Dynamic Differential Data Protection for High-Performance and Pervasive Applications

Widener, Patrick M. (Patrick McCall)

20 July 2005

Modern distributed applications are long-lived, are expected to provide flexible and adaptive data services, and must meet the functionality and scalability challenges posed by dynamically changing user communities in heterogeneous execution environments. The practical implications of these requirements are that reconfiguration and upgrades are increasingly necessary, but opportunities to perform such tasks offline are greatly reduced. Developers are responding to this situation by dynamically extending or adjusting application functionality and by tuning application performance, a typical method being the incorporation of client- or context-specific code into applications' execution loops. Our work addresses a basic roadblock in deploying such solutions: the protection of key application components and sensitive data in distributed applications. Our approach, termed Dynamic Differential Data Protection (D3P), provides fine-grain methods for providing component-based protection in distributed applications. Context-sensitive, application-specific security methods are deployed at runtime to enforce restrictions in data access and manipulation. D3P is suitable for low- or zero-downtime environments, since deployments are performed while applications run. D3P is appropriate for high performance environments and for highly scalable applications like publish/subscribe, because it creates native codes via dynamic binary code generation. Finally, due to its integration into middleware, D3P can run across a wide variety of operating system and machine platforms. This dissertation introduces D3P, using sample applications from the high performance and pervasive computing domains to illustrate the problems addressed by our D3P solution. It also describes how D3P can be integrated into modern middleware. We present experimental evaluations which demonstrate the fine-grain nature of D3P, that is, its ability to capture individual end users' or components' needs for data protection, and also describe the performance implications of using D3P in data-intensive applications.

Distributed systems

Security

Publish-subscribe systems

Middleware

Data protection

Computer security

Data protection

Middleware

A review of the implementation of the personal data (privacy) ordinance in the Hong Kong Correctional Services Department

Kan, Chi-keung., 簡志強.

January 1998

published_or_final_version / Public Administration / Master / Master of Public Administration

Privacy, Right of - China - Hong Kong.

Privacy, Right of.

Data protection - Law and legislation.

Vybrané otázky aktuální právní úpravy osobních údajů v Evropské unii / Selected issues of the current legal regulation of protection of personal data in the European Union.

Švec, Martin

January 2018

The thesis "Selected issues of the current legal regulation of protection of personal data in the European Union" is focused on describing the development of personal data in the European Union and on current changes in this field of European law. The first chapter is focused on the historical development of the personal data protection on the European continent with the specific aim of looking at the development in the European Union. This chapter describes the progressive development of the right to the protection of personal data which was formed within the right to privacy because of technological developments. The first chapter also talks about personal data protection in primary and secondary legislation which became the foundation for the further development. The second chapter is devoted to the comparison of the former EU regulation of the personal data protection in the directive 95/46/ES with the new regulation in GDPR. The most important changes were chosen for the comparison together with the ones which were often discussed prior to GDPR coming into effect. The interim goal of this chapter is to explain to the reader the extent of changes which GDPR brings to the field of personal data protection. The third chapter is focused on the institute of the data protection officer which is a...

CRM-system och utmaningar för dataskydd inom detaljhandel

Radvärn, Johan

January 2021

The purpose of this study is to investigate what new challenges CRM systems, Customer Relationship Management, have for the protection of personal data and security in retail. Today's IT development offers companies effective solutions for acquiring new customers and for retaining current customers. IT solutions such as data collection, data storage and analysis of data in real time are just a few examples of what a successfully implemented IT system can offer. CRM systems are the overall IT system solution that companies use, or show interest in using, to be competitive and ultimately achieve higher profits. The method chosen for this study is the research philosophy of pragmatism because it enables the use of different research methods which give a more accurate result. The study is mainly based on surveys and interviews and therefore both qualitative and quantitative methods are used. This study has examined four important variables, ie Privacy, Confidentiality, Integrity and Data Protection, to interpret and explain how these significantly affect the protection of personal data in the retail trade. Another result that emerged from the study is that the overall goal of CRM systems is to develop a strong and long-term customer relationship that minimizes costs and improves efficiency to meet and meet customer needs. Finally, the results of the study show that there is a great deal of awareness about the protection of personal data among consumers and in doing so it is concluded that the lack of protection of personal data among companies will lead to consumers choosing to leave companies. / Syftet med denna studie är att undersöka vilka nya utmaningar CRM-system, Customer Relationship Management, har för skyddet av personliga data och säkerhet inom detaljhandeln. Dagens IT-utveckling erbjuder företagen effektiva lösningar för att skaffa nya kunder samt för att behålla aktuella kunder. IT-lösningar såsom datainsamling, datalagring och analys av data i realtid är bara några exempel på vad ett lyckat implementerat IT-system kan erbjuda. CRM-system är den övergripande IT-systemlösningen som företagen använder, eller visar intresse för att använda, för att vara konkurrenskraftiga och slutligen uppnå högre vinster. Metoden som valts för denna studie är pragmatismens forskningsfilosofi eftersom den möjliggör användningen av olika forskningsmetoder vilka ger ett mer rättvisande resultat. Studien bygger huvudsakligen på undersökningar och intervjuer och därför används både kvalitativa och kvantitativa metoder. Denna studie har undersökt fyra viktiga variabler, det vill säga Privacy, Confidentiality, Integrity och Data Protection för att tyda och förklara hur dessa på ett väsentligt sätt påverkar skyddet av personliga data inom detaljhandeln. Ett till resultat som framkommit av studien är att det övergripande målet med CRM-system är att utveckla en stark och långsiktig kundrelation som minimerar kostnaderna och förbättrar effektiviteten för att möta och tillgodose kundens behov. Slutligen visar resultaten från studien att det finns stor medvetenhet kring skyddet av personliga data hos konsumenterna och därvid dras slutsatsen att det bristande skydd av personliga data hos företagen kommer att leda till att konsumenterna väljer att lämna företagen

Retail

Privacy

Confidentiality

Integrity

Data Protection and CRM

Detaljhandel

Privacy

Confidentiality

Integrity

Data Protection och CRM

Computer Sciences

Datavetenskap (datalogi)

The law of data (privacy) protection: a comparative and theoretical study

Roos, Anneliese

31 October 2003

In present-day society more and more personal information is being collected. The nature of the collection has also changed: more sensitive and potentially prejudicial information is collected. The advent of computers and the development of new telecommunications technology, linking computers in networks (principally the Internet) and enabling the transfer of information between computer systems, have made information increasingly important, and boosted the collection and use of personal information. The risks inherent in the processing of personal information are that the data may be inaccurate, incomplete or irrelevant, accessed or disclosed without authorisation, used for a purpose other than that for which they were collected, or destroyed. The processing of personal information poses a threat to a person's right to privacy. The right to identity is also infringed when incorrect or misleading information relating to a person is processed. In response to the problem of the invasion of the right to privacy by the processing of personal information, many countries have adopted "data protection" laws. Since the common law in South Africa does not provide adequate protection for personal data, data protection legislation is also required. This study is undertaken from a private law perspective. However, since privacy is also protected as a fundamental right, the influence of constitutional law on data protection is also considered. After analysing different foreign data protection laws and legal instruments, a set of core data protection principles is identified. In addition, certain general legal principles that should form the basis of any statutory data protection legislation in South Africa are proposed. Following an analysis of the theoretical basis for data protection in South African private law, the current position as regards data protection in South-Africa is analysed and measured against the principles identified. The conclusion arrived at is that the current South African acts can all be considered to be steps in the right direction, but not complete solutions. Further legislation incorporating internationally accepted data protection principles is therefore necessary. The elements that should be incorporated in a data protection regime are discussed. / Jurisprudence / LL. D. (Jurisprudence)

South African private law

OECD Guidelines on data protection

Right to identity

Computers and privacy

Right to privacy

Data protection

342.858068

Privacy, Right of -- South Africa

Internet -- Security measures

The law of data (privacy) protection: a comparative and theoretical study

Roos, Anneliese

31 October 2003

In present-day society more and more personal information is being collected. The nature of the collection has also changed: more sensitive and potentially prejudicial information is collected. The advent of computers and the development of new telecommunications technology, linking computers in networks (principally the Internet) and enabling the transfer of information between computer systems, have made information increasingly important, and boosted the collection and use of personal information. The risks inherent in the processing of personal information are that the data may be inaccurate, incomplete or irrelevant, accessed or disclosed without authorisation, used for a purpose other than that for which they were collected, or destroyed. The processing of personal information poses a threat to a person's right to privacy. The right to identity is also infringed when incorrect or misleading information relating to a person is processed. In response to the problem of the invasion of the right to privacy by the processing of personal information, many countries have adopted "data protection" laws. Since the common law in South Africa does not provide adequate protection for personal data, data protection legislation is also required. This study is undertaken from a private law perspective. However, since privacy is also protected as a fundamental right, the influence of constitutional law on data protection is also considered. After analysing different foreign data protection laws and legal instruments, a set of core data protection principles is identified. In addition, certain general legal principles that should form the basis of any statutory data protection legislation in South Africa are proposed. Following an analysis of the theoretical basis for data protection in South African private law, the current position as regards data protection in South-Africa is analysed and measured against the principles identified. The conclusion arrived at is that the current South African acts can all be considered to be steps in the right direction, but not complete solutions. Further legislation incorporating internationally accepted data protection principles is therefore necessary. The elements that should be incorporated in a data protection regime are discussed. / Jurisprudence / LL. D. (Jurisprudence)

South African private law

OECD Guidelines on data protection

Right to identity

Computers and privacy

Right to privacy

Data protection

342.858068

Privacy, Right of -- South Africa

Internet -- Security measures

Our Humanity Exposed : Predictive Modelling in a Legal Context

Greenstein, Stanley

January 2017

This thesis examines predictive modelling from the legal perspective. Predictive modelling is a technology based on applied statistics, mathematics, machine learning and artificial intelligence that uses algorithms to analyse big data collections, and identify patterns that are invisible to human beings. The accumulated knowledge is incorporated into computer models, which are then used to identify and predict human activity in new circumstances, allowing for the manipulation of human behaviour. Predictive models use big data to represent people. Big data is a term used to describe the large amounts of data produced in the digital environment. It is growing rapidly due mainly to the fact that individuals are spending an increasing portion of their lives within the on-line environment, spurred by the internet and social media. As individuals make use of the on-line environment, they part with information about themselves. This information may concern their actions but may also reveal their personality traits. Predictive modelling is a powerful tool, which private companies are increasingly using to identify business risks and opportunities. They are incorporated into on-line commercial decision-making systems, determining, among other things, the music people listen to, the news feeds they receive, the content people see and whether they will be granted credit. This results in a number of potential harms to the individual, especially in relation to personal autonomy. This thesis examines the harms resulting from predictive modelling, some of which are recognized by traditional law. Using the European legal context as a point of departure, this study ascertains to what extent legal regimes address the use of predictive models and the threats to personal autonomy. In particular, it analyses Article 8 of the European Convention on Human Rights (ECHR) and the forthcoming General Data Protection Regulation (GDPR) adopted by the European Union (EU). Considering the shortcomings of traditional legal instruments, a strategy entitled ‘empowerment’ is suggested. It comprises components of a legal and technical nature, aimed at levelling the playing field between companies and individuals in the commercial setting. Is there a way to strengthen humanity as predictive modelling continues to develop?

predictive modelling

predictive analytics

profiling

big data

algorithm

surveillance

privacy

autonomy

identity

digital identity

data privacy

human rights

data protection

European Convention on Human Rights

Data Protection Directive

empowerment

Law

Juridik

Towards an information security framework for government to government transactions : a perspective from East Africa

Wangwe, Carina Kabajunga

15 May 2013

The need for a regional framework for information security in e-Government for the East African Community (EAC) has become more urgent with the signing in 2009 of the EAC Common Market Protocol. This protocol will entail more electronic interactions amongst government agencies in the EAC partner states which are Burundi, Kenya, Rwanda, Tanzania, and Uganda. Government to Government (G2G) transactions are the backbone of e-Government transactions. If a government wants to provide comprehensive services that are easy to use by citizens, employees or businesses, it needs to be able to combine information or services that are provided by different government agencies or departments. Furthermore, the governments must ensure that the services provided are secure so that citizens trust that an electronic transaction is as good as or better than a manual one. Thus governments in the EAC must address information security in ways that take into consideration that these governments have limited resources and skills to use for e-Government initiatives. The novel contribution of this study is an information security framework dubbed the TOG framework, comprising of technical, operational, governance, process and maturity models to address information security requirements for G2G transactions in the EAC. The framework makes reference to standards that can be adopted by the EAC while taking into consideration contextual factors which are resource, legislative and cultural constraints. The process model uses what is termed a ‘Plug and Play’ approach which provides the resource poor countries with a means of addressing information security that can be implemented as and when resources allow but eventually leading to a comprehensive framework. Thus government agencies can start implementation based on the operational and technical guidelines while waiting for governance structures to be put in place, or can specifically address governance requirements where they already exist. Conversely, governments using the same framework can take into consideration existing technologies and operations while putting governance structures in place. As a proof of concept, the proposed framework is applied to a case study of a G2G transaction in Tanzania. The framework is evaluated against critical success factors. / Computing / D. Phil. (Computer Science)

005.809676

Data protection -- Africa East

Computer security -- Africa, East

Dataskyddsförordningen GDPR:S påverkan på befintliga informationssystem : En studie om hur befintliga informationsystem påverkas av GDPR, med fokus på Privacy by Design / The General Data Protection Regulation's effect on existing information systems : A study on the effect of GDPR on existing information systems, with focus on Privacy by Design

Åkerman, Hedwig

January 2018

Denna studie har undersökt hur den nya dataskyddsförordningen GDPR påverkar befintliga informationssystem. Genom arbetet har ett fokus även legat på metoden Privacy by Design och hur väl den uppfylls.GDPR ersätter Personuppgiftslagen i Sverige och innebär även att Missbruksregeln försvinner. Denna förändring kan tänkas resultera i större utmaningar för många företag, eftersom de krav som ställs är högre än tidigare. GDPR innebär ett utökat skydd för den personliga integriteten och ger EU:s medborgare fler rättigheter gällande hur personuppgifter bör behandlas. I och med att många befintliga informationssystem ej skapats med hänsyn till mycket av det GDPR ställer krav på, finns en trolig riskatt flera befintliga informationssystem blir svåra att uppdatera för att vara i linje med förordningen. Då GDPR även inkluderar krav med relevans till metoden Privacy by Design, är det troligt att företag som bättre uppfyller Privacy by Design även kan vara bättre i linje med GDPR. Från de deltagande respondenterna framgick det att en majoritet av de sju grundläggande principerna inom Privacy by Design uppfylls. Viss avsaknad kunde dock ses beroende på vilken organisation eller informationssystem det gällde. Vad som ansågs mest utmanande med dataskyddsförordningen uttryckte samtliga respondenter var förståelse av innebörd och intention med förordningstexten. Gällande vad som upplevdes som det tekniskt mest utmanande kunde mönster identifieras för ett antal krav. De krav som identifierades som väsentliga för befintliga informationssystem att anpassas efter, samt vilka principer inom Privacy by Designsom bättre uppfylldes, låg sedan i grund till en checklista. Checklistan blirett redskapsom ger en riktning för hur dessa punkter kan bemötas. / This study has examined how the new data protection regulation GDPR affect existing information systems. The study has had a focus on the method Privacy by Design and how well its principles are fulfilled by different companies. In Sweden, the GDPR will replace the personal data act, ‘Personuppgiftslagen’. This change may result in greater challenges for companies since the requirements of GDPR are higher than they were before. The GDPR means a greater protection of privacy and it gives EU citizens more rights regarding how their personal data should be processed. Many of the older, existing information systems weren’t created with regards to what GDPR demands. It is possible that this creates a risk for several existing information systems not being compliant with the regulation, because of difficulties in updating the systems. The GDPR also includes requirements related to Privacy by Design, and it is likely that companies that better meet the Privacy by Design principles are better compliant with the GDPR. From the participating respondents, it was shown that a majority of the seven fundamental principles of Privacy by Design are met. However, an absence of some principles could be seen depending on the organisation or information system. The most challenging aspect of the GDPR according to all respondents was to understand the meaning and intent of the regulation. Regarding what was perceived as the most challenging technical aspect of the GDPR, there were patterns for several requirements from the regulation. The requirements that were considered the essential ones for existing information systems to adapt to, as well as the principles that were better fulfilled were the factors the checklist was based on. The checklist can serve as a tool that provides a direction for how the identified issues can be addressed.

General Data Protection Regulation

Privacy by Design

integrity

checklist

Dataskyddsförordningen

General Data Protection Regulation

Privacy by Design

integritet

checklista

Computer Systems

Datorsystem

Införandet av General Data Protection Regulation och dess påverkan på svenska företag / The introduction of General Data Protection Regulation and its impact on Swedish companies

Landström, Peter, Ulvegärde Rombouts, Julia

January 2018

I dagsläget har en individ väldigt lite kontroll över den persondata som samlas in och hur den används och vem som hanterar den. Detta vill EU ändra på med den nya dataskyddsförordningen General Data Protection Regulation (GDPR) som träder i kraft nästa år. De nya reglerna innefattar en större kontroll för individen över den data som har samlats av företag. Förordningen tvingar företag att strukturera om sina system så de är förenliga med GDPR. Då höga bötesbelopp kan drabba de företag som inte följer reglerna blir alla de som hanterar personuppgifter tvungna att se över sina processer över hanteringen. Uppsatsen har som syfte att undersöka hur väl förberedda svenska medelstora till stora företag är ett år innan införandet av GDPR och hur de arbetar med förändringarna ur ett tekniskt perspektiv, ett organisatoriskt perspektiv samt ur ett juridiskt perspektiv. Med ett teoretiskt fundament som grund genomfördes intervjuer på tre olika företag som hanterar personuppgifter i sina system, både som personuppgiftsansvariga och som personuppgiftsbiträden. Resultatet av studien användes för att designa en utvärderingsmodell som företag kan använda ett år efter införandet av GDPR. Utvärderingen kommer att skapa en överblick på hur väl övergången har gått och om det finns några områden som behöver ytterligare arbete. De slutsatser som drogs var att det fanns en del frågetecken gällande hur de tekniska lösningarna skulle se ut för att vara i linje med GDPR, de juridiska frågorna hanterades till stor del med hjälp av biträdesavtal mellan personuppgiftsansvariga, personuppgiftsbiträden och tredje part. Ur ett organisatoriskt perspektiv var det utbildning av personal och kunskap om GDPR och de ändringar i arbetssätt som detta medför. / At present an individual has very little control over the personal data collected, how it is used and who manages it. This is something the EU wants to change with the new General Data Protection Regulation (GDPR), which will come into force next year. The new regulation includes greater control for the individual regarding the data collected by companies. The Regulation forces companies to restructure their systems so that they are compliant with GDPR. Since high sanctions may affect those companies that do not comply with the rules, all those who handle personal data will have to review the processes that relate to the handling of personal data. The aim of this thesis is to investigate how well prepared Swedish medium to large sized companies are one year before the introduction of GDPR. The thesis focuses on how companies work with the changes from a technical perspective, an organizational perspective and from a legal perspective. With a theoretical foundation as a basis, interviews were conducted on three different companies that handle personal data, both as data controller and as data processor. The result of the study was used to design an evaluation model that companies can use one year after the introduction of GDPR. The evaluation will provide an overview of how well the transition has been and if there are any areas that need further work. There were some uncertainties regarding how the technical solutions would need to be designed and implemented to help the company being compliant with GDPR. The legal issues were largely handled through processing agreements between data controllers, data processors and third parties. The organizational perspective meant training of staff and questions regarding how to raise awareness about GDPR and the changes in working practices.

Privacy by Design

IoT

Data Portability

Privacy by design

IoT

Dataportabilitet

Information Systems