PRIVACY-BY-DESIGN THROUGH SYSTEMATIC PRIVACY IMPACT ASSESSMENT - A DESIGN SCIENCE APPROACH

A major problem for companies that develop and operate IT applications that process personal data of customers and employees is to ensure the protection of this data and to prevent privacy breaches. Failure to adequately address this problem can result in considerable reputational and financial damages for the company as well as for affected data subjects. We address this problem by proposing a methodology to systematically consider privacy issues in a step-by-step privacy impact assessment (so called ?PIA?). Existing PIA approaches lack easy applicability because they are either insufficiently structured or imprecise and lengthy. We argue that employing the PIA proposed in this article, companies will be enabled to realise a ?privacy-by-design? as it is now widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications

Differentiating Privacy and Security: A Content Analysis of B2C Websites

Privacy and security are important topics in research and business. This work on one hand offers a way to differentiate thesetwo topics and provides information about different privacy regulations already existing in Europe and the US. We clarifydefinitions of information privacy and state that privacy and security are not the same, although most companies do notdifferentiate. A content analysis conducted in 2008 and 2011 of B2C-companies’ websites is used to demonstrate howinterweaved these two terms and the representation of terms and conditions (T&C) are presented. The data is analyzed interms of numbers, how often links to the topics exist; positioning, where these links are located on the web pages; andidentifiers, which represent the topics privacy, security, and T&C. Based on this information, the relation between privacy,security, and T&C is analyzed and interpreted

A systematic methodology for privacy impact assessments: a design science approach

For companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting these data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company's reputation and finances, as well as negative effects for customers or employees (data subjects). To address this problem, we propose a methodology that systematically considers privacy issues by using a step-by-step privacy impact assessment (PIA). Existing PIA approaches cannot be applied easily because they are improperly structured or imprecise and lengthy. We argue that companies that employ our PIA can achieve "privacy-by-design", which is widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications

Vorticity statistics in the two-dimensional enstrophy cascade

We report the first extensive experimental observation of the two-dimensional enstrophy cascade, along with the determination of the high order vorticity statistics. The energy spectra we obtain are remarkably close to the Kraichnan Batchelor expectation. The distributions of the vorticity increments, in the inertial range, deviate only little from gaussianity and the corresponding structure functions exponents are indistinguishable from zero. It is thus shown that there is no sizeable small scale intermittency in the enstrophy cascade, in agreement with recent theoretical analyses.Comment: 5 pages, 7 Figure

TOWARDS CORPORATE PRIVACY RESPONSIBILITY

With the advent of social networks and possibilities to store and reuse private user information, privacy became a term used in many different areas. And indeed, it touches a very sensitive part of users live: who knows what about me, where is it stored, who is able to see and use it? This includes information privacy, location privacy, property privacy and many more. But who should be responsible to store and hold the data of users? In B2C-E-Commerce, where user data is necessary to fulfill a transaction, to be able to charge the user or customer, to offer service tasks, and to deliver the product, a huge amount of customer data is necessary. Nowadays, companies use terms and conditions statements or privacy statements to ensure customers what happens to their data. But this is not enough. Similar to the concept of Corporate Social Responsibility, Corporate Privacy Responsibility could be a powerful tool to demonstrate the companies\u27 position concerning privacy, which could be an impressive marketing tool, too. This includes not only user data, but also staff, B2B-partners and company data. In this work-in-progress paper we will present different privacy concepts and elaborate, which are the significant ones for a Corporate Privacy Responsibility. In the second part, we will show how the concept of Corporate Social Responsibility can be used to build a Corporate Privacy Responsibility framework. Third, a first attempt of this framework is given and drawbacks and problems are described. At the end, next steps are described