Search results

In the era of big data, people are more likely to pay attention to privacy protection with facing the risk of personal information leakage while enjoying the convenience brought by big data technology. Furthermore, people’s views on personal information leakage and privacy protection are varied, playing an important role in the legal process of personal information protection. Therefore, this paper aims to propose a semi-qualitative method based framework to reveal the subjective patterns about information leakage and privacy protection and further provide  practical implications for interested party.

Q method is a semi-qualitative methodology which is designed for identifying typologies of perspectives. In order to have a comprehensive understanding of users’ viewpoints, this study incorporates LDA & TextRank method and other information extraction technologies to capture the statements from large-scale literature, app reviews, typical cases and survey interviews, which could be regarded as the resource of the viewpoints.

By adopting the Q method that aims for studying subjective thought patterns to identify users’ potential views, the authors have identified three categories of stakeholders’ subjectivities: macro-policy sensitive, trade-offs and personal information sensitive, each of which perceives different risk and affordance of information leakage and importance and urgency of privacy protection. All of the subjectivities of the respondents reflect the awareness of the issue of information leakage, that is, the interested parties like social network sites are unable to protect their full personal information, while reflecting varied resistance and susceptibility of disclosing personal information for big data technology applications.

The findings of this study provide an overview of the subjective patterns on the information leakage issue. Being the first to incorporate the Q method to study the views of personal information leakage and privacy protection, the research not only broadens the application field of the Q method but also enriches the research methods for personal information protection. Besides, the proposed LDA & TextRank method in this paper alleviates the limitation of statements resource in the Q method.

This paper aims to develop a comprehensive concept map to guide adequate protection and effective management of personal information in the provision of networked services in China through comprehensively considering the multi-disciplinary perspective of personal information protection and management with respect to their multi-dimensional applications, multi-directional controls and multi-contextual analysis in today’s networked environments. There are different perspectives on what personal information protection and management is about, why and how personal information should be protected and managed in the literature. Little, however, is known about the relationships between these multiple perspectives and their implications to personal information protection and management in the real-world practice.

A multi-methods approach is adopted in the study, including a comprehensive review of the related literature, a content analysis of the relevant laws, polices, standards, a multi-cases study of the relevant network services providers and an online survey of the Chinese citizens who are the end-users of the networked services to adequately achieve the objective of this study. The concept map building technique is used as a tool for conducting the meta-synthesis of the findings from multiple data resources in the development of a comprehensive concept map for personal information protection and management.

This study rationalizes the importance of the identification of personal information for adequate protection and effective management. It identifies five perspectives on personal information protection and management, namely, law, economics, sociology, information technology and information resources management for their applications at the organizational level. Five types of personal information are identified in the study for protection and management, namely, identifiable personal information, personal identity information, personal moral right information, personal civil right and interest information and personal business and transaction information. An integrated approach consisting of risk control, security control and users control is proposed for personal information protection and management in the provision of networked services in China. The study shows that not enough attention has been paid to the personal information protection and management from multi-disciplinary perspectives with respect to their multi-dimensional applications, multi-directional controls and multi-contextual analysis in the literature. There is a lack of understanding of what, why and how personal information is protected and managed in real-world practices in China.

The investigation of the issues of personal information protection and management with respect to the relevant laws, polices, standards, networked services and organizations can lead to a better understanding of what, why and how personal information is protected and managed in real-world practices in China. The development of a comprehensive concept map for personal information protection and management can be used as an effective guideline for the formulation and implementation of appropriate strategies and policies in individual organizations for providing their stakeholders with quality-networked services in today’s highly connected network environment in China.

The paper is the first step of a comprehensive study on the protection and management of personal information for the provision of networked services in China. It provides a solid foundation for further research with respect to the personal information protection and management. It is the first of this kind of studies to answer the questions of what types of personal information needed to be protected, why and how they should be protected in conformity with laws, regulations, polices, standards and the needs of networked services and business activities of organizations.

The purpose of this paper is to reconsider the concept of the right to information privacy and to propose, from a Japanese perspective, a revised conception of this right that is suitable for the modern information society.

First, the concept of privacy and personal information protection in the information society is briefly explained. After that, confused situations in Japan caused by the enforcement of Act on the Protection of Personal Information are described followed by the analysis of the Japanese socio‐cultural circumstances surrounding privacy. Based on these, the effectiveness of the concept of the right to information privacy in the Japanese socio‐cultural and economic context is examined and the need to rethink the concept of the right to information privacy discussed. Finally, a revised conception of the right is proposed.

In view of the circumstances in Japan, the concept of the right to information privacy, defined as “an individual's right to control the circulation of information relating to him/herself”, as well as the Organisation for Economic Co‐operation and Development's eight principles already become outdated in today's sophisticated information‐communication society. There is a need to control/restrict use of personal information so that individuals' autonomy and freedom is ensured in the current situation and to revise the concept of the right to information privacy based on this idea.

This paper proposes a revision of the concept of the right to information privacy focused on control of, not access to, use of personal information. The revised concept is defined so that individuals' autonomy and freedom is ensured even in the “informational transparent” society.

This paper aims to assess the Protection of Personal Information Act (No. 4 of 2013) (POPIA) in South African (SA) universities sector with the objective to formulate code of conduct to improve compliance.

The case study approach was used in this study. Data were collected using interviews with the SA universities’ representatives during the POPIA consultative workshop.

The results showed that most of the participants were not aware of the POPIA, lack of collaboration between the legal practitioners, records managers and archivist. Internal control systems with Information Communication Technology (ICT) need to be in in place to provide information integrity and the value of international integrity with regard to the international students and staff.

This paper is based on the first phase of the national consultative workshop with 25 SA public universities held between January and November 2018. The findings of the study are transferable to other sectors like health and infrastructure.

The findings are expected to be instrumental to the formulation of universities’ code of conduct in line with POPIA.

The POPIA, if not properly implemented, can contribute to the violation of information integrity of the international students with regard to research and cultural exchange programme. Furthermore, it can affect SA trade relations with the European countries as it is a requirement for non- European countries to comply with the European Union General Data Protection Regulations (GDPR).

This study is useful to ensure consultation of the POPIA. Is also essential for the POPIA to be aligned with the international norms and standards such as GDPR.

The purpose of this paper is to analyse incidents of personal information leakage in Japan based on Japanese socio‐cultural characteristics of information privacy and to consider how best to develop an effective personal information protection policy that conforms to Japanese situations as well as to the global requirement of personal information protection.

After describing recent incidents of personal information leakage in Japan, the paper examines the defects of the Act on Protection of Personal Information (APPI) that permit these incidents to continue. Subsequently, these incidents and the responses of the Japanese people in a manner that reflects the unique Japanese socio‐cultural characteristics of information privacy are analysed. Finally, the paper proposes a revision of APPI that conforms to these Japanese socio‐cultural characteristics as well as to the global requirement for personal information protection.

Personal information leakage cases and social responses in Japan reflect three Japanese socio‐cultural characteristics: Uchi/Soto awareness, insular collectivism and Hon'ne/Tatemae tradition. An effective law protecting personal information in Japan's cultural environment cannot be made simply by copying the privacy protection laws in western nations. Instead, legal protection of personal information should be drafted that reflects and takes into account these socio‐cultural characteristics.

This paper conducts analysis of incidents of personal information leakage in Japan based on Japanese socio‐cultural characteristics. A revision of APPI is proposed on the basis of the analysis. The paper's analysis and proposal would provide a good clue to develop effective measures to protect personal information and the right to information privacy in the global, multicultural information society.

Given the unique cultural-political context of China, this paper aims to investigate two research questions: What has been the development trajectory of policy-making on consumer privacy protection in China, and what factors have shaped its development over the years?

This paper adopts a historical approach and examines the development of Chinese consumer privacy policy during four periods: 1980s, 1990s, 2000s and 2010-present.

Chinese policy-making on consumer privacy protection has made steady advancement in the past few decades due to factors such as technological development, elite advocacy and emulation of other markets; however, the effects of these factors are conditioned by local forces.

To date, most studies of consumer privacy issues have focused on Western countries, especially the European Union and the USA. A better understanding of how consumer privacy policy has developed in China provides important lessons on the promotion of consumer privacy protection in other developing countries.

This paper aims to investigate the cooperative governance mechanisms for personal information security, which can help enrich digital governance research and provide a reference for the formulation of protection policies for personal information security.

This paper constructs an evolutionary game model consisting of regulators, digital enterprises and consumers, which is combined with the simulation method to examine the influence of different factors on personal information protection and governance.

The results reveal seven stable equilibrium strategies for personal information security within the cooperative governance game system. The non-compliant processing of personal information by digital enterprises can damage the rights and interests of consumers. However, the combination of regulatory measures implemented by supervisory authorities and the rights protection measures enacted by consumers can effectively promote the self-regulation of digital enterprises. The reputation mechanism exerts a restricting effect on the opportunistic behaviour of the participants.

The authors focus on the regulation of digital enterprises and do not consider the involvement of malicious actors such as hackers, and the authors will continue to focus on the game when assessing the governance of malicious actors in subsequent research.

This study's results enhance digital governance research and offer a reference for developing policies that protect personal information security.

This paper builds an analytical framework for cooperative governance for personal information security, which helps to understand the decision-making behaviour and motivation of different subjects and to better address issues in the governance for personal information security.

The purpose of this study was to investigate the difference between South Africa (SA) and the United Kingdom (UK) in terms of data protection compliance with the aim to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in comparison with a country that is preparing for compliance.

An insurance industry multi-case study within the online insurance services environment was conducted. Personal information of four newly created consumer profiles was deposited to 10 random insurance organisation websites in each country to evaluate a number of data privacy requirements of the Data Protection Act and Protection of Personal Information Act.

The results demonstrate that not all the insurance organisations honored the selected opt-out preference for receiving direct marketing material. This was evident in direct marketing material that was sent from the insurance organisations in the sample to both the SA and UK consumer profiles who opted out for it. A total of 42 unsolicited third-party contacts were received by the SA consumer profiles, whereas the UK consumer profiles did not receive any third-party direct marketing. It was also found that the minimality principle is not always met by both SA and UK organisations.

As a jurisdiction with a heavy stance towards privacy implementation and regulation, it was found that the UK is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study, however not fully compliant.

Based upon the results obtained from this research, it suggests that the SA insurance organisations should ensure that the non-compliance aspects relating to direct marketing and sharing data with third parties are addressed. SA insurance companies should learn from the manner in which the UK insurance organisations implement these privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking and the minimality principle. The study indicates the positive role that data protection legislation plays in a county like the UK, with a more mature stance toward compliance with data protection legislation.

At present there are data protection laws in Austria, Canada, Denmark, France, Germany, Hungary, Iceland, Israel, Luxembourg, New Zealand, Norway, Sweden and the United States, and of course their United Kingdom. Legislation is in preparation in Belgium, and in Portugal and Spain, these last two countries proposing to deal with privacy issues by making provision in their respective constitutions. Because of their federal structure, Australia, Canada, Germany, Switzerland and the United States also have laws at the local — state, Land or Canton — level. Finland, Ireland, Italy, Japan and Yugoslavia have considered the protection of personal data to the extent of having reports prepared, which in some cases are being considered by their legislatures. Within the European Community therefore, five member states have data protection laws, two have legislation in process, and three, Ireland, Italy and Greece, have none. Ireland has a government report in preparation, and some aspects of individual privacy are covered by existing common‐law and other provisions. Italy has a government report in preparation, Greece so far as I know is not likely to take any action in the short term. Of course, because a country has no specific data protection laws it does not necessarily follow that there is no degree of control over information relating to individuals, along the lines for example of our own Consumer Credit Act of 1974, which established certain individual rights to be informed of, and be allowed to change or challenge, credit information.

Information privacy is currently regarded as one of the key ethical issues of the information age. Rapid technological developments and the advent of Internet based commerce or electronic commerce (e‐commerce) have forced several nations of the world to enact legislation to protect the information privacy of their citizens and corporations. Transborder data flows (TBDFs) have been known to have a significant impact on multinational and transnational corporations with respect to international data transfers. This paper discusses the issues and implications of TBDFs and provides a comparative account of the privacy laws on individual data protection in different countries. Also proposed is a theoretical model relating to diffusion of social policies of use with respect to the adoption and diffusion of privacy laws by different nations of the world in a global e‐commerce environment.