Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants

Setting Standards for Fair Information Practice in the U.S. Private Sector

The confluence of plans for an Information Superhighway, actual industry self-regulatory practices, and international pressure dictate renewed consideration of standard setting for fair information practices in the U.S. private sector. The legal rules, industry norms, and business practices that regulate the treatment of personal information in the United States are organized in a wide and dispersed manner. This Article analyzes how these standards are established in the U.S. private sector. Part I argues that the U.S. standards derive from the influence of American political philosophy on legal rule making and a preference for dispersed sources of information standards. Part II examines the aggregation of legal rules, industry norms, and business practice from these various decentralized sources. Part III ties the deficiencies back to the underlying U.S. philosophy and argues that the adherence to targeted standards has frustrated the very purposes of the narrow, ad hoc regulatory approach to setting private sector standards. Part IV addresses the irony that European pressure should force the United States to revisit the setting of standards for the private sector

Design and implementation of a multi-modal biometric system for company access control

This paper is about the design, implementation, and deployment of a multi-modal biometric system to grant access to a company structure and to internal zones in the company itself. Face and iris have been chosen as biometric traits. Face is feasible for non-intrusive checking with a minimum cooperation from the subject, while iris supports very accurate recognition procedure at a higher grade of invasivity. The recognition of the face trait is based on the Local Binary Patterns histograms, and the Daughman\u2019s method is implemented for the analysis of the iris data. The recognition process may require either the acquisition of the user\u2019s face only or the serial acquisition of both the user\u2019s face and iris, depending on the confidence level of the decision with respect to the set of security levels and requirements, stated in a formal way in the Service Level Agreement at a negotiation phase. The quality of the decision depends on the setting of proper different thresholds in the decision modules for the two biometric traits. Any time the quality of the decision is not good enough, the system activates proper rules, which ask for new acquisitions (and decisions), possibly with different threshold values, resulting in a system not with a fixed and predefined behaviour, but one which complies with the actual acquisition context. Rules are formalized as deduction rules and grouped together to represent \u201cresponse behaviors\u201d according to the previous analysis. Therefore, there are different possible working flows, since the actual response of the recognition process depends on the output of the decision making modules that compose the system. Finally, the deployment phase is described, together with the results from the testing, based on the AT&T Face Database and the UBIRIS database

Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach

Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved. We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version

TechNews digests: Jan - Mar 2010

TechNews is a technology, news and analysis service aimed at anyone in the education sector keen to stay informed about technology developments, trends and issues. TechNews focuses on emerging technologies and other technology news. TechNews service : digests september 2004 till May 2010 Analysis pieces and News combined publish every 2 to 3 month

REVIEWING OUTSOURCING CONTROVERSY IN INDONESIA (An Exploratory Study of Human Resources Outsourcing Practice in Semarang City)

Outsourcing in Indonesia is still a controversy. The different concept of outsourcing between employers (vendors and users), employees/outsourced workers, and government makes another problem in outsourcing implementation, especially in industrial relationship either in enterprise and macro level. This study aims to determine the concept of outsourcing of each element of the tripartite, the problems that arise in the implementation, and solutions from each party, in dealing with the practice of the working system. The problems under study, based on specific issues related to industrial relations, including: wages, welfare programs, health and safety, discrimination, job security, and dispute resolution, and termination of employment. This qualitative research is an exploratory, with the data collection methods: focus group discussions, observations, interviews, and study documentation. The data collected from employers (vendors and users), the national unions, worker outsourcing, and government within the scope of Semarang city. The results showed that the problems that arise due to differences in each party's conception of the tripartite elements. Uncertainty rules of outsourcing is a major problem, giving rise to labor flexibility in the implementation, which implies profitable for each party, especially the workers of outsourcing. In the end, the regulation enforcement related to the implementation of the outsourcing firm is badly needed, to compromise the disputes of workers and employer interests

How can SMEs benefit from big data? Challenges and a path forward

Big data is big news, and large companies in all sectors are making significant advances in their customer relations, product selection and development and consequent profitability through using this valuable commodity. Small and medium enterprises (SMEs) have proved themselves to be slow adopters of the new technology of big data analytics and are in danger of being left behind. In Europe, SMEs are a vital part of the economy, and the challenges they encounter need to be addressed as a matter of urgency. This paper identifies barriers to SME uptake of big data analytics and recognises their complex challenge to all stakeholders, including national and international policy makers, IT, business management and data science communities. The paper proposes a big data maturity model for SMEs as a first step towards an SME roadmap to data analytics. It considers the ‘state-of-the-art’ of IT with respect to usability and usefulness for SMEs and discusses how SMEs can overcome the barriers preventing them from adopting existing solutions. The paper then considers management perspectives and the role of maturity models in enhancing and structuring the adoption of data analytics in an organisation. The history of total quality management is reviewed to inform the core aspects of implanting a new paradigm. The paper concludes with recommendations to help SMEs develop their big data capability and enable them to continue as the engines of European industrial and business success. Copyright © 2016 John Wiley & Sons, Ltd.Peer ReviewedPostprint (author's final draft

A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

In this paper we present an approach for specifying and prioritizing\ud information security requirements in organizations. It is important\ud to prioritize security requirements since hundred per cent security is\ud not achievable and the limited resources available should be directed to\ud satisfy the most important ones. We propose to link explicitly security\ud requirements with the organization’s business vision, i.e. to provide business\ud rationale for security requirements. The rationale is then used as a\ud basis for comparing the importance of different security requirements.\ud A conceptual framework is presented, where the relationships between\ud business vision, critical impact factors and valuable assets (together with\ud their security requirements) are shown

Medical data processing and analysis for remote health and activities monitoring

Recent developments in sensor technology, wearable computing, Internet of Things (IoT), and wireless communication have given rise to research in ubiquitous healthcare and remote monitoring of human\u2019s health and activities. Health monitoring systems involve processing and analysis of data retrieved from smartphones, smart watches, smart bracelets, as well as various sensors and wearable devices. Such systems enable continuous monitoring of patients psychological and health conditions by sensing and transmitting measurements such as heart rate, electrocardiogram, body temperature, respiratory rate, chest sounds, or blood pressure. Pervasive healthcare, as a relevant application domain in this context, aims at revolutionizing the delivery of medical services through a medical assistive environment and facilitates the independent living of patients. In this chapter, we discuss (1) data collection, fusion, ownership and privacy issues; (2) models, technologies and solutions for medical data processing and analysis; (3) big medical data analytics for remote health monitoring; (4) research challenges and opportunities in medical data analytics; (5) examples of case studies and practical solutions