Search results

Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art.

This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements.

As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.

This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

The Cloud of Things (IoT) that refers to the integration of the Cloud Computing (CC) and the Internet of Things (IoT), has dramatically changed the way treatments are done in the ubiquitous computing world. This integration has become imperative because the important amount of data generated by IoT devices needs the CC as a storage and processing infrastructure. Unfortunately, security issues in CoT remain more critical since users and IoT devices continue to share computing as well as networking resources remotely. Moreover, preserving data privacy in such an environment is also a critical concern. Therefore, the CoT is continuously growing up security and privacy issues. This paper focused on security and privacy considerations by analyzing some potential challenges and risks that need to be resolved. To achieve that, the CoT architecture and existing applications have been investigated. Furthermore, a number of security as well as privacy concerns and issues as well as open challenges, are discussed in this work.

Privacy scholars appear to struggle in conceptualizing blockchain from a privacy perspective: is it a privacy-enhancing mechanism like differential privacy, a privacy-intruding tool like third-party cookies or a technology orthogonal to the issue of privacy? Blockchain does not seem to neatly fit into any of these buckets that we traditionally use to gauge the privacy implications of information technologies. In this article, the authors argue that blockchain transcends the extant conceptualization of privacy because it modifies the nature of data flow upon which the modern concept of privacy is based.

The authors introduce a conceptualization of blockchain as a new mechanism for data management. Then, following this conceptualization, the authors present a functional review of blockchain, summarizing the features it provides for the data it manages. This review sets up the discussion of how blockchain redefines data flow by separating the power of collection, access and query of data to different entities. After illustrating how this change regrounds privacy concerns in a blockchain system, the authors conclude with a discussion of the recommendations for future privacy research on blockchain.

The authors demonstrate that blockchain, by design, separates three core data-centric operations that are assumed to be inextricably linked in the canonical conceptualization of privacy: the collection, access and query of data. Collection means to capture and then store the data; access means to modify or augment the data and query means the ability to test or verify certain properties of the data (e.g. whether a bank account has a zero balance). Traditionally, any entities that collect data can evidently read, modify or query the same data as they wish. With blockchain, however, an entity that stores the data may not be able to modify the data, yet an entity that cannot even read the data may be able to verify certain properties of the data.

Privacy scholars appear to struggle in conceptualizing blockchain from a privacy perspective: is it a privacy-enhancing mechanism like differential privacy, a privacy-intruding tool like third-party cookies or a technology orthogonal to the issue of privacy? In this article, the authors aim to respond to this important question.

There is significant national interest in tackling issues surrounding the needs of vulnerable children and adults. This paper aims to argue that much value can be gained from the application of new data-analytic approaches to assist with the care provided to vulnerable children. This paper highlights the ethical and information governance issues raised in the development of a research project that sought to access and analyse children’s social care data.

The paper documents the process involved in identifying, accessing and using data held in Birmingham City Council’s social care system for collaborative research with a partner organisation. This includes identifying the data, its structure and format; understanding the Data Protection Act 1998 and 2018 (DPA) exemptions that are relevant to ensure that legal obligations are met; data security and access management; the ethical and governance approval process.

The findings will include approaches to understanding the data, its structure and accessibility tasks involved in addressing ethical and legal obligations and requirements of the ethical and governance processes.

The aim of this research is to highlight the potential use of use new data-analytic techniques to examine the flow of children’s social care data from referral, through the assessment process, to the resulting service provision. Data held by Birmingham City Council are used throughout, and this paper highlights key ethical and information governance issues which were addressed in preparing and conducting the research. The findings provide insight for other data-led studies of a similar nature.

Data service (DS) is a special software service that enables data access in cloud environment and provides a unified data model for cross-origination data integration and data sharing. The purpose of the work is to automatically compose DSs and quickly generate data view to satisfy users' various data requirements (DRs).

The paper proposes an automatic DS composition and view generation approach. DSs are organized into DS dependence graph (DSDG) based on their inherent dependences, and DSs can be automatically composed using the DSDG according to user's DRs. Then, data view will be generated by interpreting the composed DS.

Experimental results with real cross-origination data sets show the proposed approaches have high efficiency and good quality for DS composition and view generation.

The authors propose a DS composition algorithm and a data view generation algorithm according to users' DRs.

Research suggests that centers of calculation, empowered by accounting inscriptions, are similar to maps: they provide a useful, albeit simplified, version of reality. The purposes of this paper are to examine whether and how digital platforms change the nature of centers of calculation, and to improve the understanding of the relationship between digital platforms and accounting.

An in-depth, single case-study design is used to empirically investigate how a Nordic hotel chain competed with global online travel agencies (OTAs) in the quest for the “new oil”—customer data.

The paper demonstrates how the case organization created a local alternative to global digital platforms with the aim of acquiring customer data, thereby moving from a center of calculation (CoC) to what authors label a “center of data appropriation” (CDA). While CoCs are guided by accounting inscriptions that enable “mapping”, CDAs are constructed around accounting inscriptions with other properties that enable digital “mirrors” of the economic domain. The authors find that this has two governing effects. First, multiple centers emerge that compete for access to the periphery. Second, future forms of competition can follow dynamic trajectories, where mutual dependence between CDAs may lead to coopetition.

Scholars have suggested that surveillance capitalism creates market-power imbalances. This study indicates that the transformation of local organizations into CDAs enables them to challenge global digital-platform organizations. Therefore, authors argue that local organizations may retain some market power by establishing local CDAs.

Effective use of data across public health organisations (PHOs) is essential for the provision of health services. While health technology and data use in clinical practice have been investigated, interactions with data in non-clinical practice have been largely neglected. The purpose of this paper is to consider what constitutes data, and how people in non-clinical roles in a PHO interact with data in their practice.

This mixed methods study involved a qualitative exploration of how employees of a large PHO interact with data in their non-clinical work roles. A quantitative survey was administered to complement insights gained through qualitative investigation.

Organisational boundaries emerged as a defining issue in interactions with data. The results explain how data work happens through observing, spanning and shifting of boundaries. The paper identifies five key issues that shape data work in relation to boundaries. Boundary objects and processes are considered, as well as the roles of boundary spanners and shifters.

The study was conducted in a large Australian PHO, which is not completely representative of the unique contexts of similar organisations. The study has implications for research in information and organisational studies, opening fields of inquiry for further investigation.

Effective systems-wide data use can improve health service efficiencies and outcomes. There are also implications for the provision of services by other health and public sectors.

The study contributes to closing a significant research gap in understanding interactions with data in the workplace, particularly in non-clinical roles in health. Research analysis connects concepts of knowledge boundaries, boundary spanning and boundary objects with insights into information behaviours in the health workplace. Boundary processes emerge as an important concept to understand interactions with data. The result is a novel typology of interactions with data in relation to organisational boundaries.

Advances in Big Data, artificial Intelligence and data-driven innovation bring enormous benefits for the overall society and for different sectors. By contrast, their misuse can lead to data workflows bypassing the intent of privacy and data protection law, as well as of ethical mandates. It may be referred to as the ‘creep factor’ of Big Data, and needs to be tackled right away, especially considering that we are moving towards the ‘datafication’ of society, where devices to capture, collect, store and process data are becoming ever-cheaper and faster, whilst the computational power is continuously increasing. If using Big Data in truly anonymisable ways, within an ethically sound and societally focussed framework, is capable of acting as an enabler of sustainable development, using Big Data outside such a framework poses a number of threats, potential hurdles and multiple ethical challenges. Some examples are the impact on privacy caused by new surveillance tools and data gathering techniques, including also group privacy, high-tech profiling, automated decision making and discriminatory practices. In our society, everything can be given a score and critical life changing opportunities are increasingly determined by such scoring systems, often obtained through secret predictive algorithms applied to data to determine who has value. It is therefore essential to guarantee the fairness and accurateness of such scoring systems and that the decisions relying upon them are realised in a legal and ethical manner, avoiding the risk of stigmatisation capable of affecting individuals’ opportunities. Likewise, it is necessary to prevent the so-called ‘social cooling’. This represents the long-term negative side effects of the data-driven innovation, in particular of such scoring systems and of the reputation economy. It is reflected in terms, for instance, of self-censorship, risk-aversion and lack of exercise of free speech generated by increasingly intrusive Big Data practices lacking an ethical foundation. Another key ethics dimension pertains to human-data interaction in Internet of Things (IoT) environments, which is increasing the volume of data collected, the speed of the process and the variety of data sources. It is urgent to further investigate aspects like the ‘ownership’ of data and other hurdles, especially considering that the regulatory landscape is developing at a much slower pace than IoT and the evolution of Big Data technologies. These are only some examples of the issues and consequences that Big Data raise, which require adequate measures in response to the ‘data trust deficit’, moving not towards the prohibition of the collection of data but rather towards the identification and prohibition of their misuse and unfair behaviours and treatments, once government and companies have such data. At the same time, the debate should further investigate ‘data altruism’, deepening how the increasing amounts of data in our society can be concretely used for public good and the best implementation modalities.

This study aims to present a guide for using grounded theory methods for exploring organizational phenomena of the new online era.

A reflexive account is adopted on how one can build upon the foundations of traditional offline grounded theory for conducting grounded theorizing with online-based data.

Guidelines for conducting grounded theory on online contexts are presented for crafting research questions, gathering online data and using consolidated methods for analyzing online data. This study shows future and present challenges posed by the new online era for grounded theorizing, as well as helpful lessons to be learned from traditional offline grounded theory to mitigate them.

The implications are helpful for established qualitative organizational scholars that are yet to catch-up in the boundary spanning process of using the digital sources of data in grounded theory. They are equally helpful for newcomers on qualitative grounded theory by guiding them on where and how to start these challenging research endeavors of grounded theorizing in this new online era.

Scant attention has been given on applications of grounded theory in the new online era. The differences between online and offline settings have not been clearly defined to this date, and neither do guidelines exist for how qualitative grounded theorists can take advantage of online data to build theory about new organizational phenomena emerging in the online era.

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.