Search results

1 – 10 of over 32000
Article
Publication date: 13 July 2023

Anita Katulić

The research aims to establish the predictors of the acceptance of technical and organizational measures for the protection of personal data to ensure information privacy in…

Abstract

Purpose

The research aims to establish the predictors of the acceptance of technical and organizational measures for the protection of personal data to ensure information privacy in Croatian libraries, starting from the constructs of the APCO Macro Model.

Design/methodology/approach

Two data collection methods were used: the online survey questionnaire method and the analysis of the websites of independent libraries in the Republic of Croatia.

Findings

The results show that the acceptance of measures for personal data protection by a library manager is mostly influenced by perceived knowledge, while culture and trust have a positive correlation of moderate strength. Awareness has a low positive correlation, and privacy experience is not statistically related to the acceptance of measures. There is no statistically significant difference in the acceptance of measures for the protection of personal data concerning age and work experience in the profession. There is a statistically significant correlation between compliance with the principle of transparency and the size of the library.

Originality/value

The study is valuable as it examined the characteristics of the culture of information privacy in libraries and determined the existence and impact of factors that influence ensuring the information privacy of users in Croatian libraries.

Article
Publication date: 5 April 2024

Jawahitha Sarabdeen and Mohamed Mazahir Mohamed Ishak

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the…

Abstract

Purpose

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

Design/methodology/approach

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

Findings

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

Originality/value

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.

Details

International Journal of Law and Management, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 1754-243X

Keywords

Article
Publication date: 8 June 2020

Vasiliki Diamantopoulou, Aggeliki Tsohou and Maria Karyda

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by…

1030

Abstract

Purpose

This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.

Design/methodology/approach

This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.

Findings

The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.

Originality/value

This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.

Details

Information & Computer Security, vol. 28 no. 4
Type: Research Article
ISSN: 2056-4961

Keywords

Open Access
Article
Publication date: 2 October 2024

Deo Shao, Fredrick Ishengoma, Anastasija Nikiforova and Mrisho Swetu

Protection of personal data is integral to the digital economy, ensuring trust and privacy as its foundational elements. The purpose of this study is to analyze data protection

Abstract

Purpose

Protection of personal data is integral to the digital economy, ensuring trust and privacy as its foundational elements. The purpose of this study is to analyze data protection laws in Tanzania, Kenya, Uganda and Rwanda to understand their legal frameworks and identify challenges hindering their effective implementation.

Design/methodology/approach

This study uses a comparative exploratory case study approach, analyzing legal frameworks of four East African (EA) countries through examination of legal documents, official reports and academic articles. The dimensions of analysis include registration, supervisory authority, data subject rights and cross-border data transfer regulations.

Findings

While all four EA countries are in the process of enacting data protection acts, they differ in scope, provisions and enforcement; more needs to be done to ensure mature data protection in these countries. The commonalities and distinctions in the legal frameworks are underscored, providing a mapping of data protection regulations in the EA region. Moreover, this study reports implementation constraints and areas for improvement.

Practical implications

The findings of this study provide valuable insights for policymakers, highlighting areas where data protection regulations can be improved. The results of this study can guide harmonizing regional data protection laws, ensuring consistent and effective enforcement. This study offers a foundation for future policy development and regional cooperation on data protection issues.

Social implications

The social implications of this research lie in its potential to shape public attitudes on data protection and privacy rights. By highlighting these concerns, this study may influence societal norms and values, encouraging a more informed and conscientious public discourse on inclusive policies that consider the diverse needs of different regional populations.

Originality/value

This study provides a pioneering comparative analysis of data protection regulations across four EA countries, offering unique insights into the regional variations and commonalities in legal frameworks. Its value lies in informing future policy development, enhancing regional cooperation and contributing to the harmonization of data protection practices in the selected EA countries, which remains an under-explored area in existing literature.

Details

Digital Policy, Regulation and Governance, vol. ahead-of-print no. ahead-of-print
Type: Research Article
ISSN: 2398-5038

Keywords

Article
Publication date: 3 April 2023

Efrosini Siougle, Sophia Dimelis and Nikolaos Malevris

This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of…

Abstract

Purpose

This study explores the link between ISO 9001 certification, personal data protection and firm performance using financial balance sheet and survey data. The security aspect of data protection is analyzed based on the major requirements of the General Data Protection Regulation and mapped to the relevant controls of the ISO/IEC 27001/27002 standards.

Design/methodology/approach

The research analysis is based on 96 ISO 9001–certified and non-certified publicly traded manufacturing and service firms that responded to a structured questionnaire. The authors develop and empirically test their theoretical model using the structural equation modeling technique and follow a difference-in-differences econometric modeling approach to estimate financial performance differences between certified and non-certified firms accounting for the level of data protection.

Findings

The estimates indicate three core dimensions in the areas of “policies, procedures and responsibilities,” “access control management” and “risk-reduction techniques” as desirable components in establishing the concept of data security. The estimates also suggest that the data protection level has significantly impacted the performance of certified firms relative to the non-certified. Controlling for the effect of industry-level factors reveals a positive relationship between data security and high-technological intensity.

Practical implications

The results imply that improving the level of compliance to data protection enhances the link between certification and firm performance.

Originality/value

This study fills a gap in the literature by empirically testing the influence of data protection on the relationship between quality certification and firm performance.

Details

International Journal of Productivity and Performance Management, vol. 73 no. 3
Type: Research Article
ISSN: 1741-0401

Keywords

Article
Publication date: 1 February 2004

V. Zorkadis and P. Donos

Biometric techniques, such as fingerprint verification, iris or face recognition, retina analysis and hand‐written signature verification, are increasingly becoming basic elements…

3085

Abstract

Biometric techniques, such as fingerprint verification, iris or face recognition, retina analysis and hand‐written signature verification, are increasingly becoming basic elements of authentication and identification systems. However, any human physiological or behavioural traits serving as biometric characteristics are personal data protected by privacy protection legislation. To address related issues, this paper examines these classes of biometrics according to data protection principles, purpose, proportionality and security, provided in international legislation. This analysis leads to the desired properties of biometric systems in the form of functional and non‐functional requirements, in order to support developers minimising the risk of being non‐compliant to privacy protection legislation, and to increase user acceptance.

Details

Information Management & Computer Security, vol. 12 no. 1
Type: Research Article
ISSN: 0968-5227

Keywords

Open Access
Article
Publication date: 15 January 2024

Christine Prince, Nessrine Omrani and Francesco Schiavone

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper…

2990

Abstract

Purpose

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

Design/methodology/approach

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

Findings

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

Originality/value

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

Details

Information Technology & People, vol. 37 no. 8
Type: Research Article
ISSN: 0959-3845

Keywords

Book part
Publication date: 19 July 2022

Claire Farrugia, Simon Grima and Kiran Sood

Purpose: This chapter sets out to lay out and analyse the effectiveness of the General Data Protection Regulation (GDPR), a recently established European Union (EU) regulation, in…

Abstract

Purpose: This chapter sets out to lay out and analyse the effectiveness of the General Data Protection Regulation (GDPR), a recently established European Union (EU) regulation, in the local insurance industry.

Methodology: This was done through a systematic literature review to determine what has already been done and then a survey as a primary research tool to gather information. The survey was aimed at clients and employees of insurance entities.

Findings: The general results are that effectiveness can be segmented into different factors and vary regarding the respondents’ confidence. Other findings include that the GDPR has increased costs, and its expectations are unclear. These findings suggest that although the GDPR was influential in the insurance market, some issues about this regulation still exist.

Conclusions: GDPR fulfils its purposes; however, the implementation process of this regulation can be facilitated if better guidelines are issued for entities to follow to understand its expectations better and follow the law and fulfil its purposes most efficiently.

Practical implications: These conclusions imply that the GDPR can be improved in the future. Overall, as a regulation, it is suitable for the different member states of the EU, including small states like Malta.

Details

Big Data: A Game Changer for Insurance Industry
Type: Book
ISBN: 978-1-80262-606-3

Keywords

Book part
Publication date: 20 May 2024

Farha Khan and Akansha Mer

Introduction: As Internet usage increases, so does widespread concern about surveillance and privacy. While most of the research primarily focuses on a particular digital setting…

Abstract

Introduction: As Internet usage increases, so does widespread concern about surveillance and privacy. While most of the research primarily focuses on a particular digital setting, these problems cut beyond national boundaries and impact economies everywhere.

Purpose: This study critically analyses the Data Protection Bill 2019’s effectiveness within the context of surveillance and privacy in India’s digital economy. Investigating critical provisions of the bill, comparing it to international privacy laws and standards, and identifying potential gaps and weaknesses, this study provides insights into the bill’s ability to protect personal data and limit surveillance practices.

Methodology: The chapter is based on secondary sources of data, including academic articles, government reports, and news articles on the topics of surveillance, privacy, and the Data Protection Bill 2019 in India, involving content and critical discourse analyses.

Findings: The Data Protection Bill 2019 evaluation reveals a set of provisions with the overarching intent to safeguard citizens’ privacy worldwide and curtail undue surveillance practices exercised by both governmental bodies and private enterprises. Intricately delineates the entitlements of individuals concerning their data, encompassing vital aspects such as the right to access, rectify, and erase their data, the bill mandates stringent adherence to the principle of explicit consent when collecting and processing personal data.

Nevertheless, a comprehensive analysis also reveals several gaps and constraints inherent in the bill’s framework. One such area is the inclusion of exemptions for governmental entities, an aspect that raises international concerns regarding potential disparities in data protection practices.

Details

Sustainable Development Goals: The Impact of Sustainability Measures on Wellbeing
Type: Book
ISBN: 978-1-83797-098-8

Keywords

1 – 10 of over 32000