A saúde dos dados pessoais e o município de São Caetano do Sul

Souza, Joyce Ariane de

January 2018

Orientador: Professor Dr. Sérgio Amadeu da Silveira / Dissertação (mestrado) - Universidade Federal do ABC, Programa de Pós-Graduação em Ciências Humanas e Sociais, 2018. / Este trabalho discute o mercado de dados pessoais - como uma forma de desenvolvimento do capitalismo informacional - possibilitado pelo avanço das tecnologias de comunicação e controle e pelo uso massivo por diversos atores, como sujeitos, estados, governos, empresas, instituições, entre outros. Para tanto, tem como objeto de estudo analisar como este mercado atinge setores sensíveis e por isso centra-se na área da saúde do município de São Caetano do Sul. Para responder à questão principal da pesquisa, que diz respeito ao modo como esse mercado se desenvolve, este trabalho inicialmente recorre à pesquisa bibliográfica para alinhavar as fundações teóricas que demonstram as transformações ocorridas na sociedade nas últimas duas décadas, principalmente, a partir do momento em que as relações sociais passam a ocorrer também por meio de tecnologias da informação e comunicação. Em seguida, apresenta um debate do que seria "dado pessoal", de como ele tem servido de matéria-prima para o desenvolvimento de mercados extremamente lucrativo e os principais riscos que esse mercado apresenta. Traz, ainda, perspectivas e possibilidades metodológicas para investigações em um mercado tão obscuro e de difícil acesso. Para corroborá-lo, analisa a operação da saúde de São Caetano do Sul, apresentando um mapeamento com os principais atores; dados pessoais coletados; justificativas apresentadas; onde são armazenados; como são analisados e classificados, entre outros. Por fim, aborda uma discussão sobre a relevância de alguns direitos fundamentais, como o da privacidade, para impor limites às atividades oriundas dos dados pessoais. / This paper discusses the data market - is a development program of informational capitalism - made possible by the advancement of communication and control technologies and the use of massive by various actors, such as subjects, states, governments, companies, institutions, among others. Therefore, it has as object of study to analyse how this market triggered sensitive sectors and for that reason, it focuses on the health area of the municipality of São Caetano do Sul. In order to answer the main question of the research, which concerns how this market develops, this work initially resorted to the bibliographical research to put together the theoretical foundations that demonstrate the transformations that have occurred in the society in the last two decades, mainly, from the moment in that social relations also occur through information and communication technologies. It then presents a discussion of what it would be "personal data", how it has served as a raw material for the development of extremely lucrative markets and the main risks that this market presents. It also presents methodological perspectives and possibilities for investigations in a market so obscure and difficult to access. To corroborate it, it analyses the health operation of São Caetano do Sul, presenting a mapping with the main actors; personal data collected; justifications presented; where they are stored; how they are analysed and classified, among others. Finally, it addresses a discussion about the relevance of some fundamental rights, such as privacy, to impose limits on activities derived from personal data.

MERCADO DE DADOS PESSOAIS

DADOS PESSOAIS - MEDIDAS DE SEGURANÇA

PRIVACIDADE

SURVEILLANCE

PRIVACY

PERSONAL DATA MARKET

Personuppgiftslagens efterlevnad i samband med IT-övervakning : En studie av medelstora callcenterverksamheter

Eklund, Per, Forsman, Olof

January 2010

I Datainspektionens rapporter 2003:3 och 2005:3 har myndigheten granskat hur personuppgifter behandlas i samband med arbetsgivares övervakning av anställda. Resultaten av dessa rapporter har visat på förekommande brister i förhållande till personuppgiftslagen i många av de granskade verksamheterna. Mot denna bakgrund har en fallstudie av ett medelstort callcenterföretag genomförts för att ur ett tekniskt perspektiv undersöka hur väl personuppgiftslagen följs i samband med företagets övervakning av sin personal. Utifrån brister identifierade i fallstudien har en mindre kartläggning av liknande företag genomförts i ett försök att mäta graden av generaliserbarhet i de identifierade bristerna. De brister som har identifierats i fallstudien rör i första hand otillfredsställande rutiner för gallring av personuppgifter vid e-postövervakning samt avsaknad av information till de anställda om vilka kontroller som sker i samband med detta. Behov av en uppdatering av företagets IT-policy samt ett behov av en övervakningslösning för personalens internetanvändande kunde också noteras. Kartläggningen har givit antydningar om att liknande brister vad gäller rutiner för gallring samt bristande information kan tänkas förekomma även hos andra medelstora callcenterföretag. Slutsatsen av arbetet är att flera av de brister som uppdagades av Datainspektionen för fem år sedan tycks göra sig gällande bland vissa medelstora callcenterföretag även idag. / In the 2003:3 and 2005:3 reports issued by the Swedish Data Inspection Board, the authority examined the treatment of personal data related to employer surveillance of employees. The reports indicated flaws occurring in regard to the Personal Data Act in several of the examined businesses. In reference to this, a case study of a mid-sized call center was conducted to examine, from a technical point of view, the degree of compliance with the Personal Data Act regarding the company's surveillance of its employees. Based upon flaws found in the case study, a minor survey of similar companies was conducted in an attempt to measure the degree of generalizability of the identified flaws. The flaws identified in the case study are mainly related to unsatisfactory routines for sorting out personal data during e-mail surveillance and lack of information given to employees about the conducting of checks related to this. A need to update the company's corporate IT policy and a need for a web surveillance solution were also noted. The survey has indicated that similar flaws regarding screening routines and lack of information also might occur at other mid-sized call center companies. The conclusion of the study is that several of the flaws the Swedish Data Inspection Board discovered five years ago still seem to be applicable among some mid-sized call center companies.

Personal Data Act

Data Inspection Board

surveillance

call center

integrity

logging

Personuppgiftslagen

PuL

Datainspektionen

övervakning

callcenter

integritet

loggning

Computer Sciences

Datavetenskap (datalogi)

Ochrana osobních údajů v kontextu datového skladu / Protection of personal data in the context of a data warehouse

Tůma, David

January 2017

Diploma thesis deals with problematics of protection of personal data in Czech republic with link to legislation of European Union. The main subject of the thesis is detailed analysis of current legal standards and identifying the requirements resulting from the changes adopted. The found changes are practically judged from the data warehouse perspective and for each of them is presented a practical solution.

Zpracování osobních údajů v rámci EU se zřetelem na policejní a justiční spolupráci / Processing of personal data in the EU within police and judicial cooperation

Jašková, Jitka

January 2009

The thesis deals with the approach level, meaning, purpose and benefit of personal data protection in their processing within police and judicial cooperation in the EU. In the introduction the fundamental issues of personal data protection in the context of the EU and the Czech republic are defined, focusing on terminology and explanations of current issues, particularly the area of biometric data and data retention. Extra attention is also given to the conflict of the right to privacy, and the related right to personal data protection and protection of public interests and safety. After that the thesis deals with a performing of police and judicial cooperation in the EU through specific subjects, in particular Europol and Eurojust. The final part of the thesis focuses on the practical implementation of personal data protection in police and judicial cooperation in the EU, and secondly the importance of personal data protection in police and judicial cooperation, as a deduced basic human right, and the difficulties with which the personal data protection in police and judicial cooperation in the EU are joined. The final part of this thesis consider the main sections in which we can find area for adjustment towards more effective police and judicial cooperation in the EU, with full respect for the right to personal data protection.

Audit cloudových služeb pro malé a střední podniky / Cloud Computing Audit for Small and Medium Enterprises

Kroft, Karel

January 2014

Cloud computing brings to the world of information systems many opportunities but also new risks. The main one is decreased customer ability to directly control the security of information and systems, because administration responsibility passes to providers. This thesis focuses on cloud services auditing from the small and medium enterprises perspective. In introduction, this work defines information system audit terminology, characterizes cloud services and analyzes international legislation. Standardization organizations, published standards and methodologies that are widely respected in IT field are introduced. For the trust mediation in the cloud are important independent third-party audits and organizations specializing in the examination and control of cloud providers. The assumptions list is assembled on this basis to support screening process and to check, whether enterprise, service providers and services are ready for creating efficient and safe cloud system. The assumptions are applied to selected cloud service providers.

Osobní údaje a problémy personalizace / Personal data and personalization issues

Farafonov, Gerasim

January 2012

Society is currently finding itself in the middle of an information revolution, and only now begins to realize this fact. The primary currency in the new economy is user data and the enormous value is evident only to companies doing business with them. This thesis is dedicated to the protection of personal data in the context of the currently developing trend of personalization. Author sets out tools that make online tracking possible, compares the legislative regulation of the Czech Republic, the Russian Federation and the United States of America, evaluating the differences, trends, strengths and weaknesses in relation to the practice of creating profiles and behavioural targeting advertising. Subsequently, the author lists the additional risks of this trend for the freedom and privacy, lists general recommendations as well as recommendations for the users themselves to maximize the protection of privacy and personal data.

Analýza zpracování osobních údajů podle Nařízení GDPR / Personal Data Processing Analysis under the GDPR Regulation

Slámová, Gabriela

January 2018

This diploma thesis deals with the proposal of a personal data protection system according to the General Data Protection Regulation in the organization Dentalife s.r.o.. The proposal was implemented on the basis of an analysis of the current situation which revealed serious shortcomings in line with the General Data Protection Regulation. Based on the identified deficiencies, a recommendation has been drawn up which, in the event of its subsequent implementation, will put the current situation into line with this Regulation. The theme of the diploma thesis was selected primarily because of its up-to-date and missing materials that would describe and explain the individual steps of the whole process of analysis and implementation.

Budování bezpečnostního povědomí na fakultě podnikatelské / Building security awareness at the Faculty of Business and Management

Volfová, Jana

January 2021

This diploma thesis is focused on Security Awareness Education at the Faculty of Business and Management. It consists of three main parts: theoretical, analytical and practical considerations. The theoretical part is the introduction to basic terms, processes and analysis to help understand the thesis. The analytical part includes an introduction to the chosen organization and the implementation of analysis, which were presented in the theoretical part. The practical part contains, among other things, the actual proposals for Security Awareness Education at the faculty and its benefits.

Zobrazení a úprava informací v Transparency and Consent Framework / Transparency and Consent Framework Data Listing and Editing

Postulka, Aleš

January 2021

This thesis deals with the development of multilingual for web browsers Mozilla Firefox and Google Chrome. The purpose of the extension is to enable the automated management of provided consents to the processing of personal data on websites using the Transparency and Consent Framework. Extension was developed on the basis of knowledge about this framework and about legal norms GDPR and ePrivacy Directive, which deal with the protection of personal data. Knowledge of the method of developing extensions for web browsers using WebExtensions was also used during the implementation. During testing, consent was successfully enforced in 96,2 % of tested websites in Mozilla Firefox. In Google Chrome, success has been achieved in 82,1 % of tested websites. The banner requiring consent was not displayed in 33 % of websites in Mozilla Firefox and in 31,1 % of websites in Google Chrome.

Pseudonymizace textových datových kolekcí pro strojové učení / De-identification of text data collections for machine learning

Mareš, Martin

January 2021

Text data collections enable the deployment of artificial intelligence algorithms for novel tasks. Such collections often contain miscellaneous personal data and other sensitive information that complicates sharing and further processing due to the personal data protection requirements. Searching for personal data is often carried out by sequential passes through the complete text. The objective of this thesis is to create a tool that helps the annotators decrease the risk of data leaks from the text collections. The tool utilizes pseudonymization (replacing a word with a different word, based on a set of rules). During the annotation process, the tool tags the words as "public", "private" and "candidate". The task of the annotator is to determine the role of the candidate words and detect any other untagged private information. The private words then become the subject of the pseudonymization process. The auto-tagging tool utilizes a named entity recognizer and a database of rules. The database is automatically improved based on the decisions of the annotator. Different named entity recognizers were compared for the purpose of personal data search on the collection of the ELITR project. During the comparison, a method was found which increased the sensitivity of the named entities detection which also...