Search results

This study is an exploration of areas pertaining to the use of production data in non-production environments. During the software development life cycle, non-production environments are used to serve various purposes to include unit, component, integration, system, user acceptance, performance and configuration testing. Organisations and third parties have been and are continuing to use copies of production data in non-production environments. This can lead to personal and sensitive data being accidentally leaked if appropriate and rigorous security guidelines are not implemented. This paper aims to propose a comprehensive framework for minimising data leakage from non-production environments. The framework was evaluated using guided interviews and was proven effective in helping organisation manage sensitive data in non-production environments.

Authors conducted a thorough literature review on areas related to data leakage from non-production systems. By doing an analysis of advice, guidelines and frameworks that aims at finding a practical solution for selecting and implementing a de-identification solution of sensitive data, the authors managed to highlight the importance of all areas related to sensitive data protection. Based on these areas, a framework was proposed which was evaluated by conducting set of guided interviews.

This paper has researched the background information and produced a framework for an organisation to manage sensitive data in its non-production environments. This paper presents a proposed framework that describes a process flow from the legal and regulatory requirements to data treatment and protection, gained through understanding the organisation’s business, the production system, the purpose and the requirements of the non-production environment. The paper shows that there is some conflict between security and perceived usability, which may be addressed by challenging the perceptions of usability or identifying the compromise required. Non-production environments need not be the sole responsibility of the IT section, they should be of interest to the business area that is responsible for the data held.

This paper proposes a simplified business model and framework. The proposed model diagrammatically describes the interactions of elements affecting the organisation. It highlights how non-production environments may be perceived as separate from the business systems, but despite the perceptions, these are still subject to the same legal requirements and constraints. It shows the interdependency of data, software, technical infrastructure and human interaction and how the change of one element may affect the others. The proposed framework describes the process flow and forms a practical solution in assisting the decision-making process and providing documentary evidence for assurance and audit purposes. It looks at the requirements of the non-production system in relation to the legal and regulatory constraints, as well as the organisational requirements and business systems. The impact of human factors on the data is also considered to bring a holistic approach to the protection of non-production environments.

Reusing existing data sets of health information for public health or medical research has much to recommend it. Much data repurposing in medical or public health research or practice involves information that has been stripped of individual identifiers but some does not. In some cases, there may have been consent to the reuse but in other cases consent may be absent and people may be entirely unaware of how the data about them are being used. Data sets are also being combined and may contain information with very different sources, consent histories, and individual identifiers. Much of the ethical and policy discussion about the permissibility of data reuse has centered on two questions: for identifiable data, the scope of the original consent and whether the reuse is permissible in light of that scope, and for de-identified data, whether there are unacceptable risks that the data will be reidentified in a manner that is harmful to any data subjects. Prioritizing these questions rests on a picture of the ethics of data use as primarily about respecting the choices of the data subject. We contend that this picture is mistaken; data repurposing, especially when data sets are combined, raises novel questions about the impacts of research on groups and their implications for individuals regarded as falling within these groups. These impacts suggest that the controversies about de-identification or reconsent for reuse are to some extent beside the point. Serious ethical questions are also raised by the inferences that may be drawn about individuals from the research and resulting risks of stigmatization. These risks may arise even when individuals were not part of the original data set being repurposed. Data reuse, repurposing, and recombination may have damaging effects on others not included within the original data sets. These issues of justice for individuals who might be regarded as indirect subjects of research are not even raised by approaches that consider only the implications for or agreement of the original data subject. This chapter argues that health information should be available for reuse, information should be available for use, but in a way that does not yield unexpected surprises, produce direct harm to individuals, or violate warranted trust.

The purpose of this paper is to engage with challenges the authors encountered in duoethnographic inquiry, including questions about what it means to tell the truth, and the decisions the authors made about what stories to include and exclude. The focus is on the ethical challenges involved in duoethnography and the ways in which the authors chose, and or felt compelled to, overcome them. The authors provide an argument for the need of intimate, eclectic and open-ended inquiry-based research that poses questions, challenges dominant discourses and promotes a compositional methodology in which to explore lived the experience of participants.

The authors’ own duoethnographic process, embedded in an anthropological hermeneutics (Ricoeur, 1991), within a mode of narrative inquiry, developed over a period of three to four months. The authors had a number of formal and informal conversations – some recorded and transcribed, others remembered and reflected on later in e-mails or in draft academic papers. The authors shared articles, e-mailed, conversed with family and examined photos. Reflecting on some of these conversations, the authors were sometimes uncomfortable with the way the stories they shared had the potential to expose aspects of themselves and those the authors are close to. The authors developed fictionalising techniques and poetry in order to tell these stories.

Duoethnography engages with method that reveals truth as layered, contradictory and necessarily intersubjective. It is this tentative and contingent nature of truth that augers for a hyper-consciousness of the relationship between transgression and transformation. Using fictional ways of knowing: poetry, scripting and metaphor; and the usual technologies of research: anonymisation, de-identification; and drawing on notions of redaction and under erasure the authors found safe ways to represent particularly challenging issues. The process involved intimate revealing – small stories that the authors shared here to argue for the importance of the affective in transformative educational research.

The authors continue to work in uncomfortable places and suggest that ethics often involves irreconcilable and incommensurate discourses which cannot always be accounted for in normalised codes of ethics. The authors argue that this tension provides an important on-going ethical encounter where, as researchers, the authors continue to generate and implement creative and innovative methodologies.

Throughout the paper the authors have suggested ways to challenge the linear, logical and the predictable as the authors wrestled with how personal narratives may reveal personal truth and transformation that may open ways for larger transformative actions.

The purpose of this study is to understand more of online anonymity in the global file sharing community in the context of social norms and copyright law. The study describes the respondents in terms of use of VPN or similar service related to age, gender, geographical location, as well as analysing the correlation with file sharing frequencies.

This study is to a large extent descriptively collecting data through a web‐based survey. This was carried out in collaboration with the BitTorrent tracker The Pirate Bay (TPB), allowing the authors to link the survey from the main logo of their site. In 72 hours the authors received over 75,000 responses, which gives the opportunity to compare use of anonymity services with factors of age, geographical region, file sharing frequency, etc.

Overall, 17.8 per cent of the respondents use a VPN or similar service (free or paid). A core of high frequency uploaders is more inclined to use VPN or similar services than the average file sharer. Online anonymity practices in the file sharing community are depending on how legal and social norms correlate (more enforcement means more anonymity).

The web‐based survey was in English and mainly attracted visitors on The Pirate Bays' web page. This means that it is likely that those who do not have the language skills necessary were excluded from the survey.

This study adds to the knowledge of anonymity practices online in terms of traceability and identification. This means that it shows some of the conditions for legal enforcement in a digital environment.

This study adds to the knowledge of how the Internet is changing in terms of a polarization between stronger means of legally enforced identification and a growing awareness of how to be more untraceable.

The scale of the survey, with over 75,000 respondents from most parts of the world, has likely not been seen before on this topic. The descriptive study of anonymity practices in the global file sharing community is therefore likely unique.

This paper aims to reinforce the significance of visual ethnography as a tool for mental health promotion.

Visual ethnography has become an established methodology particularly in qualitative studies, to understand specific themes within participants’ everyday realities. Beyond providing a visual element, such methods allow for meaningful and nuanced explorations of sensitive themes, allowing richer sets of data to emerge rather than focussing on conversations alone. The participants in this study evaluated how far they had come by exploring complex circumstances using visual ethnographic means.

Research with single refugee women in Brisbane, Australia, demonstrates how discussing photographs and creating digital movies yielded a sense of achievement, pride and accomplishment, health and wellbeing, and ownership for some women, while for others it was a burden.

Studies with single refugee women have been scarce with limited use of visual ethnographic methods. Visual ethnography is particularly suited to understanding refugee narratives, as complex experiences are not always conveyed through textual representations alone.

The purpose of this paper is to explore the impact of three components of the psychological contract (i.e. obligations, fulfillment and breach) and the individual characteristic negative affectivity (NA) onto three key outcomes, namely, job satisfaction, organizational identification and psychological distress.

Questionnaires were completed by 222 Australian nurses and midwives from a medium-sized metropolitan Australian hospital. The response rate for the study was 39 percent.

Structural equation modeling revealed that perceptions of psychological contract fulfillment were positively linked to organizational identification and job satisfaction, while psychological contract breach was negatively linked to these outcomes. NA was negatively linked to job satisfaction and positively linked to psychological distress. Psychological contract obligations were not associated with any of the employee outcomes.

Psychological contract fulfillment is an important driver of employee satisfaction and organizational identification and the findings highlight the importance of including NA in psychological contract research. The occupation and context, being in-demand employees, appeared to neutralize the impact of one dimension of the psychological contract, employer promises and obligations.

Explicitly managing employees’ psychological contracts by focussing on fulfilling realistic promises will enable managers to improve employee outcomes and facilitate employees embracing their organization.

This study is one of the first to explore all three components of the psychological contract. These results may assist in the development of strategies to retain in-demand employees such as nurses, particularly highlighting the need to make and fulfill realistic promises.

This paper aims to design a secure and seamless system that ensures quick sharing of health-care data to improve the privacy of sensitive health-care data, the efficiency of health-care infrastructure, effective treatment given to patients and encourage the development of new health-care technologies by researchers. These objectives are achieved through the proposed system, a “privacy-aware data tagging system using role-based access control for health-care data.”

Health-care data must be stored and shared in such a manner that the privacy of the patient is maintained. The method proposed, uses data tags to classify health-care data into various color codes which signify the sensitivity of data. It makes use of the ARX tool to anonymize raw health-care data and uses role-based access control as a means of ensuring only authenticated persons can access the data.

The system integrates the tagging and anonymizing of health-care data coupled with robust access control policies into one architecture. The paper discusses the proposed architecture, describes the algorithm used to tag health-care data, analyzes the metrics of the anonymized data against various attacks and devises a mathematical model for role-based access control.

The paper integrates three disparate topics – data tagging, anonymization and role-based access policies into one seamless architecture. Codifying health-care data into different tags based on International Classification of Diseases 10th Revision (ICD-10) codes and applying varying levels of anonymization for each data tag along with role-based access policies is unique to the system and also ensures the usability of data for research.