PRIVACY-BY-DESIGN THROUGH SYSTEMATIC PRIVACY IMPACT ASSESSMENT - A DESIGN SCIENCE APPROACH

A major problem for companies that develop and operate IT applications that process personal data of customers and employees is to ensure the protection of this data and to prevent privacy breaches. Failure to adequately address this problem can result in considerable reputational and financial damages for the company as well as for affected data subjects. We address this problem by proposing a methodology to systematically consider privacy issues in a step-by-step privacy impact assessment (so called ?PIA?). Existing PIA approaches lack easy applicability because they are either insufficiently structured or imprecise and lengthy. We argue that employing the PIA proposed in this article, companies will be enabled to realise a ?privacy-by-design? as it is now widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications

Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.Comment: Tp appear in the CCNC 2019 Conferenc

Use of nonintrusive sensor-based information and communication technology for real-world evidence for clinical trials in dementia

Cognitive function is an important end point of treatments in dementia clinical trials. Measuring cognitive function by standardized tests, however, is biased toward highly constrained environments (such as hospitals) in selected samples. Patient-powered real-world evidence using information and communication technology devices, including environmental and wearable sensors, may help to overcome these limitations. This position paper describes current and novel information and communication technology devices and algorithms to monitor behavior and function in people with prodromal and manifest stages of dementia continuously, and discusses clinical, technological, ethical, regulatory, and user-centered requirements for collecting real-world evidence in future randomized controlled trials. Challenges of data safety, quality, and privacy and regulatory requirements need to be addressed by future smart sensor technologies. When these requirements are satisfied, these technologies will provide access to truly user relevant outcomes and broader cohorts of participants than currently sampled in clinical trials

Developing educational materials about risks on social network sites: a design based research approach

Nearly all of today’s Western teenagers have a profile on a social network site (SNS). As many risks have been reported, researchers and governments have emphasized the role of school education to teach teenagers how to deal safely with SNSs. However, little is known about the specific characteristics which would make interventions effective. Therefore, the overall objective of this research aims to propose a list of validated theoretical design principles for future development of educational materials about risks on SNSs. This research goal was pursued through a design-based research procedure. Thereby targeting teenagers of secondary education in 8 separate studies, the different steps of the design-based research procedure have iteratively been completed. Firstly, a problem analysis was executed through 3 explorative studies, including an observational study, a theoretical evaluation of existing materials and a survey study. Secondly, initial solutions were developed and evaluated in practice through 5 quasi-experimental intervention studies. Thirdly, we reflected upon all the previous results to produce design principles. Finally, we conclude with an analysis of the design-based research methodology

Fall Prediction and Prevention Systems: Recent Trends, Challenges, and Future Research Directions.

Fall prediction is a multifaceted problem that involves complex interactions between physiological, behavioral, and environmental factors. Existing fall detection and prediction systems mainly focus on physiological factors such as gait, vision, and cognition, and do not address the multifactorial nature of falls. In addition, these systems lack efficient user interfaces and feedback for preventing future falls. Recent advances in internet of things (IoT) and mobile technologies offer ample opportunities for integrating contextual information about patient behavior and environment along with physiological health data for predicting falls. This article reviews the state-of-the-art in fall detection and prediction systems. It also describes the challenges, limitations, and future directions in the design and implementation of effective fall prediction and prevention systems

The design of caring environments and the quality of life of older people

There has been little systematic research into the design of care environments for older people. This article reviews empirical studies from both the architectural and the psychological literature. It outlines the instruments that are currently available for measuring both the environment and the quality of life of older people, and it summarises the evidence on the layout of buildings, the sensory environment and the privacy of residents. The conclusion is drawn that all evidence-based design must be a compromise or dynamic and, as demands on the caring environment change over time, this compromise must be re-visited in the form of post-occupancy evaluation

Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such

Information and communication technology solutions for outdoor navigation in dementia

INTRODUCTION: Information and communication technology (ICT) is potentially mature enough to empower outdoor and social activities in dementia. However, actual ICT-based devices have limited functionality and impact, mainly limited to safety. What is an ideal operational framework to enhance this field to support outdoor and social activities? METHODS: Review of literature and cross-disciplinary expert discussion. RESULTS: A situation-aware ICT requires a flexible fine-tuning by stakeholders of system usability and complexity of function, and of user safety and autonomy. It should operate by artificial intelligence/machine learning and should reflect harmonized stakeholder values, social context, and user residual cognitive functions. ICT services should be proposed at the prodromal stage of dementia and should be carefully validated within the life space of users in terms of quality of life, social activities, and costs. DISCUSSION: The operational framework has the potential to produce ICT and services with high clinical impact but requires substantial investment

E-democracy and values in information systems design

In this paper I demonstrate the utility of a Values in Design (VID) perspective for the assessment, the design and development of e-democracy tools. In the first part, I give some background information on Values in Design and Value-Sensitive Design and their relevance in the context of e-democracy. In part 2, I analyze three different e-democracy tools from a VID-perspective. The paper ends with some conclusions concerning the merits of VID for e-democracy as well as some considerations concerning the dual tasks of philosophers in assessing and promoting value-sensitive technology design