Studies of information exposure are a cornerstone of information security research. Within the research realm of information exposure, the inadvertent exposure of information is a topic of particular interest. In the extent literature this phenomenon is often referred to as information leakage or information spillage. In this work in progress, we seek to understand the extent usage of these terms and to work towards a harmonized definition of both terms. We present a systematic review of literature detailing the prior use of both terms and the definitions put forward in the literature. Furthermore, we propose a framework for defining information spillage and information leakage based on the dimensions of user action and system behavior.

Abstract Only