To read this content please select one of the options below:

Practical evaluation of a reference architecture for the management of privacy level agreements

Vasiliki Diamantopoulou (Department of Information and Communication Systems Engineering, University of the Aegean School of Sciences, Samos, Greece)
Haralambos Mouratidis (School of Computing, Engineering and Mathematics, University of Brighton, Brighton, UK)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 28 August 2019

Issue publication date: 23 October 2019

231

Abstract

Purpose

The enforcement of the General Data Protection Regulation imposes specific privacy- and -security related requirements that any organisation that processes European Union citizens’ personal data must comply with. The application of privacy- and security-by-design principles are assisting organisation in achieving compliance with the Regulation. The purpose of this study is to assist data controllers in their effort to achieve compliance with the new Regulation, by proposing the adoption of the privacy level agreement (PLA). A PLA is considered as a formal way for the data controllers and the data subjects to mutually agree the privacy settings of a service provisioned. A PLA supports privacy management, by analysing privacy threats, vulnerabilities and information systems’ trust relationships.

Design/methodology/approach

However, the concept of PLA has only been proposed on a theoretical level. To this aim, two different domains have been selected acting as real-life case studies, the public administration and the health care, where special categories of personal data are processed.

Findings

The results of the evaluation of the adoption of the PLA by the data controllers are positive. Furthermore, they indicate that the adoption of such an agreement facilitates data controllers in demonstrating transparency of their processes. Regarding data subjects, the evaluation process revealed that the use of the PLA increases trust levels on data controllers.

Originality/value

This paper proposes a novel reference architecture to enable PLA management in practice and reports on the application and evaluation of PLA management.

Keywords

Citation

Diamantopoulou, V. and Mouratidis, H. (2019), "Practical evaluation of a reference architecture for the management of privacy level agreements", Information and Computer Security, Vol. 27 No. 5, pp. 711-730. https://doi.org/10.1108/ICS-04-2019-0052

Publisher

:

Emerald Publishing Limited

Copyright © 2019, Emerald Publishing Limited

Related articles