Privacy Level Agreements for Public Administration Information Systems

Improving Public Administration (PA) operations and services is a major focus globally; they should be transparent, accountable and provide services that improve citizens' confidence and trust. In this context, it is important that PAs have the ability to define agreements between citizens and PAs and that such agreements can be used in the context of PAs Information Systems to specify citizens' privacy needs, provide feedback on data sharing and enable PA departments to analyse privacy threats and vulnerabilities, compliance with laws and regulations and analyse trust relationships. We propose the use of the concept of Privacy Level Agreement (PLA) to address the aforementioned issues. The PLA is formally specified, based on an XML schema, which enables its automated use

Integration of situational and reward elements for fair privacy principles and preferences (F3P)

It is widely acknowledged that Information Privacy is subjective in nature and contextually influenced. Individuals value their personal privacy differently with many willing to trade-off of privacy for some form of reward or personal gain. Many of the proposed privacy protection schemes do not give due consideration to the contextual, and more importantly situational influence on privacy. Rather privacy preferences for personal data are configurable for only a limited set of notions that include purpose, recipient, category, and condition. Current solutions offer no, or very limited, support for individual situational privacy preferences. This paper proposes a conceptual framework that allows entities to assign privacy preferences to their personal data items that incorporate situation and reward elements. The solution allows entities to assign trade-off values to their personal data based on the situation and context of the data request. In this manner the data owners set what they perceive as fair privacy practices and preferences for evaluating the worth of their personal data

A Generic Information and Consent Framework for the IoT

The Internet of Things (IoT) raises specific issues in terms of information and consent, which makes the implementation of the General Data Protection Regulation (GDPR) challenging in this context. In this report, we propose a generic framework for information and consent in the IoT which is protective both for data subjects and for data controllers. We present a high level description of the framework, illustrate its generality through several technical solutions and case studies, and sketch a prototype implementation

Evaluating a Reference Architecture for Privacy Level Agreement\u27s Management

With the enforcement of the General Data Protection Regulation and the compliance to specific privacyand security-related principles, the adoption of Privacy by Design and Security by Design principles can be considered as a legal obligation for all organisations keeping EU citizens’ personal data. A formal way to support Data Controllers towards their compliance to the new regulation could be a Privacy Level Agreement (PLA), a mutual agreement of the privacy settings between a Data Controller and a Data Subject, that supports privacy management, by analysing privacy threats, vulnerabilities and Information Systems’ trust relationships. However, the concept of PLA has only been proposed on a theoretical level. In this paper, we propose a novel reference architecture to enable PLA management in practice, and we report on the application and evaluation of PLA management within the context of real-life case studies from two different domains, the public administration and the healthcare, where sensitive data is kept. The results are rather positive, indicating that the adoption of such an agreement promotes the transparency of an organisation while enhances data subjects’ trust

A policy language definition for provenance in pervasive computing

Recent advances in computing technology have led to the paradigm of pervasive computing, which provides a means of simplifying daily life by integrating information processing into the everyday physical world. Pervasive computing draws its power from knowing the surroundings and creates an environment which combines computing and communication capabilities. Sensors that provide high-resolution spatial and instant measurement are most commonly used for forecasting, monitoring and real-time environmental modelling. Sensor data generated by a sensor network depends on several influences, such as the configuration and location of the sensors or the processing performed on the raw measurements. Storing sufficient metadata that gives meaning to the recorded observation is important in order to draw accurate conclusions or to enhance the reliability of the result dataset that uses this automatically collected data. This kind of metadata is called provenance data, as the origin of the data and the process by which it arrived from its origin are recorded. Provenance is still an exploratory field in pervasive computing and many open research questions are yet to emerge. The context information and the different characteristics of the pervasive environment call for different approaches to a provenance support system. This work implements a policy language definition that specifies the collecting model for provenance management systems and addresses the challenges that arise with stream data and sensor environments. The structure graph of the proposed model is mapped to the Open Provenance Model in order to facilitating the sharing of provenance data and interoperability with other systems. As provenance security has been recognized as one of the most important components in any provenance system, an access control language has been developed that is tailored to support the special requirements of provenance: fine-grained polices, privacy policies and preferences. Experimental evaluation findings show a reasonable overhead for provenance collecting and a reasonable time for provenance query performance, while a numerical analysis was used to evaluate the storage overhead

Security Service Model for RFID Enabled Supply Chain

It has been widely recognized that RFID related technologies will greatly improve the visibility, the efficiency and the collaboration of industry supply chain. In this new “product driven“ supply chain scenario, manufacturer, supplier, and third party share and coordinate the use of diverse resources in distributed “virtual organizations”. It challenges the security issues, which demand new technical approaches. In collaboration with researchers in Auto-ID Labs China, we have developed a service-oriented framework based on CA and Web Services, which supports inexpensive mediation of product information among rapidly evolving, heterogeneous information sources. Our architecture defines a user-driven security model that allows users to create entities and policy domains within virtual organizations. We emphasize that standard Web Services tools and software provide both stateless and stateful forms of secured communication

A new conceptual framework within information privacy: Meta privacy

When considering information security and privacy issues most of the attention has previously focussed on data protection and the privacy of personally identifiable information (PII). What is often overlooked is consideration for the operational and transactional data. Specifically, the security and privacy protection of metadata and metastructure information of computing environments has not been factored in to most methods. Metadata, or data about data, can contain many personal details about an entity. It is subject to the same risks and malicious actions personal data is exposed to. This paper presents a new perspective for information security and privacy. It is termed Meta Privacy and is concerned with the protection and privacy of information system metadata and metastructure details. We first present a formal definition for meta privacy, and then analyse the factors that encompass and influence meta privacy. In addition, we recommend some techniques for the protection of meta privacy within the information systems. Further, the paper highlights the importance of ensuring all informational elements of information systems are adequately protected from a privacy perspective

Privacy-preserving recommendations in context-aware mobile environments

© Emerald Publishing Limited. Purpose - This paper aims to address privacy concerns that arise from the use of mobile recommender systems when processing contextual information relating to the user. Mobile recommender systems aim to solve the information overload problem by recommending products or services to users of Web services on mobile devices, such as smartphones or tablets, at any given point in time and in any possible location. They use recommendation methods, such as collaborative filtering or content-based filtering and use aconsiderable amount of contextual information to provide relevant recommendations. However, because of privacy concerns, users are not willing to provide the required personal information that would allow their views to be recorded and make these systems usable. Design/methodology/approach - This work is focused on user privacy by providing a method for context privacy-preservation and privacy protection at user interface level. Thus, a set of algorithms that are part of the method has been designed with privacy protectionin mind, which isdone byusing realistic dummy parameter creation. Todemonstrate the applicability of the method, arelevant context-aware data set has been used to run performance and usability tests. Findings - The proposed method has been experimentally evaluated using performance and usability evaluation tests and is shown that with a small decrease in terms of performance, user privacy can be protected. Originality/value - This is a novel research paper that proposed a method for protecting the privacy of mobile recommender systems users when context parameters are used