Privacy Violation and Detection Using Pattern Mining Techniques

Privacy, its violations and techniques to bypass privacy violation have grabbed the centre-stage of both academia and industry in recent months. Corporations worldwide have become conscious of the implications of privacy violation and its impact on them and to other stakeholders. Moreover, nations across the world are coming out with privacy protecting legislations to prevent data privacy violations. Such legislations however expose organizations to the issues of intentional or unintentional violation of privacy data. A violation by either malicious external hackers or by internal employees can expose the organizations to costly litigations. In this paper, we propose PRIVDAM; a data mining based intelligent architecture of a Privacy Violation Detection and Monitoring system whose purpose is to detect possible privacy violations and to prevent them in the future. Experimental evaluations show that our approach is scalable and robust and that it can detect privacy violations or chances of violations quite accurately. Please contact the author for full text at [email protected]

The Impact of Opt-In Privacy Rules on Retail Credit Markets: A Case Study of MBNA

U. S. privacy laws are increasingly moving from a presumption that consumers must object to ( opt out of) uses of personal data they wish to prohibit to a requirement that they must explicitly consent ( opt in ) to uses they wish to permit. Despite the growing reliance on opt-in rules, there has been little empirical research on their costs. This Article examines the impact of opt-in on MBNA Corporation, a diversified, multinational financial institution. The authors demonstrate that opt-in would raise account acquisition costs and lower profits, reduce the supply of credit and raise credit card prices, generate more offers to uninterested or unqualified consumers, raise the number of missed opportunities for qualified consumers, and impair efforts to prevent fraud. These costs would be incurred despite the fact that as of the end of 2000, only about two percent of MBNA\u27s customers had taken advantage of existing voluntary opportunities to opt out of receiving MBNA\u27s direct mail marketing offers. If Congress were to adopt opt-in laws applicable to financial information, the impact across the economy on consumers and businesses would be significant

Risky business: managing electronic payments in the 21st Century

On June 20 and 21, 2005, the Payment Cards Center of the Federal Reserve Bank of Philadelphia, in conjunction with the Electronic Funds Transfer Association (EFTA), hosted a day-and-a-half forum, “Risky Business: Managing Electronic Payments in the 21st Century.” The Center and EFTA invited participants from the financial services and processing sectors, law enforcement, academia, and policymakers to explore key topics associated with the challenge of effectively managing risk in a payments environment that is increasingly electronic. The meeting’s goal was to identify areas of potential risk and explore interindustry solutions. This paper provides highlights from the forum presentations and ensuing conversations.

Balancing Costs and Benefits of New Privacy Mandates

Technological innovations that allow businesses unprecedented access to personal financial and medical records have prompted widespread calls for safeguards and increased security. In his working paper, "Balancing the Costs and Benefits of New Privacy Mandates,"Robert E. Litan, codirector of the AEI-Brookings Joint Center for Regulatory Studies, asserts that some safeguards may be necessary. But he cautions against over-regulation that could ultimately inconvenience consumers or inflate prices. In particular, Litan urges Congress to pass a limited, but comprehensive, federal statute that would require companies - whether doing business on or off the Internet - to notify consumers how information collected about them will be used and to afford them an opportunity to "opt out" of having their data shared with other parties for marketing purposes. Litan favors an even stricter regime for medical information, which is especially sensitive, and should not in his view be shared with affiliates or outsiders without consumers' explicit consent. Litan opposes, however, more far-reaching restrictions on the sharing of personal information, arguing that the costs would outweigh the benefits. A relatively unfettered flow of information allows investigators to root out fraud, increases competition that saves consumers money, and can result in people receiving product information tailored to their interests and financial status. Litan concludes that a limited notice and opt-out requirement would be in the self-interest of business, which would enhance customer trust, and thus would produce benefits in excess of the small costs involved.

Reducing Internal Theft and Loss in Small Businesses

Every year, several documented data breaches happen in the United States, resulting in the exposure of millions of electronic records. The purpose of this single-case study was to explore strategies some information technology managers used to monitor employees and reduce internal theft and loss. The population for this study consisted of 5 information technology managers who work within the field of technology in the southwestern region of the United States. Participants were selected using purposeful sampling. The conceptual framework for this study included elements from information and communication boundary theories. Data were collected from semistructured interviews, company standard operating procedures, and policy memorandums, which provided detailed information about technology managers\u27 experiences with data security. The collected data were transcribed, member checked, and triangulated to validate credibility and trustworthiness. Two themes emerged from data analysis: the development of policies, procedures, and standards on internal theft and loss, and the use of technology-driven systems to monitor employees and control theft and loss. Technology-based interventions allow leaders within an organization to protect the integrity of systems and networks while monitoring employee actions and behaviors. Study findings could be used by leaders of business organizations to identify and respond to theft and fraud in the workplace. Business leaders may also be able to use study findings to develop employee monitoring programs that help to prevent the loss of both organizational and customers\u27 data, enhancing public trust as a potential implication for positive social change

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions