415 research outputs found
A conceptual framework for information security and privacy
There are numerous information privacy approaches based on the four major models of privacy protection. That is, Comprehensive Privacy Laws, Sectoral Privacy Laws, Privacy Self-Regulation, and Technologies of Privacy. These solutions, used individually or without proper system privacy design considerations, have not been very effective. This is because there has been little in the way of instruction on how developers and designers are supposed to use these privacy tools. In this paper we address the problem by providing a privacy solution for integration into information systems called Shield Privacy. The Shield Privacy solution provides an effective system wide approach to privacy protection. It integrates relevant components from the various privacy models. We have implemented our Shield Privacy in a collaborative environment application. In this paper we also describe the prototype and discuss its advantages and areas of future work
Impliance: A Next Generation Information Management Appliance
ably successful in building a large market and adapting to the changes of the
last three decades, its impact on the broader market of information management
is surprisingly limited. If we were to design an information management system
from scratch, based upon today's requirements and hardware capabilities, would
it look anything like today's database systems?" In this paper, we introduce
Impliance, a next-generation information management system consisting of
hardware and software components integrated to form an easy-to-administer
appliance that can store, retrieve, and analyze all types of structured,
semi-structured, and unstructured information. We first summarize the trends
that will shape information management for the foreseeable future. Those trends
imply three major requirements for Impliance: (1) to be able to store, manage,
and uniformly query all data, not just structured records; (2) to be able to
scale out as the volume of this data grows; and (3) to be simple and robust in
operation. We then describe four key ideas that are uniquely combined in
Impliance to address these requirements, namely the ideas of: (a) integrating
software and off-the-shelf hardware into a generic information appliance; (b)
automatically discovering, organizing, and managing all data - unstructured as
well as structured - in a uniform way; (c) achieving scale-out by exploiting
simple, massive parallel processing, and (d) virtualizing compute and storage
resources to unify, simplify, and streamline the management of Impliance.
Impliance is an ambitious, long-term effort to define simpler, more robust, and
more scalable information systems for tomorrow's enterprises.Comment: This article is published under a Creative Commons License Agreement
(http://creativecommons.org/licenses/by/2.5/.) You may copy, distribute,
display, and perform the work, make derivative works and make commercial use
of the work, but, you must attribute the work to the author and CIDR 2007.
3rd Biennial Conference on Innovative Data Systems Research (CIDR) January
710, 2007, Asilomar, California, US
Privacy Violation and Detection Using Pattern Mining Techniques
Privacy, its violations and techniques to bypass privacy violation have grabbed the centre-stage of both academia and industry in recent months. Corporations worldwide have become conscious of the implications of privacy violation and its impact on them and to other stakeholders. Moreover, nations across the world are coming out with privacy protecting legislations to prevent data privacy violations. Such legislations however expose organizations to the issues of intentional or unintentional violation of privacy data. A violation by either malicious external hackers or by internal employees can expose the organizations to costly litigations. In this paper, we propose PRIVDAM; a data mining based intelligent architecture of a Privacy Violation Detection and Monitoring system whose purpose is to detect possible privacy violations and to prevent them in the future. Experimental evaluations show that our approach is scalable and robust and that it can detect privacy violations or chances of violations quite accurately. Please contact the author for full text at [email protected]
Explanation-Based Auditing
To comply with emerging privacy laws and regulations, it has become common
for applications like electronic health records systems (EHRs) to collect
access logs, which record each time a user (e.g., a hospital employee) accesses
a piece of sensitive data (e.g., a patient record). Using the access log, it is
easy to answer simple queries (e.g., Who accessed Alice's medical record?), but
this often does not provide enough information. In addition to learning who
accessed their medical records, patients will likely want to understand why
each access occurred. In this paper, we introduce the problem of generating
explanations for individual records in an access log. The problem is motivated
by user-centric auditing applications, and it also provides a novel approach to
misuse detection. We develop a framework for modeling explanations which is
based on a fundamental observation: For certain classes of databases, including
EHRs, the reason for most data accesses can be inferred from data stored
elsewhere in the database. For example, if Alice has an appointment with Dr.
Dave, this information is stored in the database, and it explains why Dr. Dave
looked at Alice's record. Large numbers of data accesses can be explained using
general forms called explanation templates. Rather than requiring an
administrator to manually specify explanation templates, we propose a set of
algorithms for automatically discovering frequent templates from the database
(i.e., those that explain a large number of accesses). We also propose
techniques for inferring collaborative user groups, which can be used to
enhance the quality of the discovered explanations. Finally, we have evaluated
our proposed techniques using an access log and data from the University of
Michigan Health System. Our results demonstrate that in practice we can provide
explanations for over 94% of data accesses in the log.Comment: VLDB201
A Framework for High-Accuracy Privacy-Preserving Mining
To preserve client privacy in the data mining process, a variety of
techniques based on random perturbation of data records have been proposed
recently. In this paper, we present a generalized matrix-theoretic model of
random perturbation, which facilitates a systematic approach to the design of
perturbation mechanisms for privacy-preserving mining. Specifically, we
demonstrate that (a) the prior techniques differ only in their settings for the
model parameters, and (b) through appropriate choice of parameter settings, we
can derive new perturbation techniques that provide highly accurate mining
results even under strict privacy guarantees. We also propose a novel
perturbation mechanism wherein the model parameters are themselves
characterized as random variables, and demonstrate that this feature provides
significant improvements in privacy at a very marginal cost in accuracy.
While our model is valid for random-perturbation-based privacy-preserving
mining in general, we specifically evaluate its utility here with regard to
frequent-itemset mining on a variety of real datasets. The experimental results
indicate that our mechanisms incur substantially lower identity and support
errors as compared to the prior techniques
An ontology-based compliance audit framework for medical data sharing across Europe
Complying with privacy in multi-jurisdictional health domains is important as well as challenging. The compliance management process will not be efficient unless it manages to show evidences of explicit verification of legal requirements. In order to achieve this goal, privacy compliance should be addressed through “a privacy by design” approach. This paper presents an approach to privacy protection verification by means of a novel audit framework. It aims to allow privacy auditors to look at past events of data processing effectuated by healthcare organisation and verify compliance to legal privacy requirements. The adapted approach used semantic modelling and a semantic reasoning layer that could be placed on top of hospital databases. These models allow the integration of fine-grained context information about the sharing of patient data and provide an explicit capturing of applicable privacy obligation. This is particularly helpful for insuring a seamless data access logging and an effective compliance checking during audit trials
Complying with Data Handling Requirements in Cloud Storage Systems
In past years, cloud storage systems saw an enormous rise in usage. However,
despite their popularity and importance as underlying infrastructure for more
complex cloud services, today's cloud storage systems do not account for
compliance with regulatory, organizational, or contractual data handling
requirements by design. Since legislation increasingly responds to rising data
protection and privacy concerns, complying with data handling requirements
becomes a crucial property for cloud storage systems. We present PRADA, a
practical approach to account for compliance with data handling requirements in
key-value based cloud storage systems. To achieve this goal, PRADA introduces a
transparent data handling layer, which empowers clients to request specific
data handling requirements and enables operators of cloud storage systems to
comply with them. We implement PRADA on top of the distributed database
Cassandra and show in our evaluation that complying with data handling
requirements in cloud storage systems is practical in real-world cloud
deployments as used for microblogging, data sharing in the Internet of Things,
and distributed email storage.Comment: 14 pages, 11 figures; revised manuscript, accepted for publication in
IEEE Transactions on Cloud Computin
Special ArticleEthics and Electronic Health Information Technology: Challenges for Evidence-Based Medicine and the Physician–Patient Relationship
Objectives: The National Health Insurance Scheme (NHIS), and the National Identification Authority (NIA), pose ethical challenges to the physician-patient relationship due to interoperability. This paper explores (1) the national legislation on Electronic Health Information Technology (EHIT), (2) the ethics of information technology and public health and (3) the effect on the Physician-patient relationship. Method: This study consisted of systematic literature and internet review of the legislation, information technology, the national health insurance program, and the physician-patient relationship. Result: The result shows that (1) EHIT have eroded a big part of the confidentiality between the physician and patient; (2) The encroachment on privacy is an inevitable outcome of EHIT; (3) Legislation on privacy, the collection, storage and uses of electronic health information is needed and; (4) the nexus between EHIT, NHIS, NHA, Ethics, the physicianpatient relationship and privacy. Conclusion: The study highlights the lack of protection for physician-patient relationship as medical practice transitions from the conventional to the modern, information technology driven domain. Keywords: Physician-patient Relationship, Legislation, Public Health, National Health Insurance Scheme, National Identification Authority, Electronic Health InformationGhana Medical Journal, September 2011, Volume 45, Number
- …