Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA

Increased concern about data privacy has prompted new and updated data protection regulations worldwide. However, there has been no rigorous way to test whether the practices mandated by these regulations actually align with the privacy norms of affected populations. Here, we demonstrate that surveys based on the theory of contextual integrity provide a quantifiable and scalable method for measuring the conformity of specific regulatory provisions to privacy norms. We apply this method to the U.S. Children's Online Privacy Protection Act (COPPA), surveying 195 parents and providing the first data that COPPA's mandates generally align with parents' privacy expectations for Internet-connected "smart" children's toys. Nevertheless, variations in the acceptability of data collection across specific smart toys, information types, parent ages, and other conditions emphasize the importance of detailed contextual factors to privacy norms, which may not be adequately captured by COPPA.Comment: 18 pages, 1 table, 4 figures, 2 appendice

Knowledge Management and Sustainable Agriculture:the Italian Case

The contemporary knowledge-based economy requires global usage of information in all aspects of modern society. Pertinent information is an important asset for successful business, therefore an application of knowledge management in organisational practice has become a crucial factor for the viability and sustainable development of enterprises. This is particularly relevant for the agricultural context, which needs modern practices for enhancement and development. However, information and knowledge, due to their intangible character, seem difficult to manage and organize. Therefore the paper targeted at developing sustainable organizational model of knowledge management for small and medium enterprises. Italian agriculture is considered as a context for this study, and knowledge management was offered as a tool for facilitating agricultural performance and increasing competitiveness of agricultural sector. A wide concept of knowledge management and specified agricultural context require a theory-based approach to research and a survey. Thus, the research methodology includes the next four parts. The first one contains literature review and examines definitions, strategies, approaches and models of sustainable knowledge management. The second part includes content analysis of 105 scientific publications. The third part of methodology is based on the results of the two previous parts and includes creating the model of knowledge management. Verification of this model is the last part of the research. Verification was executed through on-line questionnaire distributed to Italian agricultural enterprises throughout the country on their intentions and awareness towards knowledge management and developed model of knowledge management. The results of the survey have demonstrated farmer’s incentives to implement the developed knowledge management model with flexible approach in its organisation

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance

Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem

Knowledge management as a key stone of sustainable welfare in the Italian rural areas

Sustainable well-being in the rural areas directly depends on their sustainable development. However, sustainable management in contemporary agriculture does not come easy for farmers due to different challenges and quality standards. To meet these challenges and to achieve sustainable development, the agricultural enterprises need an informational support. Therefore this article offers knowledge management as a tool for facilitating agricultural performance and enhancing quality of rural life.Practical application of knowledge management is quite complicated due to its intangible characteristics. Hence, the paper is targeted at developing sustainable organizational model of knowledge management affordable for small and medium enterprises. This model was created after content-analysis of the literature and was verified through an executed survey. The Italian agriculture was considered as a context for this study

ERP implementation methodologies and frameworks: a literature review

Enterprise Resource Planning (ERP) implementation is a complex and vibrant process, one that involves a combination of technological and organizational interactions. Often an ERP implementation project is the single largest IT project that an organization has ever launched and requires a mutual fit of system and organization. Also the concept of an ERP implementation supporting business processes across many different departments is not a generic, rigid and uniform concept and depends on variety of factors. As a result, the issues addressing the ERP implementation process have been one of the major concerns in industry. Therefore ERP implementation receives attention from practitioners and scholars and both, business as well as academic literature is abundant and not always very conclusive or coherent. However, research on ERP systems so far has been mainly focused on diffusion, use and impact issues. Less attention has been given to the methods used during the configuration and the implementation of ERP systems, even though they are commonly used in practice, they still remain largely unexplored and undocumented in Information Systems research. So, the academic relevance of this research is the contribution to the existing body of scientific knowledge. An annotated brief literature review is done in order to evaluate the current state of the existing academic literature. The purpose is to present a systematic overview of relevant ERP implementation methodologies and frameworks as a desire for achieving a better taxonomy of ERP implementation methodologies. This paper is useful to researchers who are interested in ERP implementation methodologies and frameworks. Results will serve as an input for a classification of the existing ERP implementation methodologies and frameworks. Also, this paper aims also at the professional ERP community involved in the process of ERP implementation by promoting a better understanding of ERP implementation methodologies and frameworks, its variety and history

Lex Informatica: The Formulation of Information Policy Rules through Technology

Historically, law and government regulation have established default rules for information policy, including constitutional rules on freedom of expression and statutory rights of ownership of information. This Article will show that for network environments and the Information Society, however, law and government regulation are not the only source of rule-making. Technological capabilities and system design choices impose rules on participants. The creation and implementation of information policy are embedded in network designs and standards as well as in system configurations. Even user preferences and technical choices create overarching, local default rules. This Article argues, in essence, that the set of rules for information flows imposed by technology and communication networks form a “Lex Informatica” that policymakers must understand, consciously recognize, and encourage

Knowledge sharing and information security: a paradox?

This paper presents the findings of a knowledge sharing and information security literature review and identifies an interesting research gap in the intersection of the two practices. In a fast changing environment where there is increasing need to understand customers’ demands and competitors’ strategies (Lin et al, 2012), knowledge sharing is recognised as an essential activity for organisational success (Wasko and Faraj, 2005; Renzl, 2008). Organisations continuously aim to exploit existing knowledge, seek new ways to improve and increase knowledge sharing activities, as well as to identify and reduce possible knowledge sharing barriers. However, albeit the integral role and benefits of knowledge sharing having been widely recognised, the security or protection of knowledge has not received the same level of attention. Although the importance of protecting knowledge has been stressed by some researchers (e.g. Gold et al, 2001; Desouza and Awazu, 2004; Desouza 2006; Ryan, 2006), research into the ‘softer’ or the human behaviour aspects of knowledge protection is scarce. Information security is another field that has grown tremendously and is now a globally recognised discipline (Gifford, 2009) receiving attention from academics and practitioners (Wiant, 2005). Information security measures aim to prevent the loss or leakage of an organisation’s valuable information and manage the resulting cost of any loss. Despite organisations’ investments in prevention measures, information security breaches are still common where humans are often seen as the weakest link and ‘incorrect’ human behaviour as the most common point of failure. However, much of the research carried out to prevent information security breaches focuses on technical facets (Gordon and Loeb, 2006; Coles-Kemp, 2009). From the literature review, it is evident that knowledge sharing and information security have become well-established concepts in academia and within organisations. However, the middle ground between these two equally important, and adjacent, practices, has received inadequate attention. Knowledge sharing aims to encourage individuals to share knowledge with colleagues, organisational partners and suppliers; on the other hand, information security initiatives aim to apply controls and restrictions to the knowledge that can be shared and how it is shared. This paper draws attention to the perceived paradoxical nature of knowledge sharing and information security and raises awareness of the potential conflict that could compromise the protection of knowledge, or alternatively, reduce the openness of knowledge sharing

What does it take for an R&D tax incentive policy to be effective?

While in 1996, 12 OECD countries offered R&D tax incentives, in 2008 this number increased to 21. Most countries have opted for level-based instead of incremental R&D tax incentives. This paper takes a critical look at how the effectiveness of R&D tax incentives has been assessed in recent evaluations. Whether based on structural models estimating a price elasticity of R&D or on treatment evaluation methods, most studies estimate the cost effectiveness ratio or additionality. If the cost effectiveness ratio is greater than 1, or firms to more R&D than before, the policy is considered to be effective. A more proper net welfare evaluation of this policy should also include administration, compliance and transfer costs, the marginal burden of taxation, as well R&D externalities and the indirect effects on innovation and productivity. The net welfare gain is shown to be sensitive to a certain number of parameters that are not always estimated with great precision. In particular, the transfer cost or deadweight loss associated with level-based tax incentives is shown to depend on the size of the firm, or more precisely its ex-ante R&D level. We report on the success of a past policy changes in the Netherlands and simulate the effect of various parameter changes in the existing Dutch R&D tax incentive scheme. We show that introducing marginal changes in the schemes's parameters has little impact of increased R&D spending. The policy is more effective for small firms than for large firms. We end with a discussion of the pros and cons of level-based versus incremental R&D tax incentives.R&D tax credits, R&D, tax credits, policy evaluation, cost-benefit analysis