Using organisational safeguards to make justifiable privacy decisions when processing personal data
نویسنده
چکیده
Privacy-enhancing technologies can be used to enhance the privacy of individuals who interact with information processing systems. This paper considers such technologies that can be used by the organisation to safeguard personal information it processes. The paper focuses on how access control could be used to protect the individual against misuse of personal data inside the organisation. More specifically the paper considers how such a privacy-enhancing technology can make a just choice when deciding whether an access request to personal data should be allowed or not. Access control decisions in this paper are based on the regulations that govern the interaction, the organisational policies that apply and the individual’s privacy preferences. The proposed model forms part of the organisational safeguards layer of the Layered Privacy Architecture (LaPA) proposed earlier.
منابع مشابه
The Principle of Security Safeguards: Accidental Activities
The principle of information security safeguards is a key information principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has ...
متن کاملA layered architecture for privacy - enhancing technologies
While a number of privacy-enhancing technologies have been proposed over the past quarter century, very little has been done to generalise the notion. Privacy-enhancing technologies have typically been discussed for specific applications (such as confidential and/or anonymous e-mail) or in specific contexts (such as on the Internet). This paper takes cognisance of existing privacy-enhancing tec...
متن کاملPrivacy Issues with the Electronic Medical Record
Electronic medical records (EMR) all have privacy safeguards in place. Major healthcare institutions have taken steps to prevent employees from looking up information on patients whom they do not treat directly, however numerous potential intrusions into patient privacy are still possible. Centralization of medical records in the increasing number of multi-group practices distributes personal m...
متن کاملMapping 'Security Safeguard' Requirements in a data privacy legislation to an international privacy framework: A compliance methodology
It is commonplace for organisations to collect personal information to be processed and stored on their systems. Until recently, there was no comprehensive legislation that addressed the ‘processing’ of personal information by organisations in South Africa. The Protection of Personal Information Bill (“POPI”) was signed into law in November 2013 and is expected to come into effect, later this y...
متن کاملTowards Improving Transparency, Intervenability, and Consent in HCI
Transparency of personal data processing is enforced by most Western privacy laws, including the new General Data Protection Regulation (GDPR) which will be effective from May 2018. The GDPR specifies that personal data shall be processed lawfully, fairly, and in a transparent manner. It strengthens people’s rights for both ex-ante and ex-post transparency and intervenability. Equally important...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- South African Computer Journal
دوره 33 شماره
صفحات -
تاریخ انتشار 2004