Data privacy by design: digital infrastructures for clinical collaborations

The clinical sciences have arguably the most stringent security demands on the adoption and roll-out of collaborative e-Infrastructure solutions such as those based upon Grid-based middleware. Experiences from the Medical Research Council (MRC) funded Virtual Organisations for Trials and Epidemiological Studies (VOTES) project and numerous other real world security driven projects at the UK e-Science National e-Science Centre (NeSC – www.nesc.ac.uk) have shown that whilst advanced Grid security and middleware solutions now offer capabilities to address many of the distributed data and security challenges in the clinical domain, the real clinical world as typified by organizations such as the National Health Service (NHS) in the UK are extremely wary of adoption of such technologies: firewalls; ethics; information governance, software validation, and the actual realities of existing infrastructures need to be considered from the outset. Based on these experiences we present a novel data linkage and anonymisation infrastructure that has been developed with close co-operation of the various stakeholders in the clinical domain (including the NHS) that addresses their concerns and satisfies the needs of the academic clinical research community. We demonstrate the implementation of this infrastructure through a representative clinical study on chronic diseases in Scotland

The Challenges of Privacy by Design

Heralded by regulators, Privacy by Design holds the promise to solve the digital world's privacy problems. But there are immense challenges, including management commitment and step-by-step methods to integrate privacy into systems

A privacy by design approach to lifelogging

Technologies that enable us to capture and publish data with ease are likely to pose new concerns about privacy of the individual. In this article we exam- ine the privacy implications of lifelogging, a new concept being explored by early adopters, which utilises wearable devices to generate a media rich archive of their life experience. The concept of privacy and the privacy implications of lifelogging are presented and discussed in terms of the four key actors in the lifelogging uni- verse. An initial privacy-aware lifelogging framework, based on the key principles of privacy by design is presented and motivated

Privacy-by-design rules in face recognition system

In this paper, we develop a face recognition system based on softcomputing techniques, which complies with privacy-by-design rules and defines a set of principles that are context-aware applications (including biometric sensors) and should contain to conform to European and US law. This paper deals with the necessity to consider legal issues concerning privacy or human rights in the development of biometric identification in ambient intelligence systems. Clearly, context-based services and ambient intelligence (and the most promising research area in Europe, namely ambient assisted living, ALL) call for a major research effort on new identification procedures.This work was supported in part by Projects CICYT TIN 2011-28620-C02-01, CICYT TEC2011-28626-C02-02, CAM CONTEXTS (S2009/TIC-1485) and DPS2008-07029-C02-02.Publicad

Implementing Privacy by Design through Privacy Impact Assessments

Privacy has come a long way from being a fundamental physical right to being implemented as virtual online privacy under GDPR. Recent privacy breaches around the world have highlighted the role of the design of information systems in protecting the privacy of individuals online. GDPR envisions to achieve this through Privacy by Design (PbD) in business and technological systems. Privacy by Design is the law regulating the architecture of information systems through its code and organizational measures to facilitate usercentric privacy. It is relatively a new concept initially developed by Ann Cavoukian along with PbD Principles. The principles themselves do not ensure the holistic implementation of the PbD process. What is lacking in the current model of PbD is an implementation mechanism to operationalize the PbD as a process. This study builds upon the model suggested by Kroener and Wright to operationalize PbD through a dual approach: a set of principles (PbD Principles) and a process (PIAs). Firstly, this study starts an informed discussion on PbD and its robust theoretical basis under Lessig's Theory of Regulation. Secondly, it proposes to address the lack of operationalization by using Privacy Impact Assessments (PIAs) as a tool to conduct the PbD process. It brings together the two concepts and shows how PbD, as a process, can be better performed if complemented with PIAs. Lastly, it develops a framework for such a PbD process and constructs a lifecycle model to address the gaps in its operationalization. It demonstrates the feasibility of the developed PbD operationalization model by applying it to an existing information system: the Föli Mobile Application

Privacy by Design: Taking Ctrl of Big Data

The concept of Privacy by Design is rooted in systems engineering. Yet, it is the legal framework of global privacy that gives new color to this concept as applied to Big Data. Increasingly, the long arm of the law is reaching into Big Data, but it is not simply by matter of regulatory enforcement or civil legal developments that Privacy by Design (PbD) is being thrust into the spotlight once more. Given that Big Data is considered miniscule in contrast to future data environments, PbD is simply the right thing to do. This paper aims to explore the origin of PbD, the current and future state of Big Data and regulatory enforcement, and the methodology of PbD applied to Big Data. As a cornerstone of organizational culture, PbD is a concept that allows organizations of any size to embrace the privacy interests of the data they collect, store, and use at the forefront of their approach

Privacy by Design: Taking Ctrl of Big Data

The concept of Privacy by Design is rooted in systems engineering. Yet, it is the legal framework of global privacy that gives new color to this concept as applied to Big Data. Increasingly, the long arm of the law is reaching into Big Data, but it is not simply by matter of regulatory enforcement or civil legal developments that Privacy by Design (PbD) is being thrust into the spotlight once more. Given that Big Data is considered miniscule in contrast to future data environments, PbD is simply the right thing to do. This paper aims to explore the origin of PbD, the current and future state of Big Data and regulatory enforcement, and the methodology of PbD applied to Big Data. As a cornerstone of organizational culture, PbD is a concept that allows organizations of any size to embrace the privacy interests of the data they collect, store, and use at the forefront of their approach

GDPR's privacy by design and default: altered perspectives

The General Data Protection Regulation (GDPR) has initiated a reshaping of the information landscape and perspectives on privacy. At the heart of GDPR is a requirement to plan and document privacy processes from the outset – privacy by design and fault. As such, GDPR has reframed organizational approaches to information management and risk. However, there are difficult balances to be struck and these are perhaps now erring too far in favour of data security in part delivered through data minimimsation/destruction. In contrast the need for data retention responsibilities has perhaps been given less weight. The legislation actively enables retention for a range of data purposes including archiving in the public interest. This paper will discuss data balance and the highlights and lowlights of GDPR taking into account archival considerations