Search results

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

This paper aims to increase understanding of pertinent exogenous and endogenous antecedents that can reduce data privacy breaches.

A cross-sectional survey was used to source participants' perceptions of relevant exogenous and endogenous antecedents developed from the Antecedents-Privacy Concerns-Outcomes (APCO) model and Social Cognitive Theory. A research model was proposed and tested with empirical data collected from 213 participants based in Canada.

The exogenous factors of external privacy training and external privacy self-assessment tool significantly and positively impact the study's endogenous factors of individual privacy awareness, organizational resources allocated to privacy concerns, and group behavior concerning privacy laws. Further, the proximal determinants of data privacy breaches (dependent construct) are negatively influenced by individual privacy awareness, group behavior related to privacy laws, and organizational resources allocated to privacy concerns. The endogenous factors fully mediated the relationships between the exogenous factors and the dependent construct.

This study contributes to the budding data privacy breach literature by highlighting the impacts of personal and environmental factors in the discourse.

The results offer management insights on mitigating data privacy breach incidents arising from employees' actions. Roles of external privacy training and privacy self-assessment tools are signified.

Antecedents of data privacy breaches have been underexplored. This paper is among the first to elucidate the roles of select exogenous and endogenous antecedents encompassing personal and environmental imperatives on data privacy breaches.

Personal data is a powerful tool. The more someone know about us, the more power they got over us. But who will control the most of our personal data? Does the government and the big tech really care about our personal data? This paper aims to look at data practices, data-related policy making as well as its economic consequences in the context of emerging economies.

Using qualitative methods such as literature review and analysis of numerous government documents, this paper inquires into the dynamics in the use of data by the business sectors, explains how data governance can add value to the business sectors while ensuring customers’ data privacy protection based on the data governance mechanism framework and details what it takes.

Using the case of Indonesian recent development on data privacy regulation, this paper describes the problems and threats to personal data protection. The advent of latest computing and mobile technology is shifting power relations between the governments, the big tech, as well as the end users. To conclude, the strategy and policy recommendations for implementing data privacy protection are also presented.

This paper provides a timely synthesis of data practices in the context of developing countries, particularly in relation to policy making and economic consequences. This paper also identifies and shares several promising future research ideas.

The purpose of this study is to examine the mutual relationship between information literacy and information rights, focusing on how people with high information literacy recognize and use information rights.

This study explores how individuals with information literacy understand and use information rights. This research uses a dual approach. Quantitative surveys, involving 217 Master's and PhD students, delve into the dimensions of information rights. Rigorous stratified sampling ensures diversity. A comprehensive questionnaire, exhibiting high reliability and validity, is administered before and after a two-month online information literacy course. The t-test statistical tests analyze the quantitative data. For deeper insights, qualitative open-answer questionnaires with 50 top-performing participants uncover experiences and perceptions. A two-stage coding process is applied to identify themes.

Major findings showcase the nuanced understanding of information rights shaped by education, experiences and strategic use. Recommendations include emphasizing online privacy education and active roles for information-literate individuals in policy advocacy.

This study contributes to the understanding of information rights, providing a foundation for informed policy and education.

Data protection is a significant area of law in a country like India, which is digitalising at a fast rate. Recently, India passed comprehensive data protection legislation after discussing several draft data protection frameworks. This paper aims to analyse the provisions of India’s first comprehensive data protection legislation, the Digital Personal Data Protection Act (DPDPA), 2023.

The paper aims to analyse how the DPDPA’s provisions should be interpreted. The methodology involves studying the act’s provisions, identifying shortcomings and suggesting ways of addressing the shortcomings through legal interpretation. The paper interprets DPDPA provisions through a comparative analysis with the proposed American Privacy Rights Act 2024 and EU General Data Protection Regulation. The methodology can be broadly classified as doctrinal and comparative legal research.

The paper makes several recommendations for interpreting the provisions of the DPDPA, which are discussed throughout the paper and summarised in the way forward section.

The analysis of this paper is limited to present-day data protection concerns. In the future, research can assess how the DPDPA can be interpreted to solve the challenges presented by societal and technological progress.

The originality and contribution of the paper are analysis and interpretation of the provisions of the DPDPA that will provide data principals with strong control over personal data and ensure stringent data protection obligations on data fiduciaries.

Data breaches in the US healthcare sector have more than tripled in the last decade across all states. However, to this day, no established framework ranks all states from most to least at risk for healthcare data breaches. This gap has led to a lack of proper risk identification and understanding of cyber environments at state levels.

Based on the security action cycle, the National Institute of Standards and Technology (NIST) cybersecurity framework, the risk-planning model, and the multicriteria decision-making (MCDM) literature, the paper offers an integrated multicriteria framework for prioritization in cybersecurity to address this lack and other prioritization issues in risk management in the field. The study used historical breach data between 2015 and 2021.

The findings showed that California, Texas, New York, Florida, Indiana, Pennsylvania, Massachusetts, Minnesota, Ohio, and Georgia are the states most at risk for healthcare data breaches.

The findings highlight each US state faces a different level of healthcare risk. The findings are informative for patients, crucial for privacy officers in understanding the nuances of their risk environment, and important for policy-makers who must grasp the grave disconnect between existing issues and legislative practices. Furthermore, the study suggests an association between positioning state risk and such factors as population and wealth, both avenues for future research.

Theoretically, the paper offers an integrated framework, whose basis in established security models in both academia and industry practice enables utilizing it in various prioritization scenarios in the field of cybersecurity. It further emphasizes the importance of risk identification and brings attention to different healthcare cybersecurity environments among the different US states.

It has become increasingly clear that the objectives of privacy and competition policy are in conflict with one another with regard to platform data. While privacy policies aim at limiting the use of platform data for purposes other than those for which the data were collected in order to protect the privacy of platform users, competition policy aims at making such data widely available in order to curb the power of platforms.

We draw on Commons' Institutional Economics to contrast the current control-based approaches to ensuring the protection as well as the sharing of platform data with an ownership approach. We also propose the novel category of platform use data and contrast this with the dichotomy of personal/non-personal data which underlies current regulatory initiatives.

We find that current control- and ownership-based approaches are ineffective with regard to their capacity to balance these conflicting objectives and propose an alternative approach which makes platform data saleable. We discuss this approach in view of its capacity to balance the conflicting objectives of privacy and competition policy and its effectiveness in supporting each separately.

Our approach clarifies the fundamental difference between data markets and other concepts such as data exchanges.

This paper aims to propose a solution for dissolving the “privacy paradox” in social networks, and explore the feasibility of adopting a synergistic mechanism of “deep-learning algorithms” and “differential privacy algorithms” to dissolve this issue.

To validate our viewpoint, this study constructs a game model with two algorithms as the core strategies.

The “deep-learning algorithms” offer a “profit guarantee” to both network users and operators. On the other hand, the “differential privacy algorithms” provide a “security guarantee” to both network users and operators. By combining these two approaches, the synergistic mechanism achieves a balance between “privacy security” and “data value”.

The findings of this paper suggest that algorithm practitioners should accelerate the innovation of algorithmic mechanisms, network operators should take responsibility for users’ privacy protection, and users should develop a correct understanding of privacy. This will provide a feasible approach to achieve the balance between “privacy security” and “data value”.

These findings offer some insights into users’ privacy protection and personal data sharing.

This study aims to evaluate blockchain as an e-government governance model. It assesses its alignment with legal frameworks, emphasizing robustness against disruptions and adherence to existing laws.

The paper explores blockchain’s potential in e-government, focusing on legal, ethical and governance aspects. It conducts an in-depth analysis of blockchain’s integration into data governance, emphasizing legal compliance and resilient security protocols.

The study comprehensively evaluates blockchain’s implementation, covering privacy, interoperability, consensus mechanisms, scalability and regulatory alignment. It highlights governance’s critical role in ensuring legal compliance within blockchain paradigms.

Ethical and legal concerns arising from blockchain adoption remain unresolved. The study underscores how blockchain challenges its core principles of anonymity and decentralization in e-government settings.

The framework outlined offers potential for diverse technological environments, albeit raising ethical and legal queries. It emphasizes governance’s pivotal role in achieving legal compliance in blockchain adoption.

Blockchain’s impact on legal and ethical facets necessitates further exploration to align with its core principles while addressing governance in e-government settings.

This study presents a robust framework for assessing blockchain’s viability in e-government, emphasizing legal compliance, despite ethical and legal intricacies that challenge its fundamental principles.

While research on privacy concerns is rich in understanding and depth, there is still not a clear understanding of why people express having privacy concerns, but do not behave consistently with their concern. We propose that this misalignment derives from a diverse set of privacy boundaries, depending on the user. This research builds on prior Communication Privacy Management Theory research to further define individual privacy boundaries. Beyond that, we evaluate the relationship between the privacy boundaries people set, and their ability to protect themselves.

A survey was conducted to assess how private individuals find twenty items. Along with measuring the sensitivity of information, we collected responses on the Online Privacy Information Literacy test to measure differences in sensitivity based on privacy knowledge. 285 participant’s responses were evaluated using exploratory factor analysis and K-means clustering.

We identify five different groups of privacy indicators. Our findings also suggest that users have limited understanding of how to keep data private, even if they have high privacy concerns.

We contribute to theory by offering guidance on how to better apply theoretical understanding, based on our results. More explicitly, we offer analysis that suggests boundary conditions might be absent from current theoretical understanding. Practically, we offer guidance for understanding privacy differences, which is important to understanding how to implement privacy protection laws.