The future of social is personal: the potential of the personal data store

This chapter argues that technical architectures that facilitate the longitudinal, decentralised and individual-centric personal collection and curation of data will be an important, but partial, response to the pressing problem of the autonomy of the data subject, and the asymmetry of power between the subject and large scale service providers/data consumers. Towards framing the scope and role of such Personal Data Stores (PDSes), the legalistic notion of personal data is examined, and it is argued that a more inclusive, intuitive notion expresses more accurately what individuals require in order to preserve their autonomy in a data-driven world of large aggregators. Six challenges towards realising the PDS vision are set out: the requirement to store data for long periods; the difficulties of managing data for individuals; the need to reconsider the regulatory basis for third-party access to data; the need to comply with international data handling standards; the need to integrate privacy-enhancing technologies; and the need to future-proof data gathering against the evolution of social norms. The open experimental PDS platform INDX is introduced and described, as a means of beginning to address at least some of these six challenges

How to Develop a GDPR-Compliant Blockchain Solution for Cross-Organizational Workflow Management: Evidence from the German Asylum Procedure

Blockchain technology has the potential to resolve trust concerns in cross-organizational workflows and to reduce reliance on paper-based documents as trust anchors. Although these prospects are real, so is regulatory uncertainty. In particular, the reconciliation of blockchain with Europe’s General Data Protection Regulation (GDPR) is proving to be a significant challenge. We tackled this challenge with the German Federal Office for Migration and Refugees. Here, we explain how we used Action Research to guide the Federal Office in creating a GDPR-compliant blockchain solution for the German asylum procedure. Moreover, we explain the architecture of the Federal Office’s solution and present two design principles for developing GDPR-compliant blockchain solutions for cross-organizational workflow management

Understanding Deleted File Decay on Removable Media using Differential Analysis

Digital content created by picture recording devices is often stored internally on the source device, on either embedded or removable media. Such storage media is typically limited in capacity and meant primarily for interim storage of the most recent image files, and these devices are frequently configured to delete older files as necessary to make room for new files. When investigations involve such devices and media, it is sometimes these older deleted files that would be of interest. It is an established fact that deleted file content may persist in part or in its entirety after deletion, and identifying the nature of file fragments on digital media has been an active research area for years. However, very little research has been conducted to understand how and why deleted file content persists (or decays) on different media and under different circumstances. The research reported here builds upon prior work establishing a methodology for the study of deleted file decay generally, and the application of that methodology to the decay of deleted files on traditional computing systems with spinning magnetic disks. In this current work, we study the decay of deleted image files on a digital camera with removable SD card storage, and we conduct preliminary experiments for direct SD card and USB storage. Our results indicate that deleted file decay is affected by the size of both the deleted and overwriting files, overwrite frequency, sector size, and cluster size. These results have implications for digital forensic investigators seeking to recover and interpret file fragments

Video Surveillance and the GDPR

Purpose – to present some recommendations that would help organizations to compliance video surveillance under GDPR. Design/methodology/approach – analysis and synthesis of scientific literature and legal documents, generalization. Finding – after analyzing the theoretical aspects of video surveillance compliance under GDPR, there were introduced the main recommendations that would reduce the risk of GDPR noncompliance. Research limitations/implications – The main limitation of this study is that the research is based on scientific literature review. Practical implications – the present research allows to identify the challenges of GDPR implementation for video surveillance. Originality/Value – On May 25, 2018, the General Data Protection Regulation or GDPR officially took effect, requiring better protection of personal data across the EU region. In this regard, making video surveillance GDPR compliant has become critical

Ensuring data confidentiality via plausibly deniable encryption and secure deletion – a survey

Ensuring confidentiality of sensitive data is of paramount importance, since data leakage may not only endanger dataowners’ privacy, but also ruin reputation of businesses as well as violate various regulations like HIPPA andSarbanes-Oxley Act. To provide confidentiality guarantee, the data should be protected when they are preserved inthe personal computing devices (i.e.,confidentiality duringtheirlifetime); and also, they should be rendered irrecoverableafter they are removed from the devices (i.e.,confidentiality after their lifetime). Encryption and secure deletion are usedto ensure data confidentiality during and after their lifetime, respectively.This work aims to perform a thorough literature review on the techniques being used to protect confidentiality of thedata in personal computing devices, including both encryption and secure deletion. Especially for encryption, wemainly focus on the novel plausibly deniable encryption (PDE), which can ensure data confidentiality against both acoercive (i.e., the attacker can coerce the data owner for the decryption key) and a non-coercive attacker

Practicing CPA, vol. 31 no. 1, January 2007

https://egrove.olemiss.edu/aicpa_news/2795/thumbnail.jp