How to Balance Privacy and Money through Pricing Mechanism in Personal Data Market

A personal data market is a platform including three participants: data owners (individuals), data buyers and market maker. Data owners who provide personal data are compensated according to their privacy loss. Data buyers can submit a query and pay for the result according to their desired accuracy. Market maker coordinates between data owner and buyer. This framework has been previously studied based on differential privacy. However, the previous study assumes data owners can accept any level of privacy loss and data buyers can conduct the transaction without regard to the financial budget. In this paper, we propose a practical personal data trading framework that is able to strike a balance between money and privacy. In order to gain insights on user preferences, we first conducted an online survey on human attitude to- ward privacy and interest in personal data trading. Second, we identify the 5 key principles of personal data market, which is important for designing a reasonable trading frame- work and pricing mechanism. Third, we propose a reason- able trading framework for personal data which provides an overview of how the data is traded. Fourth, we propose a balanced pricing mechanism which computes the query price for data buyers and compensation for data owners (whose data are utilized) as a function of their privacy loss. The main goal is to ensure a fair trading for both parties. Finally, we will conduct an experiment to evaluate the output of our proposed pricing mechanism in comparison with other previously proposed mechanism

Private Pareto Optimal Exchange

We consider the problem of implementing an individually rational, asymptotically Pareto optimal allocation in a barter-exchange economy where agents are endowed with goods and have preferences over the goods of others, but may not use money as a medium of exchange. Because one of the most important instantiations of such economies is kidney exchange -- where the "input"to the problem consists of sensitive patient medical records -- we ask to what extent such exchanges can be carried out while providing formal privacy guarantees to the participants. We show that individually rational allocations cannot achieve any non-trivial approximation to Pareto optimality if carried out under the constraint of differential privacy -- or even the relaxation of \emph{joint} differential privacy, under which it is known that asymptotically optimal allocations can be computed in two-sided markets, where there is a distinction between buyers and sellers and we are concerned only with privacy of the buyers~\citep{Matching}. We therefore consider a further relaxation that we call \emph{marginal} differential privacy -- which promises, informally, that the privacy of every agent $i$ is protected from every other agent $j \neq i$ so long as $j$ does not collude or share allocation information with other agents. We show that, under marginal differential privacy, it is possible to compute an individually rational and asymptotically Pareto optimal allocation in such exchange economies

End-to-End Privacy for Open Big Data Markets

The idea of an open data market envisions the creation of a data trading model to facilitate exchange of data between different parties in the Internet of Things (IoT) domain. The data collected by IoT products and solutions are expected to be traded in these markets. Data owners will collect data using IoT products and solutions. Data consumers who are interested will negotiate with the data owners to get access to such data. Data captured by IoT products will allow data consumers to further understand the preferences and behaviours of data owners and to generate additional business value using different techniques ranging from waste reduction to personalized service offerings. In open data markets, data consumers will be able to give back part of the additional value generated to the data owners. However, privacy becomes a significant issue when data that can be used to derive extremely personal information is being traded. This paper discusses why privacy matters in the IoT domain in general and especially in open data markets and surveys existing privacy-preserving strategies and design techniques that can be used to facilitate end to end privacy for open data markets. We also highlight some of the major research challenges that need to be address in order to make the vision of open data markets a reality through ensuring the privacy of stakeholders.Comment: Accepted to be published in IEEE Cloud Computing Magazine: Special Issue Cloud Computing and the La

Electronic government procurement adoption behavior amongst Malaysian SMEs

The aim of this study is to investigate the relationship between a model of electronic procurement (e-procurement) adoption behavior and the level of Government e-procurement adoption amongst Small Medium Enterprise (SME) in Malaysia. Data was collected through questionnaires that were distributed to SME selected randomly in all SME in Malaysia.The data were analyzed using factor analysis, reliability analysis, independent-sample t-test, descriptive statistics, Pearson Correlation and multiple regressions. Regression results reveals that ‘power’, ‘trust’ and ‘value’ have a positive relationship with the level of e-procurement adoption amongst SME in Malaysia.All dimensions, namely; the power of supplier, power of procurement, trust on supplier, trust on information technology, value of implementation system efficiency and value of cost efficiency were also correlated with the level of e-procurement adoption amongst SME. Past studies on e-procurement are beset by problems of buyer-seller relationship perspective.In addition, these studies are skewed towards Government-SME relationship perspective which the Government possesses more power than SME and provide a better incentive to educate and influence SME to adopt e-procurement.In investigation the relationship between a model of e-procurement adoption behavior and the level of Government e-procurement adoption amongst SME in Malaysia, this study also tries to provides recommendation to Malaysian government for improving the level of e-procurement adoption amongst SME

The use of information systems for logistics and supply chain management in South East Europe: Current status and future direction

This research aims to investigate the current status and future direction of the use of information systems for logistics and supply chain management (LSCM) in South East Europe. The objectives are threefold: (1) to identify major challenges and developments on the use of information systems for LSCM by enterprises, (2) to examine the actual level of satisfaction of current policy on LSCM, and (3) to reveal the actual need of enterprises in South East Europe on effective use of information systems for LSCM. Mixed methodology of literature review and questionnaire survey is adopted in this research. Data collected from 79 enterprises are analysed using descriptive analysis in SPSS. The findings suggest that enterprises in Albania, Bulgaria, Greece, Former Yugoslav Republic of Macedonia (FYROM), Romania, and Serbia and Montenegro, face similar challenges but all are in different stages of developments of LSCM. Their use of information systems explains their heavy focus on supply chain partnership and weakness in demand chain partnership. Major findings suggest that companies and governments alike in that region do not seem to be ready for playing a significant and demanding role in global supply chains. Current deficiencies, including limited abilities in building valuable forward relations, weak strategic planning and organisation, and infrastructural problems, are major obstacles for fast development in LSCM. At the same time though, traces of changing mentalities do exist, setting the ground for improved performance and ultimately for a better position in global business

Anonymizing and Trading Person-specific Data with Trust

In the past decade, data privacy, security, and trustworthiness have gained tremendous attention from research communities, and these are still active areas of research with the proliferation of cloud services and social media applications. The data is growing at a rapid pace. It has become an integral part of almost every industry and business, including commercial and non-profit organizations. It often contains person-specific information and a data custodian who holds it must be responsible for managing its use, disclosure, accuracy and privacy protection. In this thesis, we present three research problems. The first two problems address the concerns of stakeholders on privacy protection, data trustworthiness, and profit distribution in the online market for trading person-specific data. The third problem addresses the health information custodians (HICs) concern on privacy-preserving healthcare network data publishing. Our first research problem is identified in cloud-based data integration service where data providers collaborate with their trading partners in order to deliver quality data mining services. Data-as-a-Service (DaaS) enables data integration to serve the demands of data consumers. Data providers face challenges not only to protect private data over the cloud but also to legally adhere to privacy compliance rules when trading person-specific data. We propose a model that allows the collaboration of multiple data providers for integrating their data and derives the contribution of each data provider by valuating the incorporated cost factors. This model serves as a guide for business decision-making, such as estimating the potential privacy risk and finding the sub-optimal value for publishing mashup data. Experiments on real-life data demonstrate that our approach can identify the sub-optimal value in data mashup for different privacy models, including K-anonymity, LKC-privacy, and ϵ-differential privacy, with various anonymization algorithms and privacy parameters. Second, consumers demand a good quality of data for accurate analysis and effective decision- making while the data providers intend to maximize their profits by competing with peer providers. In addition, the data providers or custodians must conform to privacy policies to avoid potential penalties for privacy breaches. To address these challenges, we propose a two-fold solution: (1) we present the first information entropy-based trust computation algorithm, IEB_Trust, that allows a semi-trusted arbitrator to detect the covert behavior of a dishonest data provider and chooses the qualified providers for a data mashup, and (2) we incorporate the Vickrey-Clarke-Groves (VCG) auction mechanism for the valuation of data providers’ attributes into the data mashup process. Experiments on real-life data demonstrate the robustness of our approach in restricting dishonest providers from participation in the data mashup and improving the efficiency in comparison to provenance-based approaches. Furthermore, we derive the monetary shares for the chosen providers from their information utility and trust scores over the differentially private release of the integrated dataset under their joint privacy requirements. Finally, we address the concerns of HICs of exchanging healthcare data to provide better and more timely services while mitigating the risk of exposing patients’ sensitive information to privacy threats. We first model a complex healthcare dataset using a heterogeneous information network that consists of multi-type entities and their relationships. We then propose DiffHetNet, an edge-based differentially private algorithm, to protect the sensitive links of patients from inbound and outbound attacks in the heterogeneous health network. We evaluate the performance of our proposed method in terms of information utility and efficiency on different types of real-life datasets that can be modeled as networks. Experimental results suggest that DiffHetNet generally yields less information loss and is significantly more efficient in terms of runtime in comparison with existing network anonymization methods. Furthermore, DiffHetNet is scalable to large network datasets