Search results

The proliferation of electronic databases has given rise to many practices and occurrences that pose serious threats to personal privacy. This paper argues that attention to privacy should be an integral part of the database design process, and that database designers are uniquely positioned to ensure that this happens. To motivate students to become privacy‐conscious database design professionals, computer science programs must meet the challenges of implementing an “ethics across the curriculum” methodology to integrate privacy content throughout the design thread of the introductory database course.

Computer matching is a mass surveillance technique involving the comparison of data about many people, which have been acquired from multiple sources. Its use offers potential benefits, particularly financial savings. It is also error‐prone, and its power results in threats to established patterns and values. The imperatives of efficiency and equity demand that computer matching be used, and the information privacy interest demands that it be used only where justified, and be subjected to effective controls. Provides background to this important technique, including its development and application in the USA and in Australia, and a detailed technical description. Contends that the technique, its use, and controls over its use are very important issues which demand research. Computing, telecommunications and robotics artefacts which have the capacity to change society radically need to be subjected to early and careful analysis, not only by sociologists, lawyers and philosophers, but also by information technologists themselves.

This is the second of three articles addressing the critical issue of abusive data collection and usage practices and their effect on personal privacy. The first article, which appeared in consecutive issue 17 of Library Hi Tech, discussed the individual under assault. This article discusses the evolution of data protection laws within countries and international organizations that have enacted such laws, and compares the scope, major provisions, and enforcement components of the laws.

The major federal and state laws that govern the privacy aspects of the use of computer data banks fall into three types of relationships between individuals and institutions: 1) individuals dealing with private institutions such as colleges or universities, 2) individuals interacting with state and local governments; and 3) individuals interacting with the federal government. A separate section is devoted to each of these relationships, containing assessments of the effectiveness of the legal mechanisms that mediate them. The ability of privacy laws that are presently on the books to protect us from abusive information collection, dissemination, and management practices is specifically considered.

The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a trusted, decentralized data repository. Blockchain is a technology that provides such a data repository. However, the European Union’s General Data Protection Regulation (GDPR) assumed a centralized data repository, and it is commonly argued that blockchain technology is not usable. This paper aims to posit a framework for adopting a blockchain that follows the GDPR.

The paper uses the Levy and Ellis’ narrative review of literature methodology, which is based on constructivist theory posited by Lincoln and Guba. Using five information systems and computer science databases, the researchers searched for studies using the keywords GDPR and blockchain, using a forward and backward search technique. The search identified a corpus of 416 candidate studies, from which the researchers applied pre-established criteria to select 39 studies. The researchers mined this corpus for concepts, which they clustered into themes. Using the accepted computer science practice of privacy by design, the researchers combined the clustered themes into the paper’s posited framework.

The paper posits a framework that provides architectural tactics for designing a blockchain that follows GDPR to enhance privacy. The framework explicitly addresses the challenges of GDPR compliance using the unimagined decentralized storage of personal data. The framework addresses the blockchain–GDPR tension by establishing trust between a business and its customers vis-à-vis storing customers’ data. The trust is established through blockchain’s capability of providing the customer with private keys and control over their data, e.g. processing and access.

The paper provides a framework that demonstrates that blockchain technology can be designed for use in GDPR compliant solutions. In using the framework, a blockchain-based solution provides the ability to audit and monitor privacy measures, demonstrates a legal justification for processing activities, incorporates a data privacy policy, provides a map for data processing and ensures security and privacy awareness among all actors. The research is limited to a focus on blockchain–GDPR compliance; however, future research is needed to investigate the use of the framework in specific domains.

The paper posits a framework that identifies the strategies and tactics necessary for GDPR compliance. Practitioners need to compliment the framework with rigorous privacy risk management, i.e. conducting a privacy risk analysis, identifying strategies and tactics to address such risks and preparing a privacy impact assessment that enhances accountability and transparency of a blockchain.

With the increasingly strategic use of data by businesses and the contravening growth of data privacy regulation, alternative technologies could provide businesses with a means to nurture trust with its customers regarding collected data. However, it is commonly assumed that the decentralized approach of blockchain technology cannot be applied to this business need. This paper posits a framework that enables a blockchain to be designed that follows the GDPR; thereby, providing an alternative for businesses to collect customers’ data while ensuring the customers’ trust.

This study aims to identify the roles that privacy experiences and social media use play in influencing privacy-protection behaviors. As social media use expands in terms of the number of users and functionality; it is important to understand social media user privacy-protection behaviors and the users’ psychological underpinnings driving those behaviors. Among these, perceptions are the users’ evaluation of their privacy concerns and data sharing benefits inherent in social media use which influence the users’ behaviors to protect their privacy.

To research these issues, a theoretical model and hypotheses were developed, based on self-efficacy theory. The theoretical model was empirically tested using 193 questionnaire responses collected from students enrolled in business courses at a medium-sized university in the western USA. All the respondents reported that they routinely use social media. The empirical analysis was performed using structural equations modeling in PC SAS version 9.4, procedure Calis.

The estimation of the paths in the structural model indicates that privacy concerns positively influence social media users’ protection behaviors while the perceived benefits of data sharing negatively influence protection behaviors. Privacy experience positively influences privacy concerns. Alternatively, social media use positively influences social media self-efficacy and perceived usefulness, which, in turn, have meaningful influences on data sharing benefits.

Previous findings about the effect of self-efficacy on protection behaviors has been inconclusive. This study adds some clarity. Specifically, the findings suggest that the effect depends upon the foci of self-efficacy. While higher self-efficacy with respect to using privacy-related features of a specific technology tends to lead to greater privacy concerns, higher self-efficacy with respect to the more general technology (e.g. social media, computer) seems to affect protection behaviors through perceived benefits. Further, the results of this study offer conclusions about the roles that privacy experiences, social media use and perceived social media benefits play in affecting protection behaviors.

The goal of our work is to discuss the fundamental issues of privacy and anomaly‐based intrusion detection systems (IDS) and to design an efficient anomaly‐based intrusion IDS architecture where users' privacy is maintained.

In this work, any information that can link intrusion detection activity to a user is encrypted so as to pseudonyze the sensitive information. A database of encrypted information would then be created which becomes the source database for the IDS. The design makes use of dynamic key generation algorithm that generates key randomly when an intrusion is detected. The keys are only released when an intrusion occurs and immediately swapped to protect harm access to the mapping database.

The result after testing the new privacy maintained IDS architecture on an application package shows greater improvement over the ordinary IDSs. Privacy complaints reduced considerably from between 8 and 16 per week to about 1‐2.

We only tested the new privacy maintained IDS on a package, it would also be interesting to test the design on some other systems. There is a possibility that time to detection would increase because of the encryption/decryption part of the new design. All the same, we have designed an IDS architecture where privacy of users on the systems is guaranteed.

This work provides a background for researchers in IDS and it requires further improvements and extensions.

The work shows that it is possible to design an IDS architecture for maintaining privacy of users on the network. The result shows the originality of the new design.

Adoption of technology in academic libraries sets up circumstances for collection of personal patron information and records of patron information seeking behaviour not possible in the pre‐digital library. Even if collected unintentionally, this information may then be seized by law enforcement officials for criminal investigations. Passage of the USA PATRIOT Act has lowered the standards for obtaining search warrants that had previously been set by American legal precedent. This article describes potential situations where patron privacy can be endangered by the presence of information technology and how librarians can protect patron information and prepare patrons for safe information seeking in the online world.

To propose a model of a privacy‐enhanced catalogue search system (PECSS) in an attempt to address privacy threats to consumers, who search for products and services on the world wide web.

The model extends an agent‐based architecture for electronic catalogue mediation by supplementing it with a privacy enhancement mechanism. This mechanism introduces fake queries into the original stream of user queries, in an attempt to reduce the similarity between the actual interests of users (“internal user profile”) and the interests as observed by potential eavesdroppers on the web (“external user profile”). A prototype was constructed to demonstrate the feasibility and effectiveness of the model.

The evaluation of the model indicates that, by generating five fake queries per each original user query, the user's profile is hidden most effectively from any potential eavesdropper. Future research is needed to identify the optimal glossary of fake queries for various clients. The model also should be tested against various attacks perpetrated against the mixed stream of original and fake queries (i.e. statistical clustering).

The model's feasibility was evaluated through a prototype. It was not empirically tested against various statistical methods used by intruders to reveal the original queries.

A useful architecture for electronic commerce providers, internet service providers (ISP) and individual clients who are concerned with their privacy and wish to minimize their dependencies on third‐party security providers.

The contribution of the PECSS model stems from the fact that, as the internet gradually transforms into a non‐free service, anonymous browsing cannot be employed any more to protect consumers' privacy, and therefore other approaches should be explored. Moreover, unlike other approaches, our model does not rely on the honesty of any third mediators and proxies that are also exposed to the interests of the client. In addition, the proposed model is scalable as it is installed on the user's computer.

Facing the dilemma between collaboration and privacy is a continual challenge for users. In this setting, the purpose of this paper is to discuss issues of a highly flexible role management integrated in a privacy‐enhanced collaborative environment (PECE).

The general framework was provided by former findings of several research projects, i.e. collaborative platform BluES and projects of privacy and identity management PRIME and PrimeLife. The role management concept bases on a literature survey and has been proofed by integration into the privacy‐enhanced environment BluES'n.

A three‐dimensional role management concept was developed describing users' rights, tasks, and positions. A discussion on how to fulfill privacy requirements yielded that a semi‐automated decision making regarding the use of roles with different identities is reasonable to support users' control of their privacy when interacting with others.

The concept of flexible role management complies with the requirements of PECEs. However, a fully automated approach of rule‐based information disclosure is not possible as such decisions depend on personal and situational aspects.

Using the example of a flexible role management concept, research described in this paper demonstrates that privacy and interaction concerns can be balanced and should be considered in application design processes.

Concepts of PECEs allow respecting privacy‐related attitudes and could improve the quality of service consumption.

The paper demonstrates contrasts between collaboration and privacy attitudes and presents solutions for the integration of role management to overcome this initially supposed contradiction.