Global ETD Search

331	GDPR och känsliga personuppgifter : En fallstudie om fackförbunds arbete med Dataskyddsförordningen / GDPR and sensitive personal data : A case study about trade unions' work with the General Data Protection Regulation Helenius, Anna January 2018 (has links) Den 25e maj 2018 träder den nya dataskyddsförordningen, GDPR, i kraft. I och med detta kommer alla medlemsstater i den europeiska unionen få en gemensam lag som skärper tidigare regler och ställer högre krav på organisationers personuppgiftsbehandling. Syftet med detta arbete har varit att undersöka och kartlägga hur verksamheter som behandlar känsliga personuppgifter anser sig bli påverkade av GDPR, samt hur de arbetar för att uppfylla kraven från denna nya förordning. Känsliga personuppgifter är sådana som exempelvis avslöjar en persons sexuella läggning, politiska åsikt, religiösa övertygelse eller fackliga tillhörighet och för att uppfylla syftet utfördes därför en fallstudie på sex stycken fackförbund av olika storlek. Datainsamlingen gjordes med hjälp av intervjuer med en person från varje förbund som har god insikt och överblick över organisationens GDPR-arbete. Resultaten från studien visar att fackförbunden anser att den nya dataskyddsförordningen är komplex och svårtolkad men att den ändå medför positiva konsekvenser för både organisationen och medlemmarna. Alla personuppgifter som fackförbunden hanterar faller direkt under känsliga personuppgifter eftersom de kan härledas till facklig tillhörighet, och detta gör att förbunden anser sig ställas inför högre krav på informationssäkerhet i jämförelse med många andra verksamheter. Bland annat möter de stora utmaningar i hur de skall kunna kommunicera med sina medlemmar i framtiden eftersom missbruksregeln försvinner och även ostrukturerat material inkluderas i den nya dataskyddsförordningen. Det går inte att säga generellt vilka åtgärder förbunden vidtagit för att förbereda sig inför de nya kraven från GDPR men det är tydligt att både tekniska och administrativa säkerhetsåtgärder behövs. Exempelvis uppgraderar många av förbunden sina IT-system och upphandlar helt nya ärendehanteringssystem, samtidigt som de dessutom inför rutiner för gallring och för hantering av personuppgiftsincidenter. / On 25 May 2018, the new data protection regulation, GDPR, will come into effect. With this, all members of the European Union will have a common law that sharpens previous rules and puts higher demands on organisations' personal data processing. The purpose of this study has been to investigate and map how businesses dealing with sensitive personal data consider themselves being affected by GDPR, and how they work to meet the requirements of this new regulations. Sensitive personal data are what for example reveals a person's sexual orientation, political opinion, religious conviction or union affiliation and therefore, to fulfil the purpose, a case study with six trade unions of different sizes was performed. The data collection was made with help of interviews with one person from each trade union, who has good insight and overview over the organisation's work with the GDPR. The results from the study show that the trade unions find the new data protection regulation to be complex and hard to interpret but that it nevertheless causes positive consequences for both the organisation and the members. All personal data that the trade unions handle fall directly under sensitive personal data since they may be derived to union affiliation and this leads to where the trade unions considering themselves facing higher demands on information security in comparison to many other businesses. Among other things, they face major challenges in how they are going to communicate with their members in the future, as even unstructured material is included in the new data protection regulation. It's not possible to say in general what actions the unions have taken to prepare for the new requirements of the GDPR, but it's clear that both technical and administrative safety actions are needed. For example, many of the unions are upgrading their IT systems or purchasing brand new case management systems while also introducing new routines for clearing of data and for management of personal data incidents. GDPR data protection general data protection regulation personal data processing sensitive personal data trade union information security GDPR dataskydd dataskyddsförordningen personuppgiftsbehandling känsliga personuppgifter fackförbund informationssäkerhet Computer and Information Sciences Data- och informationsvetenskap
332	Protection of security information within government departments in South Africa Nkwana, Mokata Johannes 02 1900 (has links) The protection of security information in government departments requires the active engagement of executive management to assess emerging threats and provide strong security risk control measures. For most government departments, establishing effective protection of security information is a major initiative, given the often continuous, strategic nature of typical security efforts. This requires commitments or support from senior management and adequate resources. It necessitates the elevation of information security management to positions of authority commensurate to the required responsibilities. This has been the trend in recent years as government departments are increasingly dependent on their information assets and resources, while threats and disruptions continue to escalate in frequency and cost. It is clear from numerous recent studies that organisations that have taken the steps described in this research document and have implemented effective information security risk control measures have achieved significant results in reduced losses and improved resource management. Given the demonstrable benefits, it is surprising that there have not been greater progress in effectively managing information assets. Although regulatory compliance has been a major driver in improving the protection of security information overall, this study has also shown that nearly half of all government departments are failing to initiate meaningful compliance efforts. Failure to address the identified vulnerabilities by government departments will result in espionage, covert influencing manipulation, fraud, sabotage and corruption. Information security risk control measures include the elements required to provide senior management assurance that its direction and intent are reflected in the security posture of the organisation by utilising a structured approach to implement an information security programme. Once those elements are in place, senior management can be confident that adequate and effective protection of security information will protect, as far as possible, the department’s vital information assets. / Criminology and Security Science / M. Tech. (Security Management) Government departments Information security Protective security 352.387682 Data protection -- South Africa Data protection -- South Africa
333	The right to the protection of personal data. Some relevant topics about its regulation in Peru / El derecho a la protección de los datos personales. Algunos temas relevantes de su regulación en el Perú Eguiguren Praeli, Francisco José 25 September 2017 (has links) What guarantees do we have as titleholders of theright to personal data protection? Does the Political Constitution of 1993 truly protect this right in aproperly way? Which role does the relatively recentPeruvian Law on the Personal Data Protection playto that effect?In this article, the renowned constitutionalist gives answers to these questions with a brief and detailed analysis of the Peruvian Law on the Personal Data Protection and its rules of procedure, focusing in its pros and cons, but also of the Peruvian National Personal Data Protection Authority’s role and functions to that effect. / ¿Qué garantías tenemos como titulares del derecho a la protección de datos personales? ¿Realmente la Constitución Política de 1993 tutela adecuadamente este derecho? ¿Qué rol juega al respecto la relativamente reciente Ley de Protecciónde Datos Personales?En el presente artículo, el reconocido constitucio- nalista da respuesta a estas cuestiones con un breve pero detallado análisis de la Ley de Protección de Datos Personales y su reglamento, incidiendo en sus ventajas y desventajas, así como del rol y funciones de la Autoridad Nacional de Protección de Datos Personales al respecto. Law Habeas Data Hábeas Data Autodeterminación Informativa Ley De Protección De Datos Personales
334	La libre circulation et la protection des données à caractère personnel sur Internet / Free flow of data and personal data protection on the Internet Malekian, Hajar 15 November 2017 (has links) La protection des données à caractère personnel (DCP) constitue un droit fondamental autonome au sein de l’Union européenne (article 8 de la Charte des droits fondamentaux de l’Union européenne). En outre, la libre circulation de ces données et des services de la société de l’information, notamment des plateformes en ligne, est primordiale pour le développement de l’économie numérique dans le cadre du marché unique numérique européen. C’est dans ce contexte qu’un point d’équilibre entre la libre circulation et la protection des DCP fait l’objet du cadre juridique européen et français en matière de protection des DCP. Ainsi, dans cette étude, nous nous sommes intéressés en particulier aux enjeux liés à la mise en balance de ces deux intérêts. Ces enjeux suscitent une attention particulière notamment à l’ère des plateformes en ligne, du Big Data et de l’exploitation en masse des données à travers des algorithmes sophistiqués dotés de plus en plus d’autonomie et d’intelligence / Free flow of data and personal data protection on the Internet Protection of personal data is an autonomous fundamental right within the European Union (Article 8 of the Charter of Fundamental Rights of European Union). Moreover, free flow of personal data and free movement of information society services in particular online platforms is essential for the development of digital single market in European Union. The balance between free movement of data and personal data protection is subject of the European legal framework. However, the main challenge still remains to strike the right balance between effective personal data protection and free flow of this data and information society services. This balance is not an easy task especially in the age of online platforms, Big Data and processing algorithms like Machine Learning and Deep Learning. Données à caractère personnel Plateformes en ligne Big data Internet Personal data protection European Data Protection Regulation Free flow of personal data Big Data Algorithms artificial intelligence Digital single market
335	Provisioning VolP wireless networks with security De Wit, Roland Duyvené 12 1900 (has links) Thesis (M. Tech.) - Central University of Technology, Free State, 2008 Internet telephony Computer networks - Security measures Data protection
336	Usability Issues in the User Interfaces of Privacy-Enhancing Technologies LaTouche, Lerone W. 01 January 2013 (has links) Privacy on the Internet has become one of the leading concerns for Internet users. These users are not wrong in their concerns if personally identifiable information is not protected and under their control. To minimize the collection of Internet users' personal information and help solve the problem of online privacy, a number of privacy-enhancing technologies have been developed. These so-called privacy-enhancing technologies still have usability issues in the user interfaces because Internet users do not have the choices required to monitor and control their personal data when released in online repositories. Current research shows a need exists to improve the overall usability of privacy-enhancing technology user interfaces. A properly designed privacy-enhancing technology user interface will give the Internet users confidence they can monitor and control all aspects of their personal data. Specific methods and criteria for assessing the usability of privacy-enhancing technology user interfaces either have not been developed or have not been widely published leading to the complexity of the user interfaces, which negatively affects the privacy and security of Internet users' personal data. This study focused on the development of a conceptual framework, which will provide a sound foundation for use in assessing the user interfaces of Web-based privacy-enhancing technologies for user-controlled e-privacy features. The study investigated the extent to which user testing and heuristic evaluation help identify the lack of user-controlled e-privacy features and usability problems in selected privacy-enhancing technology user interfaces. The outcome of this research was the development of a domain-specific heuristics checklist with criteria for the future evaluation of privacy-enhancing technologies' applications user interfaces. The results of the study show the domain-specific heuristics checklist generated more usability problems and a higher number of severe problems than the general heuristics. This suggests domain-specific heuristics can be used as a discount usability technique, which enforces the concept of usability that the heuristics are easy to use and learn. The domain-specific heuristics checklist should be of interest to privacy and security practitioners involved in the development of privacy-enhancing technologies' user interfaces. This research should supplement the literature on human-computer interaction, personal data protection, and privacy management. Domain-Specific Heuristics Human-Computer Interaction Personal Data Protection Privacy-Enhancing Technologies Privacy Management Usability Computer Sciences
337	基於存取目的之個資控管框架-以銀行業為例 / Purpose-Based PII Control Framework - A Banking Perspective. 鄭明璋, Cheng, Ming Chang Unknown Date (has links) 新版「個人資料保護法」在民國99年5月公布，並正式實施於民國101年10月；隨著新法的實施，不管是公部門或民間組織，都投入大量資源以期改善並確保自己的組織對於個人資料之蒐集、處理與利用，能夠符合「個人資料保護法」的要求。由於業務特性，個人資料的蒐集、處理與利用，乃是銀行業者日常必須面對的課題。雖然舊版個資相關法令「電腦處理個人資料保護法」與「銀行法」對於個人資料的處理都已有相關規定，但由於稽核與舉證困難、罰則過輕等原因，業者並未真正重視個資保護課題，善盡個資保護的責任，所以銀行發生個資外洩的案例時有所聞。新版「個人資料保護法」正式實施後，舉證責任歸屬由當事人變成企業，在疑似個資外洩事件發生時，企業須舉證其組織之系統或機制已對個人資料之控管機制已滿足「個人資料保護法」的要求，盡到完善管理之責任。因此業者不得不投入大量資源來周全組織內對於個人資料的保護與稽核機制，把新版法規的各項規定要求納入系統功能範疇。伴隨「個人資料保護法」的實施，法務部頒布了「個人資料保護法之特定目的及個人資料之類別」細則來明確規範個人資料的類別範疇、以及存取個人資料之目的。本研究即針對此項要求，歸納分析銀行業的業務現況，並納入未來業務發展之可能需求，設計一具備彈性之個資存取框架以管理個資分類與存取目的，進而滿足「個人資料保護法」的要求。 / As the latest version of the "Personal Data Protection Act (PDPA)" published on May, 2010, and formally implemented since October, 2012, all public and private sector organizations need to put in significant resources to meet the strengthened legal requirements of personal data collection, processing and utilization. Yet banks are among the first to be affected by them, as personal data collection, usage and handling are essential to their daily operations. Therefore, this thesis investigates the compliance of PDPA from a banking perspective. A distinguished feature of the new "Personal Data Protection Act" is the inclusion of "purposes" in regulating access to personal data, namelyan organization must get the informed consent from its customer regarding how her personal data will be used, namely privacy preferences. Currently, employing a proper access control mechanism to protect customer's data is a well-accepted discipline in bank information system (BIS) development. However, the design of such mechanisms hardly includes the requirement of supporting customers’ preferences regarding the use of their personal data. It is therefore highly desirable to extend a BIS's access control to handle customers' privacy preferences. This thesis investigates the common practices of bank operations and presents a purpose-based access control framework for future BIS development. Specifically, we derive a classification of bank customers' personal data and purpose categories for bank operations so that the proposedaccees control framework can ensure all accesses to customers' personal data match their granted access purposes. As a result, the framework will lay a foundation to the compliance of PDPA for a bank. 個人資料保護法隱私目的 Personal Data Protection Act Privacy Purpose
338	Changing Privacy Concerns in the Internet Era. Demir, Irfan 08 1900 (has links) Privacy has always been a respected value regardless of national borders, cultural differences, and time in every society throughout history. This study focuses on the unprecedented changes in the traditional forms of privacy and consequent concerns with regard to invasion of privacy along with the recent emergence and wide use of the Internet. Government intrusion into private domains through the Internet is examined as a major concern. Privacy invasions by Web marketers, hacker threats against privacy, and employer invasion of employee privacy at the workplace are discussed respectively. Then a set of possible solutions to solve the current problems and alleviate the concerns in this field is offered. Legal remedies that need to be performed by the government are presented as the initial solution. Then encryption is introduced as a strong technical method that may be helpful. Finally, a set of individual measures emphasized as complementary practical necessities. Nevertheless, this study indicates that technology will keep making further changes in the form and concerns of privacy that possibly may outdate these findings in the near future, however, privacy itself will always remain as a cherished social value as it has always been so far. Privacy, Right of. Internet -- Security measures. Computer security. Privacy online Internet data protection information privacy concerns violation of privacy
339	Lämna mig ifred : Digital övervakning och personlig integritet på svenska bibliotek / Leave me alone : Digital surveillance and privacy in Swedish libraries Soldal, Johannes January 2016 (has links) Introduction. Libraries have traditionally protected the privacy of their users. It is an ambition that is becoming increasingly difficult, with the introduction of new information technologies in libraries. This thesis consists of an examination of an incipient interest in digital security among Swedish libraries and librarians. It also consists of an examination to what degree Swedish municipality libraries are using social plugins, an information practice with potential privacy concerns, on their websites. Method. Key actors were interviewed to shed light on why issues on privacy and digital security have moved into the foreground. 59 municipality libraries were randomly selected, and their websites surveyed. Analysis. Contextual integrity (CI), a privacy concept developed by Helen Nissenbaum, was used as a theoreti-cal framework. According to the concept, privacy is linked to information norms in a specific context. The con-cept has both a descriptive and a prescriptive aspect. In this thesis I used CI to evaluate libraries’ information practice of using social plugins on their websites. Results. The study showed that one out of three municipality libraries in Sweden are using social plugins on their website. The interest in digital security among Swedish libraries is linked to privacy concerns for groups of people with the need of high digital protection. The interest was sparked by Edward Snowden revelations of mass surveillance and the refugee crisis in 2015. Conclusion. Contextual integrity was used to evaluate libraries’ practice of using social plugins on their web-sites. The evaluation showed that the practice encroaches on information norms normally taken for granted in the library. The use of social plugins should be cancelled. Libraries have a responsibility to secure the privacy of their users, and CI is a useful concept to evaluate different information practices.This is a two years master’s thesis in library and information science. Electronic surveillance Library surveillance Privacy Data protection Computer security Övervakning elektronisk övervakning integritet personlig integritet IT-säkerhet
340	Electronic multi-agency collaboration : a model for sharing children's personal information among organisations Louws, Margie January 2010 (has links) The sharing of personal information among health and social service organisations is a complex issue and problematic process in present-day England. Organisations which provide services to children face enormous challenges on many fronts. Internal ways of working, evolving best practice, data protection applications, government mandates and new government agencies, rapid changes in technology, and increasing costs are but a few of the challenges with which organisations must contend in order to provide services to children while keeping in step with change. This thesis is an exploration into the process of sharing personal information in the context of public sector reforms. Because there is an increasing emphasis of multi-agency collaboration, this thesis examines the information sharing processes both within and among organisations, particularly those providing services to children. From the broad principles which comprise a socio-technical approach of information sharing, distinct critical factors for successful information sharing and best practices are identified. These critical success factors are then used to evaluate the emerging national database, ContactPoint, highlighting particular areas of concern. In addition, data protection and related issues in the information sharing process are addressed. It is argued that one of the main factors which would support effective information sharing is to add a timeline to the life of a dataset containing personal information, after which the shared information would dissolve. Therefore, this thesis introduces Dynamic Multi-Agency Collaboration (DMAC), a theoretical model of effective information sharing using a limited-life dataset. The limited life of the DMAC dataset gives more control to information providers, encouraging effective information sharing within the parameters of the Data Protection Act 1998. 361.3

Search results