Search results

1 – 10 of over 18000
To view the access options for this content please click here
Article
Publication date: 20 March 2017

Mortaza S. Bargh, Sunil Choenni and Ronald Meijer

Information dissemination has become a means of transparency for governments to enable the visions of e-government and smart government, and eventually gain, among others…

Abstract

Purpose

Information dissemination has become a means of transparency for governments to enable the visions of e-government and smart government, and eventually gain, among others, the trust of various stakeholders such as citizens and enterprises. Information dissemination, on the other hand, may increase the chance of privacy breaches, which can undermine those stakeholders’ trust and thus the objectives of transparency. Moreover, fear of potential privacy breaches compels information disseminators to share minimum or no information. The purpose of this study is to address these contending issues of information disseminations, i.e. privacy versus transparency, when disseminating judicial information to gain (public) trust. Specifically, the main research questions are: What is the nature of the aforementioned “privacy–transparency” problem and how can we approach and address this class of problems?

Design/methodology/approach

To address these questions, the authors have carried out an explorative case study by reconsidering and analyzing a number of information dissemination cases within their research center for the past 10 years, reflecting upon the whole design research process, consulting peers through publishing a preliminary version of this contribution and embedding the work in an in-depth literature study on research methodologies, wicked problems and e-government topics.

Findings

The authors show that preserving privacy while disseminating information for transparency purposes is a typical wicked problem, propose an innovative designerly model called transitional action design research (TADR) to address the class of such wicked problems and describe three artifacts which are designed, intervened and evaluated according to the TADR model in a judicial research organization.

Originality/value

Classifying the privacy transparency problem in the judicial settings as wicked is new, the proposed designerly model is innovative and the realized artifacts are deployed and still operational in a real setting.

Details

Transforming Government: People, Process and Policy, vol. 11 no. 1
Type: Research Article
ISSN: 1750-6166

Keywords

To view the access options for this content please click here
Article
Publication date: 27 September 2011

Marc van Lieshout, Linda Kool, Bas van Schoonhoven and Marjan de Jonge

The purpose of this paper is to develop/elaborate the concept Privacy by Design (PbD) and to explore the validity of the PbD framework.

Downloads
1875

Abstract

Purpose

The purpose of this paper is to develop/elaborate the concept Privacy by Design (PbD) and to explore the validity of the PbD framework.

Design/methodology/approach

Attention for alternative concepts, such as PbD, which might offer surplus value in safeguarding privacy, is growing. Using PbD to design for privacy in ICT systems is still rather underexplored and requires substantial conceptual and empirical work to be done. The methodology includes conceptual analysis, empirical validation (focus groups and interviews) and technological testing (a technical demonstrator was build).

Findings

A holistic PbD approach can offer surplus value in better safeguarding of privacy without losing functional requirements. However, the implementation is not easily realised and confronted with several difficulties such as: potential lack of economic incentives, legacy systems, lack of adoption of trust of end‐users and consumers in PbD.

Originality/value

The article brings together/incorporates several contemporary insights on privacy protection and privacy by design and develops/presents a holistic framework for Privacy by Design framework consisting of five building blocks.

To view the access options for this content please click here
Article
Publication date: 14 March 2016

Milica Milutinovic and Bart De Decker

The medical advances and historical fluctuations in the demographics are contributing to the rise of the average age. These changes are increasing the pressure to organize…

Abstract

Purpose

The medical advances and historical fluctuations in the demographics are contributing to the rise of the average age. These changes are increasing the pressure to organize adequate care to a growing number of individuals. As a way to provide efficient and cost-effective care, eHealth systems are gaining importance. However, this trend is creating new ethical concerns. Major issues are privacy and patients’ control over their data. To deploy these systems on a large scale, they need to offer strict privacy protection. Even though many research proposals focus on eHealth systems and related ethical requirements, there is an evident lack of practical solutions for protecting users’ personal information. The purpose of this study is to explore the ethical considerations related to these systems and extract the privacy requirements. This paper also aims to put forth a system design which ensures appropriate privacy protection.

Design/methodology/approach

This paper investigates the existing work in the area of eHealth systems and the related ethical considerations, which establish privacy as one of the main requirements. It lists the ethical requirements and data protection standards that a system needs to fulfil and uses them as a guideline for creating the proposed design.

Findings

Even though privacy is considered to be a paramount aspect of the eHealth systems, the existing proposals do not tackle this issue from the outset of the design. Consequently, introducing privacy at the final stages of the system deployment imposes significant limitations and the provided data protection is not always to the standards expected by the users.

Originality/value

This paper motivates the need for addressing ethical concerns in the eHealth domain with special focus on establishing strict privacy protection. It lists the privacy requirements and offers practical solutions for developing a privacy-friendly system and takes the approach of privacy-by-design. Additionally, the proposed design is evaluated against ethical principles as proposed in the existing literature. The aim is to show that technological advances can be used to improve quality and efficiency of care, while the usually raised concerns can be avoided.

Details

Journal of Information, Communication and Ethics in Society, vol. 14 no. 1
Type: Research Article
ISSN: 1477-996X

Keywords

To view the access options for this content please click here
Article
Publication date: 26 November 2020

Muhammad Al-Abdullah, Izzat Alsmadi, Ruwaida AlAbdullah and Bernie Farkas

The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository…

Abstract

Purpose

The paper posits that a solution for businesses to use privacy-friendly data repositories for its customers’ data is to change from the traditional centralized repository to a trusted, decentralized data repository. Blockchain is a technology that provides such a data repository. However, the European Union’s General Data Protection Regulation (GDPR) assumed a centralized data repository, and it is commonly argued that blockchain technology is not usable. This paper aims to posit a framework for adopting a blockchain that follows the GDPR.

Design/methodology/approach

The paper uses the Levy and Ellis’ narrative review of literature methodology, which is based on constructivist theory posited by Lincoln and Guba. Using five information systems and computer science databases, the researchers searched for studies using the keywords GDPR and blockchain, using a forward and backward search technique. The search identified a corpus of 416 candidate studies, from which the researchers applied pre-established criteria to select 39 studies. The researchers mined this corpus for concepts, which they clustered into themes. Using the accepted computer science practice of privacy by design, the researchers combined the clustered themes into the paper’s posited framework.

Findings

The paper posits a framework that provides architectural tactics for designing a blockchain that follows GDPR to enhance privacy. The framework explicitly addresses the challenges of GDPR compliance using the unimagined decentralized storage of personal data. The framework addresses the blockchain–GDPR tension by establishing trust between a business and its customers vis-à-vis storing customers’ data. The trust is established through blockchain’s capability of providing the customer with private keys and control over their data, e.g. processing and access.

Research limitations/implications

The paper provides a framework that demonstrates that blockchain technology can be designed for use in GDPR compliant solutions. In using the framework, a blockchain-based solution provides the ability to audit and monitor privacy measures, demonstrates a legal justification for processing activities, incorporates a data privacy policy, provides a map for data processing and ensures security and privacy awareness among all actors. The research is limited to a focus on blockchain–GDPR compliance; however, future research is needed to investigate the use of the framework in specific domains.

Practical implications

The paper posits a framework that identifies the strategies and tactics necessary for GDPR compliance. Practitioners need to compliment the framework with rigorous privacy risk management, i.e. conducting a privacy risk analysis, identifying strategies and tactics to address such risks and preparing a privacy impact assessment that enhances accountability and transparency of a blockchain.

Originality/value

With the increasingly strategic use of data by businesses and the contravening growth of data privacy regulation, alternative technologies could provide businesses with a means to nurture trust with its customers regarding collected data. However, it is commonly assumed that the decentralized approach of blockchain technology cannot be applied to this business need. This paper posits a framework that enables a blockchain to be designed that follows the GDPR; thereby, providing an alternative for businesses to collect customers’ data while ensuring the customers’ trust.

Details

Digital Policy, Regulation and Governance, vol. 22 no. 5/6
Type: Research Article
ISSN: 2398-5038

Keywords

To view the access options for this content please click here
Article
Publication date: 14 October 2013

Ibraheem Mubarak Alharbi, Suzanne Zyngier and Christopher Hodkinson

The purpose of this paper is to gain a deeper understanding of customers’ perceived privacy and security (CPPS) by investigating privacy concerns, data security, and…

Downloads
3477

Abstract

Purpose

The purpose of this paper is to gain a deeper understanding of customers’ perceived privacy and security (CPPS) by investigating privacy concerns, data security, and exploring the factors that elevate or minimise these concerns in relation to organisations’ practices.

Design/methodology/approach

The research study utilises an explanatory research design. Data were collected from six organisations from different industry sectors through in-depth interviews with managers and from customers’ through four focus groups of a high-user demographic segment.

Findings

The paper identified Privacy by Design (PbD) in the area of organisations’ practices as well as identifying the main areas of CPPS. These themes were used as the basis for an analysis of customer concerns instrumental to the success of e-commerce.

Practical implications

The findings will inform the development of a general conceptual model. This will provide a better understanding of CPPS in general and in relation to the success of e-commerce web sites and transactional sites in particular.

Originality/value

The value and the originality of the paper comes from the adoption of the “PbD” paradigm. Organisations have to explore the factors that elevate or minimise customers’ concerns in relation to adopting and continuing to use online transactions. It is necessary for organisations to do this because when privacy and security practices are clearly disclosed, customers increase their intention to use, or continue to use online transactions.

Details

Journal of Enterprise Information Management, vol. 26 no. 6
Type: Research Article
ISSN: 1741-0398

Keywords

To view the access options for this content please click here
Article
Publication date: 28 August 2019

Vasiliki Diamantopoulou and Haralambos Mouratidis

The enforcement of the General Data Protection Regulation imposes specific privacy- and -security related requirements that any organisation that processes European Union…

Abstract

Purpose

The enforcement of the General Data Protection Regulation imposes specific privacy- and -security related requirements that any organisation that processes European Union citizens’ personal data must comply with. The application of privacy- and security-by-design principles are assisting organisation in achieving compliance with the Regulation. The purpose of this study is to assist data controllers in their effort to achieve compliance with the new Regulation, by proposing the adoption of the privacy level agreement (PLA). A PLA is considered as a formal way for the data controllers and the data subjects to mutually agree the privacy settings of a service provisioned. A PLA supports privacy management, by analysing privacy threats, vulnerabilities and information systems’ trust relationships.

Design/methodology/approach

However, the concept of PLA has only been proposed on a theoretical level. To this aim, two different domains have been selected acting as real-life case studies, the public administration and the health care, where special categories of personal data are processed.

Findings

The results of the evaluation of the adoption of the PLA by the data controllers are positive. Furthermore, they indicate that the adoption of such an agreement facilitates data controllers in demonstrating transparency of their processes. Regarding data subjects, the evaluation process revealed that the use of the PLA increases trust levels on data controllers.

Originality/value

This paper proposes a novel reference architecture to enable PLA management in practice and reports on the application and evaluation of PLA management.

Details

Information & Computer Security, vol. 27 no. 5
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Book part
Publication date: 15 March 2021

Timo Jakobi, Max von Grafenstein and Thomas Schildhauer

In light of the data economy, data protection law is a key legal element for being able to leverage data-driven innovation and is often regarded as a limitation for…

Abstract

In light of the data economy, data protection law is a key legal element for being able to leverage data-driven innovation and is often regarded as a limitation for businesses and service design. Contrasting this traditional view, this chapter argues why designing with privacy in mind is a win-win situation, not only, but especially in the context of data-based services. On the backdrop of new regulations around the globe setting incentives, we show how research in the domain of usable privacy can be leveraged to embed innovative privacy features for customers into digital services as competitive advantage. Building upon these insights, we argue that a well-designed privacy and/or data protection process should be a key element for customer experience management.

Details

The Machine Age of Customer Insight
Type: Book
ISBN: 978-1-83909-697-6

Keywords

To view the access options for this content please click here
Article
Publication date: 6 July 2021

Yuanyuan Guo, Xin Wang and Chaoyou Wang

This study examines how the different dimensions of a privacy policy separately influence perceived effectiveness of privacy policy, as well as the mediating mechanisms…

Abstract

Purpose

This study examines how the different dimensions of a privacy policy separately influence perceived effectiveness of privacy policy, as well as the mediating mechanisms behind these effects (i.e. vulnerability, benevolence). In addition, this study considers privacy concern as a significant moderator in the research model, to examine if the relative influences of privacy policy content are contingent upon levels of users' privacy concern.

Design/methodology/approach

The survey experiment was conducted to empirically validate the model. Specifically, three survey experiments and six scenarios were designed to manipulate high and low levels of the three privacy policy dimensions (i.e. transparency, control and protection). The authors totally distributed 450 copies of the questionnaire, of which 407 were valid.

Findings

This paper found that (1) all the three privacy policy dimensions directly influence perceived effectiveness of privacy policy; (2) all the three privacy policy dimensions indirectly influence perceived effectiveness of privacy policy by enhancing perceived corporate benevolence, whereas control also affects perceived effectiveness of privacy policy by reducing perceived vulnerability; and (3) individuals with high-privacy concern are much more impacted by privacy policy contents than individuals with low-privacy concern.

Practical implications

The findings could provide website managers with guidelines on how to design privacy policy contents by reducing user perceptions of vulnerability and enhancing user perceptions of corporate benevolence. The managers need to focus on customers' perceived vulnerability and corporate benevolence when launching or updating privacy policies. Furthermore, the managers also need to attend to users' privacy concerns, especially for multinational companies or companies with specific consumer groups.

Originality/value

This study extends the current privacy policy literature by articulating the separate influences of the three privacy policy dimensions and their impact mechanisms on perceived effectiveness of privacy policy. It also uncovers privacy concerns as a boundary condition that influence the effects of privacy policy contents on users' privacy perceptions.

Details

Journal of Enterprise Information Management, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1741-0398

Keywords

To view the access options for this content please click here
Article
Publication date: 14 February 2019

David Lewis Coss and Gurpreet Dhillon

To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across…

Abstract

Purpose

To effectively develop privacy policies and practices for cloud computing, organizations need to define a set of guiding privacy objectives that can be applied across their organization. It is argued that it is important to understand individuals’ privacy values with respect to cloud computing to define cloud privacy objectives.

Design/methodology/approach

For the purpose of this study, the authors adopted Keeney’s (1994) value-focused thinking approach to identify privacy objectives with respect to cloud computing.

Findings

The results of this study identified the following six fundamental cloud privacy objectives: to increase trust with cloud provider, to maximize identity management controls, to maximize responsibility of information stewardship, to maximize individual’s understanding of cloud service functionality, to maximize protection of rights to privacy, and to maintain the integrity of data.

Research limitations/implications

One limitation is generalizability of the cloud privacy objectives, and the second is research bias. As this study focused on cloud privacy, the authors felt that the research participants’ increased knowledge of technology usage, including that of cloud technology, was a benefit that outweighed risks associated with not having a random selection of the general population. The newness and unique qualities of privacy issues in cloud computing are better fitted to a qualitative study where issues can emerge naturally through a holistic approach opposed to trying to force fit an existing set of variables or constructs into the context of privacy and cloud computing.

Practical implications

The findings of this research study can be used to assist management in the process of formulating a cloud privacy policy, develop cloud privacy evaluation criteria as well as assist auditors in developing their privacy audit work plans.

Originality/value

Currently, there is little to no guidance in the literature or in practice as to what organizations need to do to ensure they protect their stakeholders privacy in a cloud computing environment. This study works at closing this knowledge gap by identifying cloud privacy objectives.

Details

Information & Computer Security, vol. 27 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 9 May 2016

Amaya Noain-Sánchez

The purpose of this paper is to lay out an approach to addressing the problem of privacy protection in the global digital environment based on the importance that…

Downloads
1191

Abstract

Purpose

The purpose of this paper is to lay out an approach to addressing the problem of privacy protection in the global digital environment based on the importance that information has to improve users’ informational self-determination. Following this reasoning, this paper focuses on the suitable way to provide user with the correct amount of information they may need to maintain a desirable grade of autonomy as far as their privacy protection is concerned and decide whether or not to put their personal data on the internet.

Design/methodology/approach

The authors arrive at this point in their analysis by qualitative discourse analysis of the most relevant scientific papers and dossiers relating to privacy protection.

Findings

The goal of this paper is twofold. The first is to illustrate the importance of privacy by default and informed consent working together to protect information and communication technology (ICT) users’ privacy. The second goal is to develop a suitable way to administrate the mentioned “informed consent” to users.

Originality/value

To fulfil this purpose, the authors present a new concept of informed consent: active “informed consent” or “Opt-in” model by layers. “Opt-in” regimens have already been used with cookies but never with 2.0 applications, as, for instance, social network sites (SNS).

Details

Journal of Information, Communication and Ethics in Society, vol. 14 no. 2
Type: Research Article
ISSN: 1477-996X

Keywords

1 – 10 of over 18000