Identity principles in the digital age: a closer view

Identity and its management is now an integral part of web-based services and applications. It is also a live political issue that has captured the interest of organisations, businesses and society generally. As identity management systems assume functionally equivalent roles, their significance for privacy cannot be underestimated. The Centre for Democracy and Technology has recently released a draft version of what it regards as key privacy principles for identity management in the digital age. This paper will provide an overview of the key benchmarks identified by the CDT. The focus of this paper is to explore how best the Data Protection legislation can be said to provide a framework which best maintains a proper balance between 'identity' conscious technology and an individual's expectation of privacy to personal and sensitive data. The central argument will be that increased compliance with the key principles is not only appropriate for a distributed privacy environment but will go some way towards creating a space for various stakeholders to reach consensus applicable to existing and new information communication technologies. The conclusion is that securing compliance with the legislation will prove to be the biggest governance challenge. Standard setting and norms will go some way to ease the need for centralised regulatory oversight

Managing Disclosure through Social Media: How Snapchat is Shaking Boundaries of Privacy Perceptions

The rise of online human communication tools commonly referred to as social media apps are changing the dynamics of interpersonal relationships through self-disclosure and privacy management. However, little scholarly research is speaking to the broader role of social media as a method of privacy management in the context of interpersonal relationships. Therefore, this study focuses on Snapchat, a smartphone photo-share app and its influences on privacy management and privacy boundaries centered around the process of building and strengthening relationships through disclosure of private information. Using qualitative interview technique, results from 75 Snapchat users led to the identification and discussion of three categories related to Communication Privacy Management Theory: privacy ownership, privacy control, and privacy turbulence. Finally, this investigation explores and describes a new way in which scholars can view Snapchat through McLuhan’s claim that the medium is the message.

Privacy Self-Management and the Consent Dilemma

The current regulatory approach for protecting privacy involves what I refer to as “privacy self-management” — the law provides people with a set of rights to enable them to decide how to weigh the costs and benefits of the collection, use, or disclosure of their information. People’s consent legitimizes nearly any form of collection, use, and disclosure of personal data. Although privacy self-management is certainly a necessary component of any regulatory regime, I contend in this Article that it is being asked to do work beyond its capabilities. Privacy self-management does not provide meaningful control. Empirical and social science research has undermined key assumptions about how people make decisions regarding their data, assumptions that underpin and legitimize the privacy self-management model. Moreover, people cannot appropriately self-manage their privacy due to a series of structural problems. There are too many entities collecting and using personal data to make it feasible for people to manage their privacy separately with each entity. Moreover, many privacy harms are the result of an aggregation of pieces of data over a period of time by different entities. It is virtually impossible for people to weigh the costs and benefits of revealing information or permitting its use or transfer without an understanding of the potential downstream uses, further limiting the effectiveness of the privacy self-management framework. In addition, privacy self-management addresses privacy in a series of isolated transactions guided by particular individuals. Privacy costs and benefits, however, are more appropriately assessed cumulatively and holistically — not merely at the individual level.In order to advance, privacy law and policy must confront a complex and confounding dilemma with consent. Consent to collection, use, and disclosure of personal data is often not meaningful, and the most apparent solution — paternalistic measures — even more directly denies people the freedom to make consensual choices about their data. In this Article, I propose several ways privacy law can grapple with the consent dilemma and move beyond relying too heavily on privacy self-management

Patient Acceptance of Blockchain for Management of Health Information

Blockchain is touted as an ideal basis for many systems that facilitate management and exchange of health information. However, much is unknown about patient perceptions of blockchain and its use in the healthcare context. This paper reports on the initial findings of a hermeneutic literature review that explores factors affecting patient acceptance of blockchain for managing personal health information. Privacy emerges from this literature as a construct of interest with inconsistent effects on patient perceptions of blockchain. A conceptual framework grounded in Communication Privacy Management (CPM) theory is thus proposed to explain how patients develop privacy rules to govern their personal health information. This framework provides a preliminary understanding of privacy-related factors that may affect patient acceptance of blockchain. Opportunities to expand the findings of this ongoing literature review and further explore attributes of blockchain that affect patients’ privacy rules are discussed

Information Security and Privacy Management in Intelligent Transportation Systems

With the global digitalization of services, passenger Intelligent Transportation Systems (ITSs) have emerged as transformative components, yet the practical implementation of state-of-the-art measures to ensure information security and privacy presents substantial challenges. In this article, we propose a framework for information security and privacy management. The framework is validated through two empirical studies. First, the framework is used to extract data during the literature review defining state-of-the-art aspects and measures. Second, a survey-based analysis of running passenger ITSs in selected regions of the European Union provides insights into real-life ITS implementations, enabling a thorough comparison with the proposed state-of-the-art measures. The study also showed that the proposed framework depicts some dependencies between measures, and, thus, using its matrix structure for the state of information security and privacy management in the organization helps to cross-check the usage of policies or methodologies by the organization departments. Our findings resulted in recommendations for organizations developing ITSs to enhance their information security and privacy management systems and bridge the gap between research proposals and practical implementation

Enhancing Key Digital Literacy Skills: Information Privacy, Information Security, and Copyright/Intellectual Property

Key Messages Background Knowledge and skills in the areas of information security, information privacy, and copyright/intellectual property rights and protection are of key importance for organizational and individual success in an evolving society and labour market in which information is a core resource. Organizations require skilled and knowledgeable professionals who understand risks and responsibilities related to the management of information privacy, information security, and copyright/intellectual property. Professionals with this expertise can assist organizations to ensure that they and their employees meet requirements for the privacy and security of information in their care and control, and in order to ensure that neither the organization nor its employees contravene copyright provisions in their use of information. Failure to meet any of these responsibilities can expose the organization to reputational harm, legal action and/or financial loss. Context Inadequate or inappropriate information management practices of individual employees are at the root of organizational vulnerabilities with respect to information privacy, information security, and information ownership issues. Users demonstrate inadequate skills and knowledge coupled with inappropriate practices in these areas, and similar gaps at the organizational level are also widely documented. National and international regulatory frameworks governing information privacy, information security, and copyright/intellectual property are complex and in constant flux, placing additional burden on organizations to keep abreast of relevant regulatory and legal responsibilities. Governance and risk management related to information privacy, security, and ownership are critical to many job categories, including the emerging areas of information and knowledge management. There is an increasing need for skilled and knowledgeable individuals to fill organizational roles related to information management, with particular growth in these areas within the past 10 years. Our analysis of current job postings in Ontario supports the demand for skills and knowledge in these areas. Key Competencies We have developed a set of key competencies across a range of areas that responds to these needs by providing a blueprint for the training of information managers prepared for leadership and strategic positions. These competencies are identified in the full report. Competency areas include: conceptual foundations risk assessment tools and techniques for threat responses communications contract negotiation and compliance evaluation and assessment human resources management organizational knowledge management planning; policy awareness and compliance policy development project managemen

Emerging privacy challenges and approaches in CAV systems

The growth of Internet-connected devices, Internet-enabled services and Internet of Things systems continues at a rapid pace, and their application to transport systems is heralded as game-changing. Numerous developing CAV (Connected and Autonomous Vehicle) functions, such as traffic planning, optimisation, management, safety-critical and cooperative autonomous driving applications, rely on data from various sources. The efficacy of these functions is highly dependent on the dimensionality, amount and accuracy of the data being shared. It holds, in general, that the greater the amount of data available, the greater the efficacy of the function. However, much of this data is privacy-sensitive, including personal, commercial and research data. Location data and its correlation with identity and temporal data can help infer other personal information, such as home/work locations, age, job, behavioural features, habits, social relationships. This work categorises the emerging privacy challenges and solutions for CAV systems and identifies the knowledge gap for future research, which will minimise and mitigate privacy concerns without hampering the efficacy of the functions