Practical Privacy Assessments

Practical Privacy Assessments

Thejs Willem Jansen (Technical University of Denmark, Denmark)
Copyright: © 2009 |Pages: 28
DOI: 10.4018/978-1-60566-012-7.ch004
OnDemand PDF Download:
$37.50

Abstract

Governments and large companies are increasingly relying on information technology to provide enhanced services to the citizens and customers and reduce their operational costs. This means that an increasing amount of information about ordinary citizens is collected in a growing number of databases. As the amount of collected information grows and the ability to correlate information from many different databases increases, the risk that some or all of this information is disclosed to unauthorised third parties grows as well. Although most people appear unaware or unconcerned about this risk, both governments and large companies have started to worry about the dangers of privacy violations on a major scale. In this chapter, we present a new method of assessing the privacy protection offered by a specific IT system. The operational privacy assessment model, presented here, is based on an evaluation of all the organisational, operational and technical factors that are relevant to the protection of personal data stored and managed in an IT system. The different factors are measured on a simple scale and the results presented in a simple graphical form, which makes it easy to compare two systems to each other or to identify the factors that benefit most from improved privacy enhancing technologies.A standardised assessment of the privacy protection offered by a particular IT system; serve to help system owners understand the privacy risks in their IT system as well as help individuals, whose data is being processed, to understand their personal privacy situation. This will facilitate the development and procurement of IT systems with acceptable privacy levels, but the simple standard assessment result may also provide the basis for a certification scheme, which may help raise the confidence in the IT system’s ability to protect the privacy of the data stored and processed in the system.
Chapter Preview
Top

Introduction

Existing research into privacy enhancing technology (PET) has provided few answers to many of the real questions that governments and large companies are facing when they try to protect the privacy of their citizens or customers. Most of the current work has focused on technical solutions to anonymous communications and pseudonymous interactions, but, in reality, the majority of privacy violations involve careless management of government it-systems, inadequate procedures or insecure data storage. In this chapter, we introduce a method that helps system developers and managers to assess the level of privacy protection offered by their system and to identify areas where privacy should be improved. The method has been developed in the context of government IT systems in Europe, which has relatively strict privacy legislation, but we believe that the method may also apply to other government systems, non-governmental organisations (NGOs) and large private companies. With the privatisation of many state monopolies, such as telecommunications and railroads, in many countries and the increasing number of public/private partnerships, the distinction between the public and private sector has grown increasingly fuzzy.1 For the purpose of clarity in our discussions, however, we have decided to use the vocabulary from government systems, so we discuss the relationships between governments and citizens instead of companies and customers.

Governments are increasingly relying on information technology to provide enhanced services to the citizens and reduce the costs of the public sector. This means that an increasing amount of information about ordinary citizens is collected in an increasing number of government databases. As the amount of collected information grows and the ability to correlate information from many different databases increases, the risk that some or all of this information is disclosed to unauthorised third parties grows as well. Although most citizens appear unaware or unconcerned about this risk, governments have started to worry about the dangers of privacy violations on a major scale. If the government is not seen to be able to treat information about its citizens securely, these citizens will be reluctant to provide timely and accurate information to the government in the future. Many of the same factors are relevant in the relationship between companies and their customers, so both governments and large companies have realised that protecting the privacy of their citizens and customers is necessary if they are to reap the benefits of the information society in the future.

The benefits of collecting and storing information about citizens in electronic databases is an increasing level of efficiency in administrative systems and convenience for the citizens, because it provides government agencies with faster and easier access to relevant data and improves their ability to combine sets of personal data from different systems. This allows improved services at reduced costs, for example, the Inland Revenue Service in Denmark has reduced the number of employees from around 14,000 to around 9,000 in the past decade, while the amount of information that is being processed about each citizen has increased. The sheer volume of data collected by different government IT systems, however, makes it increasingly difficult for anyone to obtain an accurate picture of all the personal information that may be available in government databases. Moreover, it also makes it difficult to determine which persons, institutions or private companies that have access to the data.

Complete Chapter List

Search this Book:
Reset
Table of Contents
Acknowledgment
Kuanchin Chen, Adam Fadlalla
Chapter 1
Andrew Pauxtis
What began as simple homepages that listed favorite Web sites in the early 1990’s have grown into some of the most sophisticated, enormous... Sample PDF
Google: Technological Convenience vs. Technological Intrusion
$37.50
Chapter 2
Angelena M. Secor
In this chapter, consumer online privacy legal issues are identified and discussed. Followed by the literature review in consumer online privacy... Sample PDF
A Taxonomic View of Consumer Online Privacy Legal Issues, Legislation, and Litigation
$37.50
Chapter 3
Hy Sockel, Louis K. Falk
There are many potential threats that come with conducting business in an online environment. Management must find a way to neutralize or at least... Sample PDF
Online Privacy, Vulnerabilities, and Threats: A Manager's Perspective
$37.50
Chapter 4
Thejs Willem Jansen
Governments and large companies are increasingly relying on information technology to provide enhanced services to the citizens and customers and... Sample PDF
Practical Privacy Assessments
$37.50
Chapter 5
Leszek Lilien, Bharat Bhargava
Any interaction—from a simple transaction to a complex collaboration—requires an adequate level of trust between interacting parties. Trust includes... Sample PDF
Privacy and Trust in Online Interactions
$37.50
Chapter 6
Huong Ha, Ken Coghill
The current measures to protect e-consumers’ privacy in Australia include (i) regulation/legislation; (ii) guidelines; (iii) codes of practice; and... Sample PDF
Current Measures to Protect E-Consumers' Privacy in Australia
$37.50
Chapter 7
Anil Gurung, Anurag Jain
Individuals are generally concerned about their privacy and may withhold from disclosing their personal information while interacting with online... Sample PDF
Antecedents of Online Privacy Protection Behavior: Towards an Integrative Model
$37.50
Chapter 8
Alan Rea, Kuanchin Chen
Protecting personal information while Web surfing has become a struggle. This is especially the case when transactions require a modicum of trust to... Sample PDF
Privacy Control and Assurance: Does Gender Influence Online Information Exchange?
$37.50
Chapter 9
Bernadette H. Schell, Thomas J. Holt
This chapter looks at the literature—myths and realities—surrounding the demographics, psychological predispositions, and social/behavioral patterns... Sample PDF
A Profile of the Demographics, Psychological Predispositions, and Social/Behavioral Patterns of Computer Hacker Insiders and Outsiders
$37.50
Chapter 10
Chiung-wen ("Julia") Hsu
This chapter introduces a situational paradigm as a means of studying online privacy. It argues that data subjects are not always opponent to data... Sample PDF
Privacy or Performance Matters on the Internet: Revisiting Privacy Toward a Situational Paradigm
$37.50
Chapter 11
Tom S. Chan
While delivering content via the Internet can be efficient and economical, content owners risk losing control of their intellectual property. Any... Sample PDF
Online Consumer Privacy and Digital Rights Management Systems
$37.50
Chapter 12
Betty J. Parker
Marketing practices have always presented challenges for consumers seeking to protect their privacy. This chapter discusses the ways in which the... Sample PDF
Online Privacy and Marketing: Current Issues for Consumers and Marketers
$37.50
Chapter 13
Suhong Li
The purpose of this chapter is to investigate the current status of online privacy policies of Fortune 100 Companies. It was found that 94% of the... Sample PDF
An Analysis of Online Privacy Policies of Fortune 100 Companies
$37.50
Chapter 14
Andy Chiou
In this chapter, the authors will briefly discuss some cross cultural concerns regarding Internet privacy. The authors believe that due to the cross... Sample PDF
Cross Cultural Perceptions on Privacy in the United States, Vietnam, Indonesia, and Taiwan
$37.50
Chapter 15
Sean Lancaster
Biometrics is an application of technology to authenticate users’ identities through the measurement of physiological or behavioral patterns. The... Sample PDF
Biometric Controls and Privacy
$37.50
Chapter 16
G. Scott Erickson
This chapter focuses on the specific issue of the federal Freedom of Information Act and associated state and local freedom of information laws.... Sample PDF
Government Stewardship of Online Information: FOIA Requirements and Other Considerations
$37.50
Chapter 17
Charles O’Mahony
This chapter will discuss the legal framework for consumer and data protection in Europe. Central to this discussion will be the law of the European... Sample PDF
The Legal Framework for Data and Consumer Protection in Europe
$37.50
Chapter 18
Karin Mika
This chapter provides an overview of law relating to online and Internet medical practice, data protection, and consumer information privacy. It... Sample PDF
Cybermedicine, Telemedicine, and Data Protection in the United States
$37.50
Chapter 19
J. Michael Tarn
This chapter explores the current status and practices of online privacy protection in Japan. Since the concept of privacy in Japan is different... Sample PDF
Online Privacy Protection in Japan: The Current Status and Practices
$37.50
About the Contributors