Search results

1 – 10 of over 9000
To view the access options for this content please click here
Article
Publication date: 18 May 2020

Eleni-Laskarina Makri, Zafeiroula Georgiopoulou and Costas Lambrinoudakis

This study aims to assist organizations to protect the privacy of their users and the security of the data that they store and process. Users may be the customers of the…

Abstract

Purpose

This study aims to assist organizations to protect the privacy of their users and the security of the data that they store and process. Users may be the customers of the organization (people using the offered services) or the employees (users who operate the systems of the organization). To be more specific, this paper proposes a privacy impact assessment (PIA) method that explicitly takes into account the organizational characteristics and employs a list of well-defined metrics as input, demonstrating its applicability to two hospital information systems with different characteristics.

Design/methodology/approach

This paper presents a PIA method that employs metrics and takes into account the peculiarities and other characteristics of the organization. The applicability of the method has been demonstrated on two Hospital Information Systems with different characteristics. The aim is to assist the organizations to estimate the criticality of potential privacy breaches and, thus, to select the appropriate security measures for the protection of the data that they collect, process and store.

Findings

The results of the proposed PIA method highlight the criticality of each privacy principle for every data set maintained by the organization. The method employed for the calculation of the criticality level, takes into account the consequences that the organization may experience in case of a security or privacy violation incident on a specific data set, the weighting of each privacy principle and the unique characteristics of each organization. So, the results of the proposed PIA method offer a strong indication of the security measures and privacy enforcement mechanisms that the organization should adopt to effectively protect its data.

Originality/value

The novelty of the method is that it handles security and privacy requirements simultaneously, as it uses the results of risk analysis together with those of a PIA. A further novelty of the method is that it introduces metrics for the quantification of the requirements and also that it takes into account the specific characteristics of the organization.

Details

Information & Computer Security, vol. 28 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 11 July 2016

Matthew D Dean, Dinah M Payne and Brett J.L. Landry

The purpose of this paper is to advocate for and provide guidance for the development of a code of ethical conduct surrounding online privacy policies, including those…

Downloads
4857

Abstract

Purpose

The purpose of this paper is to advocate for and provide guidance for the development of a code of ethical conduct surrounding online privacy policies, including those concerning data mining. The hope is that this research generates thoughtful discussion on the issue of how to make data mining more effective for the business stakeholder while at the same time making it a process done in an ethical way that remains effective for the consumer. The recognition of the privacy rights of data mining subjects is paramount within this discussion.

Design/methodology/approach

The authors derive foundational principles for ethical data mining. First, philosophical literature on moral principles is used as the theoretical foundation. Then, using existing frameworks, including legislation and regulations from a range of jurisdictions, a compilation of foundational principles was derived. This compilation was then evaluated and honed through the integration of stakeholder perspective and the assimilation of moral and philosophical precepts. Evaluating a sample of privacy policies hints that current practice does not meet the proposed principles, indicating a need for changes in the way data mining is performed.

Findings

A comprehensive framework for the development a contemporary code of conduct and proposed ethical practices for online data mining was constructed.

Research limitations/implications

This paper provides a configuration upon which a code of ethical conduct for performing data mining, tailored to meet the particular needs of any organization, can be designed.

Practical implications

The implications of data mining, and a code of ethical conduct regulating it, are far-reaching. Implementation of such principles serve to improve consumer and stakeholder confidence, ensure the enduring compliance of data providers and the integrity of its collectors, and foster confidence in the security of data mining.

Originality/value

Existing legal mandates alone are insufficient to properly regulate data mining, therefore supplemental reference to ethical considerations and stakeholder interest is required. The adoption of a functional code of general application is essential to address the increasing proliferation of apprehension regarding online privacy.

Details

Journal of Enterprise Information Management, vol. 29 no. 4
Type: Research Article
ISSN: 1741-0398

Keywords

To view the access options for this content please click here
Article
Publication date: 8 October 2018

Majed Alshammari and Andrew Simpson

Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software…

Abstract

Purpose

Concerns over data-processing activities that may lead to privacy violations or harms have motivated the development of legal frameworks and standards. Further, software engineers are increasingly expected to develop and maintain privacy-aware systems that both comply with such frameworks and standards and meet reasonable expectations of privacy. This paper aims to facilitate reasoning about privacy compliance, from legal frameworks and standards, with a view to providing necessary technical assurances.

Design/methodology/approach

The authors show how the standard extension mechanisms of the UML meta-model might be used to specify and represent data-processing activities in a way that is amenable to privacy compliance checking and assurance.

Findings

The authors demonstrate the usefulness and applicability of the extension mechanisms in specifying key aspects of privacy principles as assumptions and requirements, as well as in providing criteria for the evaluation of these aspects to assess whether the model meets these requirements.

Originality/value

First, the authors show how key aspects of abstract privacy principles can be modelled using stereotypes and tagged values as privacy assumptions and requirements. Second, the authors show how compliance with these principles can be assured via constraints that establish rules for the evaluation of these requirements.

Details

Information & Computer Security, vol. 26 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

To view the access options for this content please click here
Article
Publication date: 17 April 2009

Tony Hooper and Marta Vos

The purpose of this paper is to examine the extent to which New Zealand business web sites conform to the provisions of the New Zealand Privacy Act, 1993 as an…

Downloads
1366

Abstract

Purpose

The purpose of this paper is to examine the extent to which New Zealand business web sites conform to the provisions of the New Zealand Privacy Act, 1993 as an articulation of the national values on the rights of individuals to information privacy. The secondary aim is to assess whether adherence to these values might be used as criteria that can reflect on the business integrity of the web site sponsor.

Design/methodology/approach

The privacy notices and information‐handling practices of New Zealand business web sites were analysed using a content analysis methodology. The analysis was carried out on a sample of 200 companies, selected at random from a published list of the top 800 companies in New Zealand in 2005. Government web sites were excluded.

Findings

The first research hypothesis – that New Zealand business web sites demonstrate awareness of the privacy concerns of customers by posting a privacy notice – was not supported. Similarly, the privacy notices on New Zealand business web sites did not reflect the principles of the New Zealand Privacy Act, 1993 as a basis for establishing “value congruence” with customers. Consequently the use of the principles of the Privacy Act to assess business integrity was not demonstrated sufficiently by the investigation.

Practical implications

The lack of a usable convention for evaluating privacy notices on New Zealand business web sites may lead to a loss of value congruence between businesses and their customers, leading to less‐than‐optimal commercial transactions. The principles of the New Zealand Privacy Act 1993 define the national values and privacy rights of online customers. The use of the Privacy Act to assess the information handling practices of New Zealand businesses online could ensure more ethical business practice, demonstrate business integrity and promote customer confidence.

Originality/value

The use of legislated privacy principles as a reflection of established national values on the rights of citizens could provide a useful measure of value congruence and possibly business integrity. The variety of privacy legislation worldwide reflects a global lack of agreement on acceptable principles. Nevertheless, businesses wishing to establish their integrity and value congruence would be advised to ensure that their web sites provide for the growing sensitivity to privacy issues and the way that personal information is gathered and used online.

Details

Online Information Review, vol. 33 no. 2
Type: Research Article
ISSN: 1468-4527

Keywords

To view the access options for this content please click here
Article
Publication date: 3 April 2009

Maria Karyda, Stefanos Gritzalis, Jong Hyuk Park and Spyros Kokolakis

This paper aims to contribute to the ongoing discourse about the nature of privacy and its role in ubiquitous environments and provide insights for future research.

Downloads
1303

Abstract

Purpose

This paper aims to contribute to the ongoing discourse about the nature of privacy and its role in ubiquitous environments and provide insights for future research.

Design/methodology/approach

The paper analyses the privacy implications of particular characteristics of ubiquitous applications and discusses the fundamental principles and information practices used in digital environments for protecting individuals' private data.

Findings

A significant trend towards shifting privacy protection responsibility from government to the individuals is identified. Also, specific directions for future research are provided with a focus on interdisciplinary research.

Research limitations/implications

This paper identifies key research issues and provides directions for future research.

Originality/value

This study contributes by identifying major challenges that should be addressed, so that a set of “fair information principles” can be applied in the context of ubiquitous environments. It also discusses the limitations of these principles and provides recommendations for future research.

Details

Internet Research, vol. 19 no. 2
Type: Research Article
ISSN: 1066-2243

Keywords

Content available
Article
Publication date: 27 April 2020

Kaisa Laitinen and Anu Sivunen

The purpose of this study is to investigate the various enablers of and constraints on employees' information sharing on an enterprise social media platform. It draws on…

Downloads
2797

Abstract

Purpose

The purpose of this study is to investigate the various enablers of and constraints on employees' information sharing on an enterprise social media platform. It draws on two theoretical perspectives, communication privacy management theory and the technology affordance framework, as well as on empirical data in an attempt to paint a comprehensive picture of the factors shaping employees' decisions to share or not share information on enterprise social media.

Design/methodology/approach

This qualitative field study is based on semi-structured interviews and enterprise social media review data from a large Nordic media organization.

Findings

On an enterprise social media platform, privacy management principles shape employees' information-sharing decisions in relation to personal privacy boundaries, professional boundaries and assumed risks, online safety concerns and perceived audience. Additionally, the technological affordances of visibility, awareness, persistence and searchability shape employees' information sharing in varying and sometimes even contradictory ways. Finally, organizational factors, such as norms, tasks and media repertoires, are associated with employees' information-sharing decisions. Together, these three dimensions, personal, technological and organizational, form a model of the enablers of and constraints on employees' decisions to share information on enterprise social media.

Originality/value

This study extends the understanding of different factors shaping employees' decisions to share or not share information on enterprise social media. It extends the two applied theories by uniquely combining interpersonal privacy management principles with a technological affordance framework that focuses on the relationship between the user and the technology. This research also furthers the authors' knowledge of what privacy management principles mean in the organizational context. This study shows connections between the two theories and extends the understanding of technology affordances as not only action possibilities but also constraining factors. Additionally, by revealing what kinds of factors encourage and inhibit information sharing on enterprise social media, the results of this study support organizations in their efforts to manage information sharing on enterprise social media systems.

Details

Information Technology & People, vol. 34 no. 2
Type: Research Article
ISSN: 0959-3845

Keywords

To view the access options for this content please click here
Article
Publication date: 13 March 2020

R.I. Ferguson, Karen Renaud, Sara Wilford and Alastair Irons

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital…

Abstract

Purpose

Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction.

Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization's right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain.

This paper argues the need for a practical, ethically grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organizations, as well as acknowledging the needs of law enforcement. The paper derives a set of ethical guidelines, and then maps these onto a forensics investigation framework. The framework to expert review in two stages is subjected, refining the framework after each stage. The paper concludes by proposing the refined ethically grounded digital forensics investigation framework. The treatise is primarily UK based, but the concepts presented here have international relevance and applicability.

Design/methodology/approach

In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals' rights to privacy and organizations' rights to control intellectual capital disclosure.

Findings

The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically informed approach to digital forensics investigations, as a remedy, is highlighted and a framework proposed to provide this.

Research limitations/implications

The proposed ethically informed framework for guiding digital forensics investigations suggests a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.

Originality/value

Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other.

Details

Journal of Intellectual Capital, vol. 21 no. 2
Type: Research Article
ISSN: 1469-1930

Keywords

To view the access options for this content please click here
Article
Publication date: 24 April 2019

Alan Toy, David Lau, David Hay and Gehan Gunasekara

This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the…

Abstract

Purpose

This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the drivers of practices used by privacy auditors and to identify potential for improvements in the practice of privacy auditing so that privacy audits may better serve stakeholders.

Design/methodology/approach

Six semi-structured interviews with seven privacy auditors and regulators and an analyst across Australia, Canada, New Zealand and the USA are used as the basis for our analysis.

Findings

The study shows that some privacy auditors view privacy as an organizational issue, which means that all staff within an organization should understand the privacy issues that are relevant to the organization and to its customers. Because this practice goes beyond a mere compliance approach to privacy auditing, it indicates that there is a way to avoid the approach of merely applying standards from national data privacy laws which is an approach that has been subject to criticism because it is not applicable to the current situation of global applications and cross-border data. The interview themes demonstrate that privacy audits face significant challenges, such as the lack of a privacy auditing profession and the difficulty of raising the awareness of organizations and individuals regarding information privacy rights and duties.

Originality/value

Privacy auditing is mostly unexplored by academic research and little is known about the drivers behind the practice of privacy auditing. This study is the first to document the views of privacy auditors regarding the practices that they use. It also presents novel results regarding the drivers of the practice of privacy auditing and the interests of the beneficiaries of privacy audits. It builds on research that argues for the existence of best practices for privacy (Toy, 2013; Toy and Hay, 2015) and it extends this argument by providing reasons why privacy auditors may benefit from the use of best practices for privacy.

Details

Meditari Accountancy Research, vol. 27 no. 3
Type: Research Article
ISSN: 2049-372X

Keywords

To view the access options for this content please click here
Article
Publication date: 14 March 2016

Milica Milutinovic and Bart De Decker

The medical advances and historical fluctuations in the demographics are contributing to the rise of the average age. These changes are increasing the pressure to organize…

Abstract

Purpose

The medical advances and historical fluctuations in the demographics are contributing to the rise of the average age. These changes are increasing the pressure to organize adequate care to a growing number of individuals. As a way to provide efficient and cost-effective care, eHealth systems are gaining importance. However, this trend is creating new ethical concerns. Major issues are privacy and patients’ control over their data. To deploy these systems on a large scale, they need to offer strict privacy protection. Even though many research proposals focus on eHealth systems and related ethical requirements, there is an evident lack of practical solutions for protecting users’ personal information. The purpose of this study is to explore the ethical considerations related to these systems and extract the privacy requirements. This paper also aims to put forth a system design which ensures appropriate privacy protection.

Design/methodology/approach

This paper investigates the existing work in the area of eHealth systems and the related ethical considerations, which establish privacy as one of the main requirements. It lists the ethical requirements and data protection standards that a system needs to fulfil and uses them as a guideline for creating the proposed design.

Findings

Even though privacy is considered to be a paramount aspect of the eHealth systems, the existing proposals do not tackle this issue from the outset of the design. Consequently, introducing privacy at the final stages of the system deployment imposes significant limitations and the provided data protection is not always to the standards expected by the users.

Originality/value

This paper motivates the need for addressing ethical concerns in the eHealth domain with special focus on establishing strict privacy protection. It lists the privacy requirements and offers practical solutions for developing a privacy-friendly system and takes the approach of privacy-by-design. Additionally, the proposed design is evaluated against ethical principles as proposed in the existing literature. The aim is to show that technological advances can be used to improve quality and efficiency of care, while the usually raised concerns can be avoided.

Details

Journal of Information, Communication and Ethics in Society, vol. 14 no. 1
Type: Research Article
ISSN: 1477-996X

Keywords

To view the access options for this content please click here
Article
Publication date: 27 September 2011

Marc van Lieshout, Linda Kool, Bas van Schoonhoven and Marjan de Jonge

The purpose of this paper is to develop/elaborate the concept Privacy by Design (PbD) and to explore the validity of the PbD framework.

Downloads
1875

Abstract

Purpose

The purpose of this paper is to develop/elaborate the concept Privacy by Design (PbD) and to explore the validity of the PbD framework.

Design/methodology/approach

Attention for alternative concepts, such as PbD, which might offer surplus value in safeguarding privacy, is growing. Using PbD to design for privacy in ICT systems is still rather underexplored and requires substantial conceptual and empirical work to be done. The methodology includes conceptual analysis, empirical validation (focus groups and interviews) and technological testing (a technical demonstrator was build).

Findings

A holistic PbD approach can offer surplus value in better safeguarding of privacy without losing functional requirements. However, the implementation is not easily realised and confronted with several difficulties such as: potential lack of economic incentives, legacy systems, lack of adoption of trust of end‐users and consumers in PbD.

Originality/value

The article brings together/incorporates several contemporary insights on privacy protection and privacy by design and develops/presents a holistic framework for Privacy by Design framework consisting of five building blocks.

1 – 10 of over 9000