
N=7
57.14
0.00
14.29
14.29
0.00
0.00
14.29
0.00
Total
N=31
12.90
9.68
29.03
3.23
3.23
9.68
6.45
25.81
9. Please select your personal income range

FGD1 FGD2
N=8
N=8
Above Rs. 50000 / Month 0.00
0.00
Upto Rs. 50000 / Month
0.00
62.50
None
100.00 12.50
Did not answer
0.00
25.00
10. Do you own a credit / debit card?
FGD1 FGD2 FGD3 FGD4
N=8
N=8
N=8
N=7
Yes 75.00 50.00 87.50 71.43
No 25.00 50.00 12.50 28.57
(approx).
FGD3 FGD4
N=8
N=7
25.00 28.57
75.00 57.14
0.00
14.29
0.00
0.00
Total
N=31
12.90
48.39
32.25
6.45
Either your own or an add-on card

Total
N=31
70.97
29.03
11. If yes, how often do you use your credit card?

FGD1 FGD2 FGD3
N=8
N=8
N=8
Daily
0
0
0
Once in 3-4 days
12.50 12.50 12.50
Once in a week
12.50 37.50 37.50
Once in a month
25.00 0.00
0.00
More than once a month 12.5
0.00
0.00
Did not answer
37.50 50.00 50.00
FGD4
N=7
0
0
14.29
42.86
14.29
28.57
Total
N=31
0
9.68
25.81
16.13
6.45
41.94
12. Which of the following do you use?
Online banking services

Use credit / debit card to buy things offline
(showrooms, malls, etc.)
Use credit / debit card to buy things or book
tickets online (through websites).
Others
65
FGD1
N=8
37.50
50.00
FGD2
N=8
0.00
12.50
FGD3
N=8
71.43
37.50
FGD4
N=7
0.00
57.14
Total
N=31
25.81
35.48
25.00
12.50
37.50
57.14
32.26
12.5
14.29
6.45
13. Please mark below how often you use the following websites?
FGD1
FGD2
FGD3
FGD4
Total
Google
Yahoo
Facebook
Twitter
YouTube
Others
Google
Yahoo
Facebook
Twitter
YouTube
Others
Google
Yahoo
Facebook
Twitter
YouTube
Others
Google
Yahoo
Facebook
Twitter
YouTube
Others
Google
Yahoo
Facebook
Twitter
YouTube
Others
14. Do you own a mobile

FGD1
N=8
Mobile phone
87.50
Landline phone 0.00
Both
0.00
None
0.00
Did not answer 12.50
Open
Daily
Once in
3 4 days
Open
Weekly
12.50
37.50
12.50
0.00
37.50
0.00
0.00
0.00
0.00
0.00
0.00
0.00
62.50
0.00
12.50
25.00
12.50
25.00
28.57
42.86
0.00
0.00
14.29
14.29
25.81
19.35
6.45
6.45
16.13
9.68
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
12.50
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
3.23
0.00
0.00
0.00
0.00
25.00
25.00
25.00
0.00
12.50
25.00
0.00
0.00
0.00
0.00
0.00
0.00
25.00
37.50
12.50
50
37.50
12.50
28.57
0.00
42.86
0.00
14.29
14.29
19.35
16.13
19.35
12.9
16.13
12.9
phone or a land-line phone?

FGD2 FGD3 FGD4 Total
N=8
N=8
N=7
N=31
37.50 75.00 85.71 70.97
50.00 0.00
0.00
3.23
12.50 25.00 14.29 22.58
0.00
0.00
0.00
0.00
0.00
0.00
0.00
3.23
66
Mutiple
times a
day
50.00
12.50
50.00
0.00
12.50
12.50
0.00
0.00
0.00
0.00
0.00
0.00
12.50
0.00
12.50
12.50
0.00
0.00
42.86
14.29
28.57
0.00
0.00
0.00
25.81
6.45
22.58
3.23
3.23
3.23
Once in a
month
Never Use
0.00
0.00
0.00
12.50
25.00
12.50
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
25.00
0.00
37.50
25.00
0.00
14.29
0.00
0.00
28.57
0.00
0.00
3.23
6.45
3.23
22.58
9.68
0.00
12.50
0.00
50.00
0.00
0.00
75.00
75.00
75.00
75.00
75.00
75.00
0.00
0.00
37.50
12.50
12.50
0.00
0.00
14.29
0.00
71.43
0.00
0.00
19.35
25.81
29.03
51.61
22.58
19.35
15. What all features do you use

FGD1
N=8
Camera
50.00
Wifi
50.00
Bluetooth
62.50
Location Based Service 12.50
Other
12.50
on your
FGD2
N=8
12.50
25.00
0.00
0.00
12.50
phone?
FGD3
N=8
87.50
37.50
75.00
0.00
0.00
FGD4
N=7
100.00
0.00
57.14
14.29
0.00
Total
N=31
58.06
29.03
48.39
6.45
6.45
16. Do you know about the debate surrounding privacy concerns in AADHAAR
Identification Number) project of Indian government?
FGD1 FGD2 FGD3
N=8
N=8
N=8
I am not aware this project
0.00
25.00 12.50
62.50 37.50 62.50
I agree with the privacy concerns being raised
25.00 12.50 25.00
I do not agree with the privacy concerns being raised 0.00
12.50 0.00
Did not answer
12.50 12.50 0.00
or UID (Unique
17. Do you know about the debate surrounding privacy concerns in NATGRID
ligence Grid) project of Indian government?
FGD1 FGD2 FGD3
N=8
N=8
N=8
I am not aware this project
25.00 75.00 62.50
62.50 0.00
37.50
I agree with the privacy concerns being raised
0.00
0.00
0.00
I do not agree with the privacy concerns being raised 0.00
12.50 0.00
DId not answer
12.50 12.50 0.00
(National Intel-
67
FGD4
N=7
42.86
42.86
14.29
0.00
0.00
FGD4
N=7
100
0.00
0.00
0.00
0.00
Total
N=31
19.35
51.61
19.35
3.23
6.25
Total
N=31
74.19
16.13
0.00
3.23
6.45
Appendix 4: FGD - Questionnaire

Things to ensure before FGD begins:
Two recorders are in place (charged and tested)
Copies of following should be ready:
FGD questionnaire: 4 copies
Two OSN section sheets, Consent form, Receipt bill: for each
participant
Plain sheets, blank name tags and pens

Just after the focus group:
Pay the participant and get signature on a paper Get signature in
the .xls sheet

FGD:
Good afternoon everybody! Topic of todays focussed group discussion
is to study the perceptions of privacy in India. Firstly we would like to
thank you all for taking out time to participate in our study. We will
introduce the four moderators (as those present for the study) for
todays focus group:
Dr. Mala Bhandari, Sociologist
Aditi Gupta, Ph.D. Student, IIIT, Delhi
Niharika Sachdeva, M.Tech. Student, IIIT, Delhi
Dr. PK, Assistant professor, IIIT, Delhi

We are here just to facilitate the session today. We are interested in
hearing your point of view even if it is different from what others might
express. Please keep in mind there are no right or wrong responses, we
are just interested in what you have to say about the different topics
discussed today. The discussion is scheduled for about 1.5 hours. We are
going to make every effort to keep the discussion focused and within our
time frame. If too much time is being spent on one question or topic, I
may move the conversation along so we can cover all the questions. As a
protocol, in order to maintain the decorum and avoid missing out on any
important comments, we will request all of you to speak one at a time
during the FGD.

We will be audio taping the discussion because we dont want to miss
any comments. We will only be using first names today and there will
not be any names attached to the comments on the final report. You
may be assured complete confidentiality.

Does anyone have any questions at this point?
Please introduce yourself with your first name and if you can also write
your name on the name tag that would be appreciated. Lets go around
the table.

In the first section we will ask some questions on:
General Perceptions about Privacy
1. When you hear the word privacy, what comes to your mind? [Go
around the table to get comments from each participant]
Prompts:
a. Anything else?
b. Any other thoughts about the word privacy?

2. Do you have any (other) concerns about privacy? If so, please tell me
about them. We are not asking you to tell us about any specific private
information, just about the general kinds of concerns you may have.
Prompts:
a. If anything interesting comes up in answer to this question, probe
more.
Now, we will discuss privacy issues related to use of:
Mobile / Landline Phones:

3. Do you think mobile phones / landlines service providers invade your
privacy in any way?

Prompts:
a. What kind of privacy issues?
b. In case, you have different concerns for mobile and landlines,
please mention them separately.

4. Take a moment to think, and tell us about all the personal information
your phone service provider have about you.

a. We often get calls / SMSes from third party service providers,
with whom we have never shared our data or phone number, like
companies offering home loan, food discounts, etc.
i. What do you think about it?
ii. Why do you think it happens?
iii. If people mention SMS spam, ask more about how many
spam SMS they receive and what they do in order to stop
them.

5. In todays world, mostly all mobile phones have features like cameras,
bluetooth, wifi, etc. In what all ways do you think they pose a privacy
threat.

6. If somebody clicks a photograph or shoots a video around you from
the
camera in their mobile phone, what is your reaction to it?
Prompts:
a. Would like to share some experiences when something like this
has happened?
Next section, focusses on privacy concerns on:

Online Social Networks and Internet:

7. What do you think are privacy issues while using an online social
network, like Facebook, Twitter, YouTube, etc.?

8. What all-personal information (like birthday, address, phone number,
pictures, etc.) do you provide on an online social network.

9. [Give each participant a printout of privacy settings page of a social
networking website, currently the sheet has default Facebook privacy
settings] Please mark your current privacy settings for your account
information on an OSN, while doing so can you please also say why you
have such a setting?

10. [Give each participant a printout of permission requesting page by an
application on Facebook] While using social networking sites, if you play
games or use third party applications, you must have seen a screen like
this appear. Which of the following permissions do you allow the
application or not allow applications to access.

11. Criminals may use your personal information to create an identity
and impersonate you on the Internet. Do you think such a scenario is

possible?
Prompts:
a. If yes, how?

Now, we will discuss some privacy issues while using:
Credit Cards

12. When we shop or eat at a restaurant, many a times, we pay through
credit cards instead of making cash payment. What all are your privacy
concerns while using the credit card?
Prompts:
a. If people mention some scenarios in which they have lost their
credit card, probe more about what were the consequences or
what action people take.
13. Do you think someone can create another identity, by misusing /
stealing your credit card details.
Prompts:
a. If yes, how do you think it can happen?
b. What are your concerns?

14. Many of us use credit card for online banking, paying bills or buying
products. How secured or protected do you feel while using such web
services for online money transfers?
a. Please share your experiences while doing such a transaction.

Now, we would like to probe a little into your views about:
Government initiatives / Legal aspects of privacy:

15. What are your views on Privacy Laws in India?
Prompts:
a. Do you know what are your rights with respect to privacy.

16. In last six months, please state some scenarios, in which you have felt
apprehensive about sharing your personal information with government
agencies?
Prompts:
a. For example, while filling your income tax, or opening a bank
account, etc.

17. The UID and NATGRID projects in India are being supported and
advocated by the Indian Government. In what ways do you think
government agencies having all your details about bank accounts,
physical movement, activities, etc. can be misused?

18. What policies and actions should the government enforce to maintain
or protect your personal privacy?
Prompts:
a. So do you feel most of the above measures are already enforced
by the government.
b. If no, then how and why do you trust the government.

19. Where would you report (which authorities), if you have privacy
issues with the following:

a. Private agencies
b. Government agencies

Now to conclude our focus group, this is our final discussion question.

Conclusion
20. Now that youve had a chance to think more about your personal
data and the issues of privacy, what privacy concerns do you have now,
if any? Do you have more or less concerns as you did at the beginning of
the interview?

Thank you for your time and efforts. We are just about out of time. Are
there any final comments/suggestions that anybody has before we
close? The information you have provided us will help us in
understanding privacy perceptions of people in India.

Appendix 5: FGD Personally Identifiable Information

PII is defined as any information about an individual maintained by an agency, including (1) any information
that can be used to distinguish or trace an individuals identity, such as name, Social Security number, date
and place of birth, mothers maiden name, or biometric records; and (2) any other information that is linked
or linkable to an individual, such as medical, educational, financial, and employment information. Please tick,
what according to you is Personal Information (Personally Identifiable Information)?

Full Name

Designation

Date of Birth

Birth Place
Caste

Gender

Religion

Family member names

Marital status

Permanent Address

Temporary Address

Education Qualification

Category-SC/ST/OBC/General

Phone number (Landline)

Mobile Number
CVV number

Pancard number

Bank account number

Credit card number / Debit Card number

Ration Card number
Vehicle registration Number

Passport Number

ATM pin number

Organisation/Institutes Name and other details
like phone number, address etc.

Salary

Photograph (Hard Copy)

Photograph (Digital Copy)

Passport photocopy

Voters Card photocopy

Passbook photocopy

Ration card photocopy

ID card photocopy

CV/Resume

Photocopy of other identity proofs, like PAN
card etc.

Medical records

Property details

Tax details (House/Income etc.)

Academic Grades or marksheet copy

Your bank name

Fingerprints and other biometric details
Your phone service providers name

Email and other passwords

E-mail address

Vehicle registration number

Others Please Specify
Appendix 6: Survey Questionnaire

Privacy Perceptions in India
The study Privacy Perceptions in India, an initiative by PreCog @ IIIT-Delhi is focused on understanding and
analyzing various privacy perceptions and concerns of Indian citizens. The questions span across, privacy in
general, mobile / land-line phones, online social networks, credit cards, ATM cards, and government involvement in
individuals life.
Ten survey participants will be periodically selected to win exciting prizes (i-pod, digital cameras, etc.), as a token of
appreciation for their efforts. We will disseminate the results from the study on public forums. All data collected
during this survey will be anonymized and aggregated for dissemination of the results. Your answers are treated
confidentially and used for research purposes only.
Thank you for your time in filling the survey. Please feel free to write to us at [email protected] for any
suggestions or feedback. In total, there are 6 sections, and on average it should take about 30 minutes to complete
the survey.
Section 1 of 6: General Privacy
1. When you hear the word privacy, what comes to your mind? (Choose all that apply)
Bodily privacy (e.g. your physical body)
Communication privacy (e.g. calls received or dialed through telephone)
Information privacy (e.g. information exchanged on the Internet)
Territorial privacy (e.g. your living space, working space)
All of the above
Others (please specify) _________________________
2. Which of the following information is personal to you that you would NOT like to share? (Choose all that apply)
Credit card number
Date of birth
Email address
Family details
Full name
Landline number
Others (please specify) _______________
3.
Marital status
Mobile number:
Passport number
Passwords
Personal income
Pictures and videos featuring self
Physical details height, weight, eye colour
Religion
All of the above
Does privacy for you change with situation and context, i.e. what information you share with whom may be
different at different time and context? (Choose one which is applicable)
Yes
No
May be
4. With whom would you share the following information? (Choose all that apply)
Friends
Annual house
hold income
Bank account
details
Family
Relatives
Society
Banks
Government
Everybody
Nobody
Friends
Family
Relatives
Society
Banks
Government
Everybody
Nobody
Credit card
number
Date of birth
Email address
Family details
Full name
Health and
medical history
Landline number
Marital status
Mobile number
Passport number
Passwords
Personal income
Pictures and
videos featuring
self
Physical details
e.g.height,
weight, eye
colour.
Postal mailing
address
.
Religion
5. Imagine you are walking through a shopping mall, where you observe a camera capturing the movements of
people in the shops, what would be your reaction? (Choose one which is applicable)
I would not change my actions
I would try to avoid the camera
I would never go to the shopping mall again
If at all, a camera captures my movements, I would be curious to know the reasons for capturing the video
Others (please specify)___________________________________________________________________
6. How much do you agree / disagree with the following statements? (Choose one which is applicable)
o Consumers have lost all control over how personal information about them is circulated and used by
companies
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
o Most businesses handle the personal information they collect about consumers in a proper and
confidential way
Strongly agree
Agree
o Mobile phones can be privacy invasive

Strongly agree
Agree
Neutral
Disagree
Strongly disagree
Neutral
Disagree
Strongly disagree
Disagree
Strongly disagree
Neutral
Disagree
Strongly disagree
Neutral
Disagree
Strongly disagree
Neutral
Disagree
Strongly disagree
o Landline phones can interfere with individuals privacy

Strongly agree
Agree
Neutral
o Websites can hinder privacy by collecting personal information

Strongly agree
Agree
o Credit cards can be privacy invasive

Strongly agree
Agree
o Phone banking can invade privacy

Strongly agree
Agree
7. Consider a scenario where you visit a coffee shop which provides a free Wi-Fi connectivity for its customers. It
doesnt ask for password for connectivity. Would you access the Wi-Fi facility to log-in your email? (Choose one
which is applicable)
Definitely would
Probably Not
Probably would
Definitely Not
Not sure
8. Imagine for checking your results of an entrance exam you went to the institute and saw that the results have
been displayed on a notice board with your name, marks and category (general / OBC / SC) mentioned.
(Choose one which is applicable)
o
How would you feel about your marks being displayed on the notice board?
How would you feel about your category (general / OBC / SC) being displayed on the notice board?
9. While travelling in long-distance trains, a reservation chart with details e.g. last name, first name, age, gender,
boarding station, destination, seat number, PNR number for each passenger is displayed on the platform and
the compartment. How would you feel about your information being displayed as in this scenario (Choose one
which is applicable)?

Section 2 of 6: Mobile phone privacy

Now, you will look at mobile phone privacy section.
10. Do you save personal information in your mobile phone? (Choose one which is applicable)
Yes (Go to Qn. 11)
No (Go to Qn. 12)
Dont remember (Go to Qn. 13)
11. What is the personal information which you dont mind storing in your mobile phone?( Choose all that apply and
Go to Qn. 13)
Business related information (meeting details)
Credit card number(s) / ATM card number(s) / PIN number(s)
Information e.g. date of birth, PAN number, ID number, account number
Password(s)
Videos, photographs,etc.
All of the above
Others (please specify)___________________________
12. What are the reasons for which you dont store personal information on your mobile phone? (choose all that
apply)
Worried about phone being stolen / lost
Concerned about somebody accessing the phone at work, or outdoors without permission
Concerned about somebody accessing the phone at home without permission
Dont feel the need
All of the above
Others (please specify)____________________________________________________
13. Imagine you visited a mobile service provider (e.g. Vodafone) to buy a new mobile connection; they asked you
to fill a form giving details e.g. name, date of birth, ID proof. Which of the information given below you would
share with them, if they are NOT mandatory fields? (Choose all that apply)
Alternative address proof
Photograph(s)
Another contact number
Proof of place of work
Parents details
ID proof
All of the above
Permanent address proof
None of the above
Others (please specify) __________________________________________
14. How much do you agree / disagree with these statements? (Choose one which is applicable)
Mobile service providers give reasonable protection for the information they collect
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
Mobile service providers can keep a record and can access the information exchanged through mobile
phone
Strongly agree
Agree
Agree
Strongly disagree
Neutral
Disagree
Strongly disagree
Mobile service providers can share the customers information with government organization when
required, even without informing the customers
Strongly agree
Disagree
Phone conversations can be tapped by mobile service providers in national interest

Strongly agree
Neutral
Agree
Neutral
Disagree
Strongly disagree
Mobile service providers can share private information you provide them with third parties
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
15. Do you use phone banking services to check your balance in the account? (Choose one which is applicable)
No, because I fear information may be leaked through phone tapping
Others (please specify) ____________________________________
16. Would you use phone banking services to transfer money from your account? (Choose one which is applicable)
Yes, I dont have a choice
No, because I fear information may be leaked through phone tapping
Others (please specify) ____________________________________
17. While exchanging information on mobile phone, what according to you, is the extent of confidentiality provided
by the mobile service provider for information being exchanged? (Choose one which is applicable)
Very high
High
Neutral
Low
Very Low
I dont know
18. What do you do before you sell your mobile phone? (Choose one which is applicable)
Copy the details and other information from SIM card and phone memory
Copy the information from SIM card and phone memory and then delete information
Delete all information that is stored in the mobile phone
Delete only specific details e.g. phone numbers and messages
Dont do anything
Others (please specify) ________________________________

19. While exchanging information on land-line phone, what according to you, is the extent of confidentiality provided
by the land-line service provider for information being exchanged? (Choose one which is applicable)
Very high
High
Neutral
Low
Very Low
I dont know
20. While moving in a shopping mall, imagine you see somebody taking your picture using a mobile phone, what
would be your reaction? (Choose one which is applicable)
No reaction
I dont like a stranger taking my picture without my permission
I dont like being photographed at all in public places
Others (please specify) ___________________________________
21. While travelling (i.e. in roaming), the mobile service providers use regional languages to present information
e.g. user busy, phone switched off. For example, if your phone connection is from Delhi and if you are traveling
in Mumbai, the messages are presented in Marathi. Would you consider this feature as privacy invasive?
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
Section 3 of 6: Credit Cards

Now, you will look at credit card privacy section. In this section, we will use term credit cards for ATM cards, credit
cards, or debit cards or their combination.
22. Do you have a credit card issued in your name? (Choose one which is applicable)
Yes [Go to Qn. 23]
No, but I have used them [Go to Qn. 26]
No, I dont use them at all [Go to section 4 of 6]
23. Do you lend your credit cards to others? (Choose one which is applicable)
Yes (Go to Qn. 24)
No (Go to Qn. 25)
24. To whom do you lend your credit card for using it? (Choose all that apply)
Children
Friends
Relatives
Others (please specify)______________________
Parents
Spouse
25. Whose (owned by whom) credit card would you also use? (Choose all that apply and go to Qn. 27)
Children
Friends
Relatives
Parents
Spouse
Others (please specify)_______________________

26. Whose (owned by whom) credit card would you use? (Choose all that apply)
Children
None
Friends
Parents
Relatives
Spouse
Others (please specify)_______________________
27. What is true for you with respect to using credit cards in todays world? (Choose one which is applicable)
It is unavoidable
It is handy; use it frequently for various purposes e.g. shopping, petrol pumps, and grocery shops
Use only for specific tasks e.g. online ticketing
Use as a back-up for emergency situations
Others (please specify)_____________________________
28. Imagine that you went to a restaurant to have food with your friends / family. Which of the following is true if you
make the payment of the bill through your credit card? (Choose one which is applicable)
You would give the card to waiter, for making the payment
If you can go youself, you would take the card yourself to cash counter, get it swiped in front of you
If you cannot go yourself, you would give the card to waiter and check the details of bill carefully
You would give it only to the waiter only if its a trustworthy restaurant
You know it can be misused, but cannot do anything about it
You would not like to use credit card to make the payment
Others (please specify)______________________
29. Do you think credit cards should display the details e.g. name, phone number, date of birth on them? (Choose
one which is applicable)
It should not display any personal information, as it makes information public
It should display only relevant details required for identification
It should display all details as these are required for verification
It does not bother me
Others (please specify)_____________________________
30. Do you think it is possible for anybody to steal your identity and impersonate you, using your credit card?
Yes, it is fairly easy
Yes, but its not easy
No, its not possible under any circumstance
I have never thought about it
Others (please specify)___________________________________
31. Imagine you go to withdraw money from ATM; while you are withdrawing money, you notice other people
peeping into the ATM while you enter the PIN. How would you consider entering details of your account in this
scenario? (Choose one which is applicable)
Definitely would
Probably would
Not sure
Probably not
Definitely not
32. Imagine you go to withdraw money from ATM; how would you consider using the ATM center if there are two
machines in the same center and someone else is using the other machine? (Choose one which is applicable)
Definitely would
Probably not
Probably would
Definitely not
Not sure
Section 4 of 6: Internet and Online Social Network (OSN)

Now, you will look at Internet and Online Social Network (OSN) privacy section.
33. On visiting various websites, a lot of personal information is collected. How comfortable do you feel sharing
below mentioned information with any website? (Choose one which is applicable)
Always feel
comfortable
Annual house
hold income
Bank account
details
Credit card
number
Date of birth
Email address
Family details
Full name
Health and
medical history
Landline number
Marital status
Mobile number
Passport number
Passwords
Personal income
Pictures and videos
featuring self
Physical detailsheight, weight,
eye colour.
Usually feel
comfortable
Sometimes feel
comfortable
Rarely feel
comfortable
Never feel
comfortable
Postal mailing
address
.
Religion
34. Have you ever removed cookies in your browser after using the Internet? (Choose one which is applicable)
Often
Never
Sometimes
Not familiar with cookies
Hardly ever
Don't know
35. Which of the following email services do you use? (Choose all that apply)
Gmail
Hotmail
Official email
Yahoo mail
Others (please specify)____________________________
Do not use any email services [Go to Qn.39]
36. Do you exchange personal information, e.g. bank account numbers, passport details through your email?
(Choose the one which is applicable)
Yes, frequently
Sometimes
No, not at all
I dont remember
Only in emergency
37. Do you save personal information, e.g. bank account numbers, passport details in your email for future use?
Yes, frequently
No, not at all
Sometimes
I dont remember
Only in emergency
38. What are your privacy concerns while exchanging / saving personal information through email services?
I have no concerns
I believe that the privacy of my data is maintained
I am concerned, but I do not have a choice
I am concerned so I don't save/exchange
Dont know
39. Do you read the privacy policy of an e-commerce website e.g. PayPal, eBay, bank websites while creating an
account? (Choose one which is applicable)
Yes, I do
I browse through it
Never
Don't remember
Others (please specify)_____________________
40. Do you read the privacy policy of an email provider while creating an account? (Choose one which is
applicable)
Yes, I do
I browse through it
Never
Don't remember
Others (please specify)_____________________
41. Which of the following OSN services do you use? (Choose all which apply)
Facebook
MySpace
YouTube
Do not use any [Go to section 5]
Google+
Orkut
Others (please specify) .
LinkedIn
Twitter
42. What do you feel about privacy of your personal information on your OSN? (Choose one which is applicable)
It is not a concern at all
Since I have specified my privacy settings, my data is secure from a privacy breach
Even though, I have specified my privacy settings, I am concerned about privacy of my data
It is a concern, but I still share personal information
It is a concern; hence I do not share personal data on OSN
43. If you receive a friendship request on your most frequently used OSN, which of the following people will you add
as friends? (Choose all that apply)
Colleagues
Family members
Friends
People from my hometown
Person of opposite gender
Person with nice profile picture
Strangers (people you do not know)
Somebody, whom you do not know or recognize but have mutual / common friends with
Anyone
Others (please specify) ____________________________
44. Have you ever modified your default privacy settings on your OSN website? (Choose one which is applicable)
Yes, I have modified my privacy settings
No, I have never changed default settings
I dont remember
Dont know
45. Do you have a Facebook account?

Yes [Go to Qn. 46]
No [ Go to Qn. 49]
46. What privacy settings do you have for the following information on Facebook? Please provide your response to
the best of your knowledge. (Choose one which is applicable)
Not shared
Age
Date of birth
E mail ID
Gender
Location
Friends
Friends-ofFriends
Network
Everyone
Customized
Marital status
Name
Other profile
information e.g.
education and work
details
Pictures / Photos
Religion
Videos
47. Do you read the permission box that appears when you first access any third party application e.g. FarmVille,
Mafia Wars? (Choose one which is applicable)
Yes, I see but I dont read it and just allow, otherwise I cannot access the application
Yes, I read the permissions the application asks, but always "allow" the application
Yes, I read the permissions the application asks, and accordingly decide to "allow" or "not allow" the
application
I do not remember seeing any such permission box ever
No, I will never allow third-party application to access my personal information
No, I dont use third party applications
48. When would you use third-party applications on an online social network? (Choose all that apply)
When a friend recommends an application
When I see the application on my friend's news feed / wall
When online social network recommends an application
When I randomly stumble on some interesting application
Others (please specify) ______________________________________________________
49. Have you connected / inter-linked your various social networking accounts together e.g. Facebook, Twitter,
YouTube, Buzz, Orkut? (Choose one which is applicable)
Yes
No
I do not know of any such linking service
50. Do you think it is possible for somebody to steal your identity on your social network website i.e. create a profile
with your name, pictures and details? (Choose one which is applicable)
Yes, it is possible, but it has never happened to me
Yes, it is possible, and it has happened to me
No, it is not possible
Don't know
51. Do you read the privacy policy of an OSN provider while creating an account? (Choose one which is applicable)
Yes, I do
Never
I browse through it
Don't remember
Section 5 of 6: Government initiatives / Legal aspects of privacy
Now, you will look at government initiatives / legal aspects of privacy section.
52. Does the Indian constitution have a provision for privacy of Indian citizens? (Choose one which is applicable)
Yes, I know about it
Yes, but I dont know what it is
Not sure, I assume there is a provision, but, I am not aware of it
I do not know about this kind of a provision
No, there is no provision
53. Do we have privacy laws in India that protect Indian citizens privacy? (Choose one which is applicable)
Yes
No
Not sure
54. Are you aware of Unique Identification Number (UID), a Government of India initiative for every citizen in India?
Yes [Go to Qn. 55]
No [Go to Qn. 56]
Heard about it, but do not know the details [Go to Qn. 56]
55. How much do you agree with the statement? (Choose one which is applicable)
o Personal information and biometric data e.g. fingerprints, iris scan could be accessible to other private
corporate through UID with whom you would NOT like to share this information otherwise?
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
o Government agencies could have access to details e.g. banking, land records, Internet logs, phone
records, arms records, driving license, property records, insurance, and income tax records which can be
misused by government agencies
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
56. Are you aware of the NATGRID (National intelligence Grid) project? (Choose one which is applicable)
Yes [Go to Qn.57]
Heard about it, but do not know the details[ Go to section 6 ]
No [Go to section 6]
57. How much do you agree with the statement. Projects such as NATGRID (National Intelligence Grid) which can
access details and movement records of an individual, can be misused by government agencies? (Choose one
which is applicable)
Strongly agree
Agree
Neutral
Disagree
Strongly disagree
Section 6 of 6: Demographics
Now, you are in the demographics section.
58. How old are you? (Choose one which is applicable)
Less than 18 years
18 - 24 years
25 - 29 years
30 - 39 years
65 and above
40 49 years
50 64 years
59. What is your nationality? (Choose one which is applicable)

Indian
Others (please specify)____________
60. Which of the following state do you belong to (State of origin)? (Choose one which is applicable)
Andaman and Nicobar
Andhra Pradesh
Arunachal Pradesh
Bihar
Goa
Dadra and N. Haveli

Gujarat
Daman and Diu

Haryana
Delhi
Karnataka
Himachal Pradesh
Madhya Pradesh
Jammu and Kashmir

Maharashtra
Lakshwadeep Islands
Manipur
Kerala
Mizoram
Meghalaya
Nagaland
Odisha
Puducherry
Rajasthan
Uttar Pradesh
Sikkim
West Bengal
Tamil Nadu
Jharkhand
Punjab
Tripura
Chhattisgarh
Assam
Uttarakhand
Others (please specify)________________________________________________________

61. Choose the states where you have lived in the past five years: (Choose all that apply)
Andaman and Nicobar
Andhra Pradesh
Arunachal Pradesh
Assam
Bihar
Dadra and N. Haveli
Daman and Diu
Delhi
Goa
Gujarat
Haryana
Karnataka
Himachal Pradesh
Jammu and Kashmir
Lakshwadeep Islands
Kerala
Madhya Pradesh
Maharashtra
Manipur
Meghalaya
Mizoram
Nagaland
Odisha
Puducherry
Punjab
Rajasthan
Sikkim
Tamil Nadu
Tripura
Uttar Pradesh
West Bengal
Jharkhand
Chhattisgarh
Uttarakhand
Others (please specify)_________________________________________________________
62. What is your gender? (Choose one which is applicable)
Male
Female
63. What is the highest level of educational degree you have received? (Choose one which is applicable)
Less than High school

Post Graduate
High School
Doctorate
College Graduate
Others (please specify)____________________________________________________________

64. What is your profession? (Choose one which is applicable)
Computer / IT related
Professional (Doctor, CA, etc.)
Housewife
Manufacturing / Business
Student
Teaching / Research
Others (please specify)__________________________________________________________
65. What is your occupation? (Choose one which is applicable)

Business / self employed
Student
Not employed
Others (please specify)_________________
66. In which of the following places do you use a computer? (Choose all that apply)
College
Cyber Caf
Home
Library
School
Work / office
All the above
Others (please specify)_____________________________________________________
67. For what purpose do you use computers? (Choose all that apply)
Entertainment / Gaming
Exchanging e-mails / instant messages
Official / Work purpose
Online social networking
Purchasing products online

Word Processing
World Wide Web / Internet browsing
Others (please specify)______________
68. Do you own a personal computer? (Choose one which is applicable)

Yes
No
69. How long have you been using computers? (Choose one which is applicable)
70. How long have you been using the Internet ? (Choose one which is applicable)
0-2 years
More than 5 years

Dont remember
71. How often do you use the Internet? (Choose one which is applicable)
Always connected
Several times a week
Once a month
Several times a day

Once a week
Few times a year
Once a day
Several times a month
72. Which of the following electronic communication media and devices you use? (Choose all that apply)
Credit / Debit card

Internet
Landline phone
Mobile banking
Mobile phone
All of the above
Others (please specify)_________________________________________________
73. How did you get to know about this survey / study? (Choose all that apply)
College / office
Newspaper
e-mail
IIIT-Delhi website
Through friends and acquaintances
9dot9
Others (please specify)_____________________________________________________
74. Where did you fill the form? (Choose one which is applicable)
Online on Survey Monkey
In your campus / organization
Public space e.g. Shopping Mall, Cinema, market, and park
Others (please specify)_______________________________________________________
Ten survey participants will be periodically selected to win exciting prizes (i-pod, digital cameras, etc.). If you want
to take part in the lucky draw, please specify an email address or phone number where we could contact you, if you
are a winner. All data collected during this survey will be anonymized and aggregated for dissemination of the
results. Your answers are treated confidentially and used for research purposes only. We will not use your contact
information for any other purposes but to contact you to collect your prize.
Email address ________________________________________
Contact number________________________________________
Thank you for your time!!

PI 2012 Complete Report

Uploaded by

Copyright:

Available Formats

PI 2012 Complete Report

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PI 2012 Complete Report

Uploaded by

Copyright:

Available Formats

Privacy in India: Attitudes and Awareness V 2.

Indraprastha Institute of Information Technology, Delhi

Privacy is the claim of individuals, groups or institutions to determine for themselves

Cultural status of privacy in India . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Motivation and rationale

4 Focus Group Discussions

Inferences from the discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Marking information as personally identifiable information . . . . . . . . . . . 15

Marking Facebook privacy settings . . . . . . . . . . . . . . . . . . . . . . . . 15

One of the interviews that we conducted in Delhi.

One of the focus group discussions (18 24 years group). . . . . . . . . . . . . . . . 14

General privacy settings in Facebook. . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Advanced privacy settings in Facebook. . . . . . . . . . . . . . . . . . . . . . . . . . 16

Request for permissions by a Facebook application. . . . . . . . . . . . . . . . . . . . 18

Demographics of the participants in the interviews. . . . . . . . . . . . . . . . . . . .

Percentage of participants marking the data as Personally Identifiable Information

Percentage of participants marking the data as Personally Identifiable Information

Cultural status of privacy in India

Motivation and rationale

Our main contributions are as follows:

Figure 3.1: Picture of one of the interviews that we conducted in Delhi.

Focus Group Discussions

FGD2 FGD3 FGD4

Inferences from the discussion

Anonymized to preserve the privacy.

Marking information as personally identifiable information

Marking Facebook privacy settings

Figure 4.2: General privacy settings in Facebook.

Figure 4.3: Advanced privacy settings in Facebook.

Figure 4.4: Request for permissions by a Facebook application.

Bodily privacy (e.g. your physical body)

There is a possibility of 0.01 rounding error.

Annual house hold income

Annual house hold income

4. With whom would you share the following information?

Government Everybody Nobody

I would not change my actions

6. How much do you agree / disagree with these statements?

Consumers have lost all control

How would you feel about

Always feel comfortable

Section 2: Mobile Privacy

Business related information (meeting details)

Worried about phone being stolen / lost

Alternative address proof

Mobile service providers give

Yes, it is safe to use

Yes, it is safe to use

18. What do you do before you sell your mobile phone?

26. Whose (owned by whom) credit card would you use?

It should not display any personal information, as it makes

Yes, it is fairly easy

Section 4: Internet and Online Social Network

Annual house hold income

35. Which of the following email services do you use?

It is not a concern at all

Yes, I have modified my privacy settings

45. Do you have a Facebook account?

Network Everyone Customized