Data Behind the Walls An Advanced Architecture for Data Privacy Management

In today's highly connected society, we are constantly asked to provide personal information to retailers, voter surveys, medical professionals, and other data collection efforts. The collected data is stored in large data warehouses. Organisations and statistical agencies share and use this data to facilitate research in public health, economics, sociology, etc. However, this data contains sensitive information about individuals, which can result in identity theft, financial loss, stress and depression, embarrassment, abuse, etc. Therefore, one must ensure rigorous management of individuals' privacy. We propose, an advanced data privacy management architecture composed of three layers. The data management layer consists of de-identification and anonymisation, the access management layer for re-enforcing data access based on the concepts of Role-Based Access Control and the Chinese Wall Security Policy, and the roles layer for regulating different users. The proposed system architecture is validated on healthcare datasets.Comment: 7 page

Counting the costs of crime in Australia: a 2011 estimate

This report estimates the costs of crime for the calendar year 2011. Executive summary This report seeks to estimate how much crime costs the Australian economy by calculating the number of crimes that come to the attention of the authorities and, using crime victimisation survey data, the number of crimes that are not recorded officially. A dollar figure is then calculated for each estimated crime event and an indication given of the total cost of each specific crime type in terms of actual loss, intangible losses, loss of output caused through the criminal conduct and other related costs such as medical expenses, where relevant. Added to these costs are the costs of preventing and responding to crime in the community including the costs of maintaining the criminal justice system agencies of police, prosecution, courts and correctional agencies, as well as a proportion of the costs of Australian and state and territory government agencies that have crime-related functions. Finally, a deduction is made for the value of property recovered in the case of property crime, as well as the amount of funds recovered from criminals under federal, state and territory proceeds of crime legislation. More detailed information about how each of these estimates was derived is provided in the main body of the report. Official attention paid to specific crime types, particularly drug-related crime and organised crime, affects both the reporting rate and also the cost of policing and correctional responses. In this sense, individual crime type costs and prevention and response costs are not mutually exclusive. Arguably, as individual crime types attract more attention, reporting rates increase and prevention and control of the crimes in question are seen as being deserving of increased resource

Risks of identity theft: Can the market protect the payment system?

Identity theft has been a feature of financial markets for as long as alternatives have existed to cash transactions. But identity theft has recently occurred on a much larger scale. Data breaches often involve the apparent loss or acknowledged theft of the personal identifying information of thousands--or millions--of people. ; Identity theft poses risks, not only to individuals, but to the integrity and efficiency of the payment system--the policies, procedures, and technology that transfer information for authenticating and settling payments among participants. Identity theft can cause a loss of confidence in the security of certain payment methods and an unwillingness to use them. Markets can cease operating or switch to less efficient payment methods. Either represents a loss of efficiency for the economy. ; Schreft looks at the nature of identity theft today and the factors underlying its mounting risks. She also explores whether markets are able to limit the risks identity theft poses to the payment system.Identity theft ; Payment systems

The effect of cyber-attacks on stock returns

A widely debated issue in recent years is cybercrime. Breaches in the security of accessibility, integrity and confidentiality of information involve potentially high explicit and implicit costs for firms. This paper investigates the impact of information security breaches on stock returns. Using event-study methodology, the study provides empirical evidence on the effect of announcements of cyber-attacks on the market value of firms from 1995 to 2015. Results show that substantial negative market returns occur following announcements of cyber-attacks. Financial entities often suffer greater negative effects than other companies and non-confidential cyber-attacks are the most dangerous, especially for the financial sector. Overall findings seem to show a link between cybercrime and insider trading

Implementing Privacy Policy: Who Should Do What?

Academic scholarship on privacy has focused on the substantive rules and policies governing the protection of personal data. An extensive literature has debated alternative approaches for defining how private and public institutions can collect and use information about individuals. But, the attention given to the what of U.S. privacy regulation has overshadowed consideration of how and by whom privacy policy should be formulated and implemented. U.S. privacy policy is an amalgam of activity by a myriad of federal, state, and local government agencies. But, the quality of substantive privacy law depends greatly on which agency or agencies are running the show. Unfortunately, such implementation-related matters have been discounted or ignored— with the clear implication that they only need to be addressed after the “real” work of developing substantive privacy rules is completed. As things stand, the development and implementation of U.S. privacy policy is compromised by the murky allocation of responsibilities and authority among federal, state, and local governmental entities—compounded by the inevitable tensions associated with the large number of entities that are active in this regulatory space. These deficiencies have had major adverse consequences, both domestically and internationally. Without substantial upgrades of institutions and infrastructure, privacy law and policy will continue to fall short of what it could (and should) achieve

Legislative responses to data breaches and information security failures

On July 23, 2008, the Payment Cards Center of the Federal Reserve Bank of Philadelphia hosted a workshop to discuss federal and state legislative responses to data breaches. The workshop addressed several laws and legislative initiatives designed to create greater safeguards for personal consumer information frequently targeted by data thieves and often subject to the failures of information security protocols. Diane Slifer, J.D., M.B.A., who has frequently presented at forums on data security and has represented clients in matters related to data breaches, led the workshop. Slifer examined several highly publicized data breaches and explained how various laws and regulations have been put in place in order to protect and inform consumers whose personal information has been compromised. Additionally, she discussed several legislative initiatives designed to potentially create a more structured and secure environment for private consumer data overall. This paper summarizes Slifer's presentation, the ensuing discussion, and additional Payment Cards Center research. In addition, it offers a brief overview of recent data breaches, a description of various ways that federal and state laws operate, and some thoughts on how effective these laws and regulations have been.Payment systems ; Identity theft ; Fraud ; Law and legislation

The Accounting Industry in the Age of Globalization and Offshore Outsourcing

The phenomenon of outsourcing has engulfed the accounting industry and offers a wide range of services from bookkeeping, accounts payable, debt collection, invoicing, to tax return preparation. As companies become more comfortable with the services provided by outsourcing facilitators, the level of outsourcing in the accounting industry will increase to allow U.S. firms to focus on higher margin services and meet client demands in more technical areas of tax, estate, and retirement planning. This research uses a survey to collect primary data focusing on three areas, namely outsourcing drivers, concerns stakeholders have about outsourcing, and the perspectives about the offshorability of specific functions. The study concludes that firms that are engaging in outsourcing activities realize benefits in and ease their perceptions about doing so. Firms who outsource have been able to cut costs and increase staff. These same firms also are less concerned about most of the issues (privacy, client relationships, etc.) which may be as a result of their positive experience with outsourcing activities. Furthermore, these firms also have a higher confidence about the outsourecability of most of the functions in the accounting industry. The study further presents policy implications to all stakeholders in the accounting industry: students, professors, accounting professionals and firms, regulatory bodies, and politicians

Can smart cards reduce payments fraud and identity theft?

In the United States, when a consumer presents a payment to a merchant, the merchant typically makes a request for authorization before accepting the payment. Personal information, such as an account number, address, or telephone number, are often enough to initiate a payment. A serious weakness of this system is that criminals who obtain the correct personal information can impersonate an honest consumer and commit payments fraud. ; A key to improving security-and reducing payments fraud-might be payment smart cards. Payment smart cards have an embedded computer chip that encrypts messages to aid authorization. If properly configured, payment smart cards could provide direct benefits to consumers, merchants, banks, and others. These groups would be less vulnerable to the effects of fraud and the cost of fraud prevention would fall. Smart cards could also provide indirect benefits to society by allowing a more efficient payment system. Smart cards have already been adopted in other countries, allowing a more secure payments process and a more efficient payments system. ; Sullivan explores why smart cards have the potential to provide strong payment authorization and thus put a substantial dent into the problems of payments fraud and identity theft. But adopting smart cards in the United States faces some significant challenges. First, the industry must adopt payment smart cards and their new security standards. Second, card issuers and others in the payments industry must agree on the specific forms of security protocols used in smart cards. In both steps the industry must overcome market incentives that can impede the adoption of payment smart cards or limit the strength of their security.

The Benefits and Costs of Online Privacy Legislation

Many people are concerned that information about their private life is more readily available and more easily captured on the Internet as compared to offline technologies. Specific concerns include unwanted email, credit card fraud, identity theft, and harassment. This paper analyzes key issues surrounding the protection of online privacy. It makes three important contributions: First, it provides the most comprehensive assessment to date of the estimated benefits and costs of regulating online privacy. Second, it provides the most comprehensive evaluation of legislation and legislative proposals in the U.S. aimed at protecting online privacy. Finally, it offers some policy prescriptions for the regulation of online privacy and suggests areas for future research. After analyzing the current debate on online privacy and assessing the potential costs and benefits of proposed regulations, our specific recommendations concerning the government's involvement in protecting online privacy include the following: The government should fund research that evaluates the effectiveness of existing privacy legislation before considering new regulations. The government should not generally regulate matters of privacy differently based on whether an issue arises online or offline. The government should not require a Web site to provide notification of its privacy policy because the vast majority of commercial U.S.-based Web sites already do so. The government should distinguish between how it regulates the use and dissemination of highly sensitive information, such as certain health records or Social Security numbers, versus more general information, such as consumer name and purchasing habits. The government should not require companies to provide consumers broad access to the personal information that is collected online for marketing purposes because the benefits do not appear to be significant and the costs could be quite high. The government should make it easier for the public to obtain information on online privacy and the tools available for consumers to protect their own privacy. The message of this paper is not that online privacy should be unregulated, but rather that policy makers should think through their options carefully, weighing the likely costs and benefits of each proposal.

Imprisoned mothers in Victorian England, 1853–1900: Motherhood, identity and the convict prison

This article explores the experiences of imprisoned mothers in the Victorian convict prison system. It argues that motherhood, of central importance to the ideals of Victorian femininity, was disrupted and fractured by women's long-term imprisonment. Using 'whole life' history methodology, the paper draws on research into 288 women imprisoned and then released from the prison system, of whom half were mothers. It illuminates how the long term prison system dealt with pregnancy, childbirth and family contact for female prisoners. It argues that whilst institutional or state care was often an inevitable consequence for children of single or widowed mothers, women used their limited resources and agency to assert their identity as mothers and direct outcomes for their children. But for others, prolific offending and multiple long sentences would render any chance of motherhood impossible