Search results
1 – 10 of over 8000
The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.
Abstract
Purpose
The aim of the paper is to highlight gaps in compliance environments regarding information privacy and provide recommendations for global information privacy standards.
Design/methodology/approach
The paper draws conceptually upon an existing security standard's framework and omissions in information privacy compliance frameworks are recognized. As a result, an extended framework of information security and privacy standards is developed. Moreover, taking into account the different attributes and focus of information privacy as compared to information security, the elicitation of usability criteria for web applications and interfaces that will assist users to protect their privacy, is being proposed.
Findings
Within ICT standards numerous information security standards exist, which enable a common understanding of security requirements and promote global rules and practices for security mechanisms. Through their usage, designed information systems ultimately reach a commonly accepted security level and interoperate with other systems in an efficient and secure way. Nevertheless, a similar compliance environment is missing with regard to information privacy. Often security controls are seen as the solution to privacy protection and security compliance frameworks are regarded as guidance to information privacy as well. This is clearly the wrong approach since the main security and privacy attributes are different; information security refers to information stored, processed and transmitted for completing the information system's functions and purpose, while information privacy is the protection of the information's subject identity.
Research limitations/implications
The identified gaps in compliance environments are based on extensive literature review, while the proposed enhancements for the information privacy standards are, at this stage, an opinion‐based piece of work.
Originality/value
Currently, information privacy is treated mostly as a legal compliance requirement and thus is not adequately handled by security standards. The paper provides recommendations and further guidance in managerial, procedural and technical level for handling information privacy.
Details
Keywords
This study explores privacy challenges in recommender systems (RSs) and how they have leveraged privacy-preserving technology for risk mitigation. The study also elucidates the…
Abstract
Purpose
This study explores privacy challenges in recommender systems (RSs) and how they have leveraged privacy-preserving technology for risk mitigation. The study also elucidates the extent of adopting privacy-preserving RSs and postulates the future direction of research in RS security.
Design/methodology/approach
The study gathered articles from well-known databases such as SCOPUS, Web of Science and Google scholar. A systematic literature review using PRISMA was carried out on the 41 papers that are shortlisted for study. Two research questions were framed to carry out the review.
Findings
It is evident from this study that privacy issues in the RS have been addressed with various techniques. However, many more challenges are expected while leveraging technology advancements for fine-tuning recommenders, and a research agenda has been devised by postulating future directions.
Originality/value
The study unveils a new comprehensive perspective regarding privacy preservation in recommenders. There is no promising study found that gathers techniques used for privacy protection. The study summarizes the research agenda, and it will be a good reference article for those who develop privacy-preserving RSs.
Details
Keywords
Alan Toy, David Lau, David Hay and Gehan Gunasekara
This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the drivers of…
Abstract
Purpose
This paper aims to uncover the practices of different privacy auditors to reveal the extent of any similarities in such practices. The purpose is to investigate the drivers of practices used by privacy auditors and to identify potential for improvements in the practice of privacy auditing so that privacy audits may better serve stakeholders.
Design/methodology/approach
Six semi-structured interviews with seven privacy auditors and regulators and an analyst across Australia, Canada, New Zealand and the USA are used as the basis for our analysis.
Findings
The study shows that some privacy auditors view privacy as an organizational issue, which means that all staff within an organization should understand the privacy issues that are relevant to the organization and to its customers. Because this practice goes beyond a mere compliance approach to privacy auditing, it indicates that there is a way to avoid the approach of merely applying standards from national data privacy laws which is an approach that has been subject to criticism because it is not applicable to the current situation of global applications and cross-border data. The interview themes demonstrate that privacy audits face significant challenges, such as the lack of a privacy auditing profession and the difficulty of raising the awareness of organizations and individuals regarding information privacy rights and duties.
Originality/value
Privacy auditing is mostly unexplored by academic research and little is known about the drivers behind the practice of privacy auditing. This study is the first to document the views of privacy auditors regarding the practices that they use. It also presents novel results regarding the drivers of the practice of privacy auditing and the interests of the beneficiaries of privacy audits. It builds on research that argues for the existence of best practices for privacy (Toy, 2013; Toy and Hay, 2015) and it extends this argument by providing reasons why privacy auditors may benefit from the use of best practices for privacy.
Details
Keywords
This paper attempts to identify key factors (i.e., personalization, privacy awareness and social norms) that affect user experiences (UXs) of mobile recommendation systems…
Abstract
Purpose
This paper attempts to identify key factors (i.e., personalization, privacy awareness and social norms) that affect user experiences (UXs) of mobile recommendation systems according to the user involvement theory (push-based and pull-based) and their relationships.
Design/methodology/approach
The study is based on an online survey with students from an international business school located in southwestern China. The sample population for the study included randomly selected 600 university students who are active mobile phone users. A total of 470 questionnaires were returned; 456 were valid (14 were invalid due to the incompleteness of their responses), providing a response rate of 65%.
Findings
Social norms have the largest impact on user experience quality, followed by personalization and privacy awareness. User involvement in mobile recommendation systems has mediating effects on the above relationships, with larger effects on pull-based systems than on push-based systems.
Originality/value
This study provides an integrated framework for researchers to measure the effects of social, personal and risk factors on the quality of user experience. The results enrich the literature on user involvement, mobile recommendation systems and UX. The findings provide significant implications for both retailers and developers of mobile recommendation systems.
Details
Keywords
Maria Petrescu, Anjala Krishen and My Bui
The purpose of this paper is to evaluate the impact of internet of everything (IoE) on marketing analytics, the benefits and challenges it presents and the implications of its…
Abstract
Purpose
The purpose of this paper is to evaluate the impact of internet of everything (IoE) on marketing analytics, the benefits and challenges it presents and the implications of its policy and legal framework.
Design/methodology/approach
Qualitative research methods are used across privacy statements and consumer social media data to determine factors of concern for business and consumers.
Findings
The qualitative analysis of privacy statements and consumer social media data unveils factors of concern that are common for businesses and consumers, such as user consent and data security, as well as problems specific to the IoE, including the use of mobile devices and various service providers. The study also shows a differentiation in the levels of information privacy concerns for marketing practice, the use of personal information, sharing information with third parties and consumer consent and agreement to critical terms.
Practical implications
Recommendations for policymakers, practitioners and researchers, especially concerning the need for more studies related to the issues of data security, information privacy and personal information are addressed.
Originality/value
There is a need to assess the potential implications that the use of marketing analytics in the IoE can have for marketing policy, governmental regulations and industry self-regulation. The purpose of this research is to perform an exploratory evaluation of the impact of IoE on marketing analytics, the benefits and challenges it presents and the implications of its policy and legal framework.
Details
Keywords
Privacy impact assessments (PIAs) are an important tool for managing risk in both public and private sector projects. The best evidence of how PIAs are being conducted is the PIA…
Abstract
Purpose
Privacy impact assessments (PIAs) are an important tool for managing risk in both public and private sector projects. The best evidence of how PIAs are being conducted is the PIA reports published at the conclusion of the process. This paper aims to consider PIA reports from five countries and assesses their strengths, weaknesses and impacts.
Design/methodology/approach
The paper also identifies key trends and makes recommendations for improving the PIA process and enabling access to lessons learned by PIA practitioners.
Findings
The paper calls for further study of PIA case studies to determine how closely practitioners and assessors follow the PIA methodologies promulgated in their countries, to seek good practice in the preparation of PIAs and for the creation of a central repository for PIAs.
Originality/value
The author believes this is the first such paper to review actual PIA reports.
Details
Keywords
The purpose of this study is to identify how the privacy policy can be framed for protection of personal data and how the latest judgement of full bench of Supreme Court of India…
Abstract
Purpose
The purpose of this study is to identify how the privacy policy can be framed for protection of personal data and how the latest judgement of full bench of Supreme Court of India has dealt with right to privacy in India.
Design/methodology/approach
The study uses the latest Supreme Court judgement on right to privacy and historical cases on right to privacy in India. This paper uses Indian Constitution as a source of Information for study along with case laws and judgements of different courts in India.
Findings
This paper tries to find if personal data privacy is a fundamental right in India. In addition, the paper provides recommendations to different concerned authorities on protecting personal information in online platform.
Research limitations/implications
This study deals with privacy issues so far as Indian citizens are concerns and does not focus on other countries. Moreover, the study tries to understand the issue of fundamental rights from Indian Constitution perspective. In addition, the recommendations provided to the policymakers and other authorities of India have wide implications for formulation of new policy and management of personal data, so that it should not go to wrong hands and the personal data and privacy is protected of the citizens.
Practical implications
Millions of people put their personal information in online platform. In addition, there are few government initiatives in India such as Aadhaar card where the biometric information is taken from the residents of India, and in many cases, the personal data are compromised under various circumstances. As the personal data of the citizens are in question, thus the study has direct practical implication mainly for all the citizens whose personal data are available in online platform.
Social implications
This study has social implication as it dealt with the “personal data” of the citizens of India. As the paper discusses the issue of protection of personal data in the context of right to privacy, thus this study has a direct social impact so far as online citizen of India is concerned.
Originality/value
This paper is timely, original and discusses the contemporary issue of online data privacy and fundamental right in India. This paper is a useful resource for the researchers, policymakers and online users who deal with personal data-, right to privacy and data privacy policy-related areas.
Details
Keywords
The Bureau of Economics in the Federal Trade Commission has a three-part role in the Agency and the strength of its functions changed over time depending on the preferences and…
Abstract
The Bureau of Economics in the Federal Trade Commission has a three-part role in the Agency and the strength of its functions changed over time depending on the preferences and ideology of the FTC’s leaders, developments in the field of economics, and the tenor of the times. The over-riding current role is to provide well considered, unbiased economic advice regarding antitrust and consumer protection law enforcement cases to the legal staff and the Commission. The second role, which long ago was primary, is to provide reports on investigations of various industries to the public and public officials. This role was more recently called research or “policy R&D”. A third role is to advocate for competition and markets both domestically and internationally. As a practical matter, the provision of economic advice to the FTC and to the legal staff has required that the economists wear “two hats,” helping the legal staff investigate cases and provide evidence to support law enforcement cases while also providing advice to the legal bureaus and to the Commission on which cases to pursue (thus providing “a second set of eyes” to evaluate cases). There is sometimes a tension in those functions because building a case is not the same as evaluating a case. Economists and the Bureau of Economics have provided such services to the FTC for over 100 years proving that a sub-organization can survive while playing roles that sometimes conflict. Such a life is not, however, always easy or fun.
Details
Keywords
During the period of growth of e‐commerce, e‐business and online life in general, trust has been identified by a number of authors as a key factor, the absence of which can act as…
Abstract
During the period of growth of e‐commerce, e‐business and online life in general, trust has been identified by a number of authors as a key factor, the absence of which can act as a powerful disincentive to an individual’s engagement in a transaction. This has encouraged a great deal of research into the various facets of trust in an online environment, both theoretical and empirical. One of the many recommendations for business practice that have emerged from this research is the suggestion that online businesses should publish on their website a privacy policy that explains clearly the use that will be made of any personal information collected on the site, the third parties to whom it may be disclosed, and the circumstances under which disclosure may occur. A number of surveys have been conducted that highlight the rather patchy adoption of this recommendation in various countries. We now know, for example, that by no means all online organisations publish an online privacy policy, and that many of those that do exist display a range of serious shortcomings, including poor visibility on the site, incomplete coverage of the main issues of concern and poor readability. However, previous discussion of privacy policies has tended to assume that any particular policy can provide value to its readers by informing them of the privacy practices of its host organisation, and thus also to its publishers through encouraging customers and clients to trust them more than they otherwise would. This assumption is expected to be valid where the policy meets certain criteria, which are either established on the basis of theoretical considerations, or are derived from a kind of best‐in‐breed comparative exercise. This paper seeks to address the question how far privacy policies can ever achieve the goal of providing clear information to website visitors about the privacy practices of an organisation. It reports on an empirical study that was conducted between November 2005 and April 2006 using two groups of University students as subjects. The subjects were asked to read three privacy policies, selected in advance by the author, and to complete a short questionnaire on what the subject thought each policy had to say about certain key privacy issues. The results reveal that there is surprisingly little agreement about what a policy actually means. This has significant implications both for policy writers and their managers, and also for those who are considering entering into a transaction with the host website. There is a need for further research to investigate this question in more detail, but it is clear from these findings that we know less than we thought we did about the ways in which people interpret the notices that they read on websites.
Details
Keywords
Nikolaos Polatidis, Christos K. Georgiadis, Elias Pimenidis and Emmanouil Stiakakis
This paper aims to address privacy concerns that arise from the use of mobile recommender systems when processing contextual information relating to the user. Mobile recommender…
Abstract
Purpose
This paper aims to address privacy concerns that arise from the use of mobile recommender systems when processing contextual information relating to the user. Mobile recommender systems aim to solve the information overload problem by recommending products or services to users of Web services on mobile devices, such as smartphones or tablets, at any given point in time and in any possible location. They use recommendation methods, such as collaborative filtering or content-based filtering and use a considerable amount of contextual information to provide relevant recommendations. However, because of privacy concerns, users are not willing to provide the required personal information that would allow their views to be recorded and make these systems usable.
Design/methodology/approach
This work is focused on user privacy by providing a method for context privacy-preservation and privacy protection at user interface level. Thus, a set of algorithms that are part of the method has been designed with privacy protection in mind, which is done by using realistic dummy parameter creation. To demonstrate the applicability of the method, a relevant context-aware data set has been used to run performance and usability tests.
Findings
The proposed method has been experimentally evaluated using performance and usability evaluation tests and is shown that with a small decrease in terms of performance, user privacy can be protected.
Originality/value
This is a novel research paper that proposed a method for protecting the privacy of mobile recommender systems users when context parameters are used.
Details