Search results
1 – 10 of over 53000This paper considers the effectiveness of the Data Protection Act since its launch in 1984. The National Audit Office prepared a report in 1993, which was critical of the Data…
Abstract
This paper considers the effectiveness of the Data Protection Act since its launch in 1984. The National Audit Office prepared a report in 1993, which was critical of the Data Protection Registrar, its implementation of the registration and the eight data protection principles of good practice. These criticisms are discussed here with a view to improving the Registrar's approach to data protection law, and its attitude to those who are required to register under the Data Protection Act.
M. Naughton, I. Callanan, A. Guerandel and K. Malone
Medical confidentiality derives from the Hippocratic Oath and has been affirmed in most codes of professional conduct, including the Irish Medical Council's guide to professional…
Abstract
Purpose
Medical confidentiality derives from the Hippocratic Oath and has been affirmed in most codes of professional conduct, including the Irish Medical Council's guide to professional conduct and ethics. The Irish Data Protection Act 1988 and Amendment 2003 bring this responsibility into a legal forum. The aim of this audit is to assess how comprehensively medical tutors/consultants instilled knowledge and appreciation of confidentiality and data protection to medical students in a prominent Dublin University Hospital.
Design/methodology/approach
Breaches in data protection legislation by final year medical students were identified by means of a questionnaire. Changes were made to the curriculum (presentations, notices on students' e‐learning interface and induction manual) and to the exams in psychiatry, to increase awareness of data protection legislation. Students at the same point in their education were re‐assessed one year later to see if the interventions were helpful in increasing knowledge and improving adherence to data protection legislation.
Findings
Significant breaches of the data protection legislation at baseline and follow up were identified. Examples include: “Data shall be kept for one or more specified, explicit and legitimate purposes” – when asked if they would inform patients that assessments were for submission of a case report, 44 per cent at baseline and 56 per cent at follow‐up said yes. “Appropriate security measures shall be taken against unauthorised access” – 52 per cent password‐protected their computer at baseline and 59 per cent did at follow‐up. Of those that had no password protection at baseline, 70 per cent of their computers were used by others, with little change in this at follow‐up (68 per cent). At baseline 52 per cent kept a copy of reports on USB devices compared to 46 per cent at follow‐up. 26 per cent admitted to losing a USB device in the past. “Data should not be kept longer than is necessary for that purpose” – 63 per cent admitting keeping electronic copies of case reports on their computers following submission at baseline and 64 per cent at follow‐up. “Data should be made anonymous” – 96 per cent at baseline and 100 per cent at follow‐up used initials when submitting case reports to make the data anonymous.
Practical implications
What was disappointing was that, while knowledge and awareness of obligations under data protection legislation improved following intervention, breaches in compliance still remained.
Originality/value
This is the first such audit in Ireland on the provision of educational training in the area of data protection legislation to medical students. It is likely that that such breaches by medical students reflect the tip of the iceberg in relation to probable breaches amongst registered healthcare professionals. The challenge now facing the medical profession and healthcare services is to effect behavioural change to improve compliance with data protection legislation.
Details
Keywords
Annegret Bendiek and Magnus Römer
This paper aims to explain how the EU projects its own data protection regime to third states and the US in particular. Digital services have become a central element in the…
Abstract
Purpose
This paper aims to explain how the EU projects its own data protection regime to third states and the US in particular. Digital services have become a central element in the transatlantic economy. A substantial part of that trade is associated with the transfer of data, most of it personal, requiring many of the new products and services emerging to adhere to data protection standards. Yet different conceptions of data protection exist across the Atlantic, with the EU putting a particular focus on protecting the fundamental right to privacy.
Design/methodology/approach
Using the distinction between positive and negative forms of market integration as a starting point (Scharpf, 1997), this paper examines the question of how the EU is projecting its own data protection regime to third states. The so-called California effect (Vogel, 1997) and the utilization of trade agreements in the EU’s foreign policy and external relations are well researched. With decreasing effectiveness and limited territorial reach of its enlargement policy, the EU found trade agreements to be particularly effective to set standards on a global level (Lavenex and Schimmelfennig, 2009). The existence of the single market makes the Union not only an important locus of regulation but also a strong economic actor with the global ambition of digital assertiveness. In the past, establishing standards for the EU’s vast consumer market has proven effective in compelling non-European market participants to join.
Findings
As the globe’s largest consumer market, Europe aims to project its own data protection laws through the market place principle (lex loci solutionis), requiring any data processor to follow its laws whenever European customers’ data are processed. This paper argues that European data protection law creates a “California Effect”, whereby the EU exerts pressure on extra-territorial markets by unilateral standard setting.
Originality/value
With its GDPR, the EU may have defused the problem of European citizens’ data being stored and evaluated according to the US law. However, it has also set a precedent of extra-territorial applicability of its legislation – despite having previously criticized the USA for such practices. By now, international companies increasingly store data of European customers in Europe to prevent conflicts with EU law. With this decision, the EU will apply its own law on others’ sovereign territory. Conflicts created through the extra-territorial effects of national law may contradict the principle of due diligence obligations but are nevertheless not illegitimate. They may, however, have further unintended effects: Other major economies are likely to be less reluctant in the future about passing legal provisions with extra-territorial effect.
Details
Keywords
The purpose of this paper is to solve the problem of information privacy and security of social users. Mobile internet and social network are more and more deeply integrated into…
Abstract
Purpose
The purpose of this paper is to solve the problem of information privacy and security of social users. Mobile internet and social network are more and more deeply integrated into people’s daily life, especially under the interaction of the fierce development momentum of the Internet of Things and diversified personalized services, more and more private information of social users is exposed to the network environment actively or unintentionally. In addition, a large amount of social network data not only brings more benefits to network application providers, but also provides motivation for malicious attackers. Therefore, under the social network environment, the research on the privacy protection of user information has great theoretical and practical significance.
Design/methodology/approach
In this study, based on the social network analysis, combined with the attribute reduction idea of rough set theory, the generalized reduction concept based on multi-level rough set from the perspectives of positive region, information entropy and knowledge granularity of rough set theory were proposed. Furthermore, it was traversed on the basis of the hierarchical compatible granularity space of the original information system and the corresponding attribute values are coarsened. The selected test data sets were tested, and the experimental results were analyzed.
Findings
The results showed that the algorithm can guarantee the anonymity requirement of data publishing and improve the effect of classification modeling on anonymous data in social network environment.
Research limitations/implications
In the test and verification of privacy protection algorithm and privacy protection scheme, the efficiency of algorithm and scheme needs to be tested on a larger data scale. However, the data in this study are not enough. In the following research, more data will be used for testing and verification.
Practical implications
In the context of social network, the hierarchical structure of data is introduced into rough set theory as domain knowledge by referring to human granulation cognitive mechanism, and rough set modeling for complex hierarchical data is studied for hierarchical data of decision table. The theoretical research results are applied to hierarchical decision rule mining and k-anonymous privacy protection data mining research, which enriches the connotation of rough set theory and has important theoretical and practical significance for further promoting the application of this theory. In addition, combined the theory of secure multi-party computing and the theory of attribute reduction in rough set, a privacy protection feature selection algorithm for multi-source decision table is proposed, which solves the privacy protection problem of feature selection in distributed environment. It provides a set of effective rough set feature selection method for privacy protection classification mining in distributed environment, which has practical application value for promoting the development of privacy protection data mining.
Originality/value
In this study, the proposed algorithm and scheme can effectively protect the privacy of social network data, ensure the availability of social network graph structure and realize the need of both protection and sharing of user attributes and relational data.
Details
Keywords
Zongda Wu, Shigen Shen, Huxiong Li, Haiping Zhou and Dongdong Zou
First, the authors analyze the key problems faced by the protection of digital library readers' data privacy and behavior privacy. Second, the authors introduce the…
Abstract
Purpose
First, the authors analyze the key problems faced by the protection of digital library readers' data privacy and behavior privacy. Second, the authors introduce the characteristics of all kinds of existing approaches to privacy protection and their application limitations in the protection of readers' data privacy and behavior privacy. Lastly, the authors compare the advantages and disadvantages of each kind of existing approaches in terms of security, efficiency, accuracy and practicality and analyze the challenges faced by the protection of digital library reader privacy.
Design/methodology/approach
In this paper, the authors review a number of research achievements relevant to privacy protection and analyze and evaluate the application limitations of them in the reader privacy protection of a digital library, consequently, establishing the constraints that an ideal approach to library reader privacy protection should meet, so as to provide references for the follow-up research of the problem.
Findings
As a result, the authors conclude that an ideal approach to reader privacy protection should be able to comprehensively improve the security of all kinds of readers' privacy information on the untrusted server-side as a whole, under the premise of not changing the architecture, efficiency, accuracy and practicality of a digital library system.
Originality/value
Along with the rapid development of new network technologies, such as cloud computing, the server-side of a digital library is becoming more and more untrustworthy, thereby, posing a serious threat to the privacy of library readers. In fact, the problem of reader privacy has become one of the important obstacles to the further development and application of digital libraries.
Details
Keywords
Jawahitha Sarabdeen and Immanuel Azaad Moonesar
The move toward e-health care in various countries is envisaged to reduce the cost of provision of health care, improve the quality of care and reduce medical errors. The most…
Abstract
Purpose
The move toward e-health care in various countries is envisaged to reduce the cost of provision of health care, improve the quality of care and reduce medical errors. The most significant problem is the protection of patients’ data privacy. If the patients are reluctant or refuse to participate in health care system due to lack of privacy laws and regulations, the benefit of the full-fledged e-health care system cannot be materialized. The purpose of this paper is to investigate the available e-health data privacy protection laws and the perception of the people using the e-health care facilities.
Design/methodology/approach
The researchers used content analysis to analyze the availability and comprehensive nature of the laws and regulations. The researchers also used survey method. Participants in the study comprised of health care professionals (n=46) and health care users (n=187) who are based in the Dubai, United Arab Emirates. The researchers applied descriptive statistics mechanisms and correlational analysis to analyze the data in the survey.
Findings
The content analysis revealed that the available health data protection laws are limited in scope. The survey results, however, showed that the respondents felt that they could trust the e-health services systems offered in the UAE as the data collected is protected, the rights are not violated. The research also revealed that there was no significance difference between the nationality and the privacy data statements. All the nationality agreed that there is protection in place for the protection of e-health data. There was no significance difference between the demographic data sets and the many data protection principles.
Originality/value
The findings on the users’ perception could help to evaluate the success in realizing current strategies and an action plan of benchmarking could be introduced.
Details
Keywords
This paper gives an overview of the 1984 Data Protection Act and the implications for records managers who store information about people on a computer. The terminology of the Act…
Abstract
This paper gives an overview of the 1984 Data Protection Act and the implications for records managers who store information about people on a computer. The terminology of the Act and its eight principles are described, and criteria are given for deciding whether or not an organisation should register with the Data Protection Registrar.
Efrosini Siougle, Sophia Dimelis and Nikolaos Malevris
This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of…
Abstract
Purpose
This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of data protection is analyzed based on the major requirements of the General Data Protection Regulation and mapped to the relevant controls of the ISO/IEC 27001/27002 standards.
Design/methodology/approach
The research analysis is based on 96 ISO 9001–certified and non-certified publicly traded manufacturing and service firms that responded to a structured questionnaire. The authors develop and empirically test their theoretical model using the structural equation modeling technique and follow a difference-in-differences econometric modeling approach to estimate financial performance differences between certified and non-certified firms accounting for the level of data protection.
Findings
The estimates indicate three core dimensions in the areas of “policies, procedures and responsibilities,” “access control management” and “risk-reduction techniques” as desirable components in establishing the concept of data security. The estimates also suggest that the data protection level has significantly impacted the performance of certified firms relative to the non-certified. Controlling for the effect of industry-level factors reveals a positive relationship between data security and high-technological intensity.
Practical implications
The results imply that improving the level of compliance to data protection enhances the link between certification and firm performance.
Originality/value
This study fills a gap in the literature by empirically testing the influence of data protection on the relationship between quality certification and firm performance.
Details
Keywords
Rene Kaiser, Stefan Thalmann and Viktoria Pammer-Schindler
This paper aims to report an interview study investigating knowledge protection practices in a collaborative research and innovation project centred around the semi-conductor…
Abstract
Purpose
This paper aims to report an interview study investigating knowledge protection practices in a collaborative research and innovation project centred around the semi-conductor industry. The authors explore which and how knowledge protection practices are applied and zoom in on a particular one to investigate the perspective of three stakeholders which collaborate: the SUPPLIER of a specialised machine, the APPLIER of this machine and a SCHOLAR who collaborates with both, in an effort to develop a grey-box model of the machine and its operation.
Design/methodology/approach
A total of 33 interviews have been conducted in two rounds: 30 interviews explore knowledge protection practices applied across a large project. Qualitative content analysis is applied to determine practices not well covered by the research community. A total of three follow-up interviews inspect one specific collaboration case of three partners. Quotes from all interviews are used to illustrate the participants’ viewpoints and motivation.
Findings
SCHOLAR and APPLIER communicate using a data-centric knowledge protection practice, in that concrete parameter values are sensitive and hidden by communicating data within a wider parameter range. This practice balances the benefit that all three stakeholders have from communicating about specifics of machine design and operations. The grey-box model combines engineering knowledge of both SUPPLIER and APPLIER.
Practical implications
The line of thought described in this study is applicable to comparable collaboration constellations of a SUPPLIER of a machine, an APPLIER of a machine and a SCHOLAR who analyses and draws insights out of data.
Originality/value
The paper fills a research gap by reporting on applied knowledge protection practices and characterising a data-centric knowledge protection practice around a grey-box model.
Details
Keywords
Vasiliki Diamantopoulou, Aggeliki Tsohou and Maria Karyda
This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by…
Abstract
Purpose
This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.
Design/methodology/approach
This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.
Findings
The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.
Originality/value
This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.
Details