381 |
A proteção de dados no Brasil: a tutela do direito à privacidade na sociedade de informaçãoSilva, Alexandre Ribeiro da 31 March 2017 (has links)
Submitted by Renata Lopes (renatasil82@gmail.com) on 2017-06-29T11:25:07Z
No. of bitstreams: 1
alexandreribeirodasilva.pdf: 1072982 bytes, checksum: 66b30c6ab50a500d9513fcf27a826e6d (MD5) / Approved for entry into archive by Adriana Oliveira (adriana.oliveira@ufjf.edu.br) on 2017-08-07T21:49:44Z (GMT) No. of bitstreams: 1
alexandreribeirodasilva.pdf: 1072982 bytes, checksum: 66b30c6ab50a500d9513fcf27a826e6d (MD5) / Approved for entry into archive by Adriana Oliveira (adriana.oliveira@ufjf.edu.br) on 2017-08-07T21:50:00Z (GMT) No. of bitstreams: 1
alexandreribeirodasilva.pdf: 1072982 bytes, checksum: 66b30c6ab50a500d9513fcf27a826e6d (MD5) / Made available in DSpace on 2017-08-07T21:50:00Z (GMT). No. of bitstreams: 1
alexandreribeirodasilva.pdf: 1072982 bytes, checksum: 66b30c6ab50a500d9513fcf27a826e6d (MD5)
Previous issue date: 2017-03-31 / A presente dissertação analisará o direito à proteção de dados na sociedade de informação brasileira. O pensamento do jurista italiano Stefano Rodotà sobre as transformações do direito à privacidade, que não é mais compreendido como o direito de ser deixado só, será utilizado. Assim, o direito à privacidade é agora entendido como o direito à autodeterminação informativa, ou seja, o direito que o cidadão possui para controlar dados e informações nas diversas inovações tecnológicas que o permeia. E diante destas transformações, torna-se necessário ter uma correta legislação sobre esse tema. / The present dissertation will analyze the right to data protection in the Brazilian information society. The thought of the Italian jurist Stefano Rodotà about the transformation of the right to privacy, that is no more comprehended as the right to be let alone, will be used. Thus, the right to privacy is now understood as the right to informative autodetermination, that is, the right that the citizen has to control data and information in the various technologic innovations that permeate him. And in the face of these transformations, becomes necessary to have a correct legislation about this theme.
|
382 |
Generisk dataportabilitet för personuppgifter : En kvalitativ fallstudie av Region Östergötland / Generic data portability for personal data : A qualitative field study of Region OstergotlandLarsson, Erik, Lind, Joakim January 2017 (has links)
I samband med den nya dataskyddsförordningen för EU tillkommer ny lagstiftning kring hur verksamheter får behandla EU-medborgares personuppgifter. En av de stora nyheterna är dataportabilitetskravet som ställer krav på att verksamheter ska kunna överföra individers personuppgifter till individerna själva eller till andra personuppgiftsansvariga. Detta innebär omfattande utmaningar med verksamheters förmåga till interoperabilitet i förhållande till andra aktörer utifrån juridisk, organisatorisk, teknisk och semantisk interoperabilitet. Med dataportabilitetskravet hamnar interoperabilitet i fokus som en förutsättning förverksamheter att uppfylla dataskyddslagstiftningen. Mot bakgrund av detta studeras en offentlig organisation som berörs av dataskyddsreformen och kravet på dataportabilitet. I studien inryms en fördjupning av hur organisationen hanterar sina system och strukturer samt jobbar med standarder och samarbeten för att uppnå interoperabilitet i enlighet med dataportabilitet. Det studerade fallet bidrar med insikter för hur andra organisationer kan arbeta med liknande frågor som berör dataportabilitet och interoperabilitet. I studien framkommer det att fallorganisationen sedan tidigare arbetar med interoperabilitetsfrågor. Detta är på grund av egenuppmärksammade behov inom verksamheten och inte enbart av lagkravet från dataskyddsförordningen på dataportabilitet. Med hänsyn till dataskyddsförordningen pågår för närvarande interna analyser kring vilka åtgärder som behöver vidtas där dataportabilitet är ett av dessa områden. Organisationen ser utmaningar främst rörande tolkningen av de nya lagkraven, organisatorisk interoperabilitet och semantisk. Arbetet för att kunna uppfylla kravet pågår, och man följer de rekommendationer som ges från rådgivande organisationer, både från EU och nationellt. Studiens kunskapsbidrag bidrar till ökad förståelse för vilken relevans som interoperabilitet har för dataportabilitet kontextualiserat till den nya dataskyddsförordningen. Studien visar relevansen av hur gemensamma spelregler mellan olika parter i form av gemensam juridik bidrar till förbättrade förutsättningar att nå interoperabilitet på även de andra nivåerna: organisatoriskt, tekniskt och semantiskt, vilket utifrån vad studien visar är avgörande för möjligheten till dataportabilitet. Studien bidrar därtill med en användbar konceptuell modell för att utvärdera interoperabilitet som en förutsättning för dataportabilitet för organisationer. / In the context of the new General Data Protection Regulation (GDPR) within EU, new legislation is added upon how organizations are permitted to process EU citizens’ personal data. One of the changes is the right to data portability which sets the requirements that organizations must be able to transfer subjects’ personal data to the subject itself or to other data controllers. This implicates comprehensive challenges for organizations’ capacity to reach interoperability in relation to other actors’ based on juridical, organizational, technical and semantic interoperability. In light of the requirement of data portability, interoperability comes into focus as a condition for organizations to comply with the GDPR regulation. In consideration of this background, a public organization that is affected by the data protection reform and the data portability requirement is being studied. In the study, a deepening is made on how the organization manage their systems and structures as well as working with standards and co-operations to reach interoperability in accordance with data portability. The studied case contributes with insights on how organizations can work with similar issues that consider data portability and interoperability. In the study it is clear that the case organization is already working with interoperability issues. This as a result of the organizations own attention of related issues and not only as an effect due to the new data protection regulation and its requirement of data portability. In effect of the data protection regulation, an ongoing analysis is made within the case organization to investigate which actions are needed, where the right to data portability is one of the areas to deal with. The organization identify challenges mainly within the interpretation of the GDPR, organizational and semantic interoperability. The work on how to comply with the requirements is in progress, and the organization follow the recommendations which are given by advising organizations both within EU and on national level. The contribution of the study is deepening knowledge on the relevance of interoperability as a condition to achieve data portability contextualized by the GDPR. Our study shows the relevance of how common rules between different actors in the form of common legislation contributes to improved prerequisites to reach interoperability on all four levels, namely, organizational, juridical, technical and semantic interoperability, which from what our study show is crucial for data portability. The study also contributes with a useful conceptual model to evaluate interoperability as a prerequisite to achieve data portability for organizations.
|
383 |
ISeBIS-skalans användbarhet vid utvärdering av användares säkerhetsintentionerLindqvist, Jill January 2017 (has links)
The General Data Protection Regulation, an EU law that enters into force in May 2018, aims to protect the sensitive data of individuals in our digitized world. The responsibility for the sensitive data collected will be transferred to the enforcement organizations. This requires that the correct data protection is ensured. In this work, organizations must ensure that their employees have knowledge of information security. To know which training efforts are needed, a tool for measuring the maturity of information security in the organization is needed. Studies show that it is difficult to measure users' security intentions and that there is a lack of tools for this. The Information Security Behaviour Scale, ISeBIS-scale, was in this study designed with the aim of testing whether this scale could be used and how it could be used to evaluate change in a user's information security intentions following a training effort. In a case study, the ISeBIS scale was tested in an explanatory sequential mixed method. The selection team received a web survey, underwent education in information security and then responded to the questionnaire again. After the results were analysed, semistructured interviews were conducted with a selection of respondents to explain the trends seen in the study. The study shows that to only use the ISeBIS scale is inadequate as a tool for evaluating user safety behavior. The result after the training was difficult to analyze with both negative and positive outcomes in the scale's statement. However, it turned out that in combination with interviews with respondents it is seen that it is a useful tool to draw attention to the underlying factors of the answers, such as a lack of knowledge of the security features used daily and shortcomings in security processes in the organization. Which might not have been so transparent without the use of ISeBIS. The interviewees all meant that the ISeBIS scale and the education given created awareness and above all more discussion about how information security appeared in the organization and what could be improved in the short and long term.
|
384 |
Dataskyddsförordningens tillämplighet vid personuppgiftshantering i molntjänster : En studie av Dataskyddsförordningen, utifrån perspektivet användande av molntjänster / The applicability of the General Data Protection Regulation when processing personal data in cloud services : A study of the General Data Protection Regulation, from the perspective of the use of cloud servicesJohnsson, Lovisa January 2017 (has links)
För att förbättra säkerhetsarbetet och för att skapa harmonisering inom EU vad gäller skydd av personuppgifter antogs i april år 2016 en ny EU-förordning om dataskydd, General Data Protection Regulation (GDPR), även benämnd Dataskyddsförordningen. Förordningen börjar gälla som lag i Sverige först den 25 maj år 2018. Införandet av förordningen kommer innebära att Europaparlamentets och rådets direktiv 95/46/EG av den 24 oktober 1995 om skydd för enskilda personer med avseende på behandling av personuppgifter och om det fria flödet av sådana uppgifter samt Personuppgiftslagen (1998:204) (PUL) upphör att gälla. Det huvudsakliga syftet med Dataskyddsförordningen är att ytterligare harmonisera och effektivisera skyddet av personuppgifter för att förbättra den inre marknadens funktion samt att öka den enskildas kontroll över sina personuppgifter. Dataskyddsförordningen är direkt tillämplig som lag i samtliga medlemsländer och kommer efter ikraftträdande utgöra grunden för generell personuppgiftsbehandling inom hela EU. Det har under de senaste åren blivit allt mer vanligt att företag, organisationer, kommuner och myndigheter använder sig av molntjänster. Molntjänster är intressanta ur ett juridiskt perspektiv eftersom de mest uppmärksammade juridiska frågeställningarna angående molntjänster är frågor hänförliga till hantering av personuppgifter och säkerhet. I uppsatsen redogörs för införandet av Dataskyddsförordningen (GDPR) utifrån perspektivet företags, organisationer, kommuners och myndigheters användande av molntjänster. I uppsatsen beskrivs även molntjänsters funktioner och egenskaper. Dataskyddsförordningen är nyligen antagen och utgör ännu inte svensk lag, förordningen baseras däremot i stora delar på Dataskyddsdirektivets innehåll och struktur. Dataskyddsdirektivet och PUL studeras därför i uppsatsen för att få en förståelse för bestämmelserna i Dataskyddsförordningen. Molntjänster finns i flera olika tekniska lösningar och är även gränsöverskridande, vilket innebär att användande av molntjänster i vissa fall innebär att personuppgifter överförs till ett tredje land. Uppsatsen behandlar därmed tillämpliga bestämmelser avseende överföringar av personuppgifter till tredje land. Uppsatsen avslutas med en analys och en slutsats. I slutsatsen konstateras att förordningen ger ett förstärkt skydd för den registrerade vid hantering av personuppgifter i molntjänster samt att förordningens utökade territoriella tillämpningsområde innebär att förordningen är bättre anpassad till molntjänstanvändande. Vidare konstateras i slutsatsen att rättsläget för överföringar av personuppgifter till USA med stöd av Privacy Shield-överenskommelsen för närvarande är osäkert.
|
385 |
Právo na ochranu osobních údajů dle článku 8 Listiny základních práv Evropské unie / The Right to the Protection of Personal Data in Article 8 of the Charter of Fundamental Rights of the European UnionMádr, Petr January 2016 (has links)
This thesis deals with the fundamental right to the protection of personal data as enshrined in Article 8 of the Charter of Fundamental Rights of the European Union ('the Charter'). An analysis of the case law of the Court of Justice of the European Union (CJEU) on Article 8 of the Charter reveals an intriguing paradox: although this provision has been repeatedly invoked in order to enhance protection of personal data and has featured prominently in several far-reaching judgments (Digital Rights Ireland, Google Spain or Schrems), there is considerable uncertainty as to the substantive scope of the right to the protection of personal data. The relationship between the right to privacy and the right to data protection has proved difficult to untangle, and the autonomous nature of Article 8 of the Charter has not always been respected. The aim of the thesis is to analyse the purpose and content of this fundamental right with reference to the CJEU's case law and recent academic debate. This thesis is divided into four chapters. Chapter 1 provides an overview of the European legal framework for data protection and demonstrates the limited value of the 'Explanations relating to the Charter' in interpreting Article 8. Chapter 2 analyses the CJEU's approach to interpreting and applying Article 8, while Chapter 3 is...
|
386 |
A data protection methodology to preserve critical information from the possible threat of information lossSchwartzel, Taryn 03 October 2011 (has links)
M.Tech. / Information is a company’s greatest asset that is continually under threat from human error, technological failure, natural disasters and other external factors. These threats need to be identified and quantified and their relevant protection techniques need to be deployed. This research will allow businesses to ascertain which of these data protection strategies to embrace and deploy, thereby highlighting the balance between cost and value for their business needs. Every commercial enterprise should understand the business value of their data and realise that protecting this data is of utmost importance. However, company data often resides on different mediums, in different locations and implementing a data protection strategy is not always cost effective in terms of the cost of storage mediums and protection methods. The challenges that businesses face is trying to distinguish between mission-critical data from other business data, excluding any non-business or invaluable data that resides on their systems. Thus a cost-effective data protection strategy can be implemented according to the different values of business data. This research provides a model to enable an organisation to: · Utilise the model as a framework or guideline in determining a strategy for protection, storage, retrieval and preservation of business critical data. · Define the data protection strategy to meet the organisation’s business requirements. · Define a cost effective data protection solution that encompasses protection, storage, retrieval and preservation of business critical data. · Make strategic decisions based on an array of best practices to ensure mission-critical data is protected accordingly. iii · Draw a conclusion between the costs of implementing these solutions against the real business value of the data that it protects.
|
387 |
Respect de la vie privée en matière de nouvelles technologies à travers des études de cas / Respect for privacy in new technologies through case studiesAugand, André-Jacques 29 September 2015 (has links)
Le développement d’Internet et des services en ligne ont pour conséquence une multiplication des informations collectées auprès des utilisateurs - explicitement ou à leur insu. Bien plus, ces informations peuvent être divulguées à des tiers, ou croisées avec d’autres données pour constituer des profils d’utilisateurs, ou contribuer à l’identification d’un individu. L’intensité des activités humaines dans les réseaux sociaux constitue donc un terrain fertile pour de potentielles atteintes à la vie privée des utilisateurs. Ce travail de recherche a pour but d’étudier d’abord les déterminants socio-économiques de l’usage et de l’adoption de l’Internet dans une société en voie de développement. Ensuite, nous avons étudié la perception, le contrôle du risque, et la confiance perçue par l’utilisateur de l’Internet dans le contexte des réseaux en ligne (Facebook, LinkedIn, Twitter, Myspace, Viadeo, Hi5 etc.). Nous avons élaboré un questionnaire qui a été administré aux internautes gabonais. Nos résultats ont montré que le statut socio-économique et les conditions de vie des individus influencent fortement l’usage de l’Internet à Libreville et à Port- Gentil. En ce qui concerne la confiance perçue et le comportement de l’utilisateur, trois types de déterminants de la confiance ont été identifiés : des facteurs liés au site web (réseaux sociaux), des facteurs liés aux différentes organisations publiques et privées du Gabon (Armée, police, justice, administrations et entreprises) et des facteurs liés à l’utilisateur (aversion au risque). Ces résultats suffisent à relativiser l'efficacité des politiques gabonaises visant à assurer une large couverture du pays par les TIC censée créer de la valeur ajoutée et améliorer le niveau de vie et le bien-être social des citoyens. A partir de ces résultats, des recommandations managériales pour les gestionnaires des réseaux sociaux et pour les instances réglementaires gabonaises notamment la commission nationale pour la protection des données à caractère personnel (CNPDCP) sont proposées. Nous proposerons des pratiques permettant de mieux protéger la vie privée des utilisateurs des réseaux sociaux en ligne. / The development of the Internet and online services have resulted in a proliferation of information collected from users - explicitly or without their knowledge. Furthermore, such information may be disclosed to third parties, or crossed with other data to create user profiles, or contribute to the identification of an individual.-The intensity of human activities in social networks is therefore a breeding ground for potential violations of user privacy. This research aims to study first the socio-economic determinants of the use and adoption of the Internet in a developing society. Then we studied the perception, risk control, and trust perceived by the user of the Internet in the context of online networks (Facebook, LinkedIn, Twitter, Myspace, Viadeo, Hi5 etc.). We developed a questionnaire that was administered to Gabon surfers. Our results showed that socio-economic status and people's living conditions strongly influence the use of the Internet in Libreville and Port-Gentil. Regarding the perceived trust and user behavior, three types of determinants of trust were identified: the website-related factors (social networks), factors related to various public and private organizations of Gabon (Army, police, judiciary, administrations and companies) and factors related to the user (risk aversion). These results are sufficient to relativize the effectiveness of Gabonese policies to ensure broad coverage of countries by ICT supposed to create added value and improve the living standards and social welfare of citizens. From these results, managerial recommendations for managers of social networks and regulatory bodies including the Gabonese National Commission for the Protection of Personal Data (CNPDCP) are proposed. We will propose practices to better protect the privacy of users of online social networks.
|
388 |
Cloud information security : a higher education perspectiveVan der Schyff, Karl Izak January 2014 (has links)
In recent years higher education institutions have come under increasing financial pressure. This has not only prompted universities to investigate more cost effective means of delivering course content and maintaining research output, but also to investigate the administrative functions that accompany them. As such, many South African universities have either adopted or are in the process of adopting some form of cloud computing given the recent drop in bandwidth costs. However, this adoption process has raised concerns about the security of cloud-based information and this has, in some cases, had a negative impact on the adoption process. In an effort to study these concerns many researchers have employed a positivist approach with little, if any, focus on the operational context of these universities. Moreover, there has been very little research, specifically within the South African context. This study addresses some of these concerns by investigating the threats and security incident response life cycle within a higher education cloud. This was done by initially conducting a small scale survey and a detailed thematic analysis of twelve interviews from three South African universities. The identified themes and their corresponding analyses and interpretation contribute on both a practical and theoretical level with the practical contributions relating to a set of security driven criteria for selecting cloud providers as well as recommendations for universities who have or are in the process of adopting cloud computing. Theoretically several conceptual frameworks are offered allowing the researcher to convey his understanding of how the aforementioned practical concepts relate to each other as well as the concepts that constitute the research questions of this study.
|
389 |
A study of South African computer usersʹ password usage habits and attitude towards password securityFriedman, Brandon January 2014 (has links)
The challenge of having to create and remember a secure password for each user account has become a problem for many computer users and can lead to bad password management practices. Simpler and less secure passwords are often selected and are regularly reused across multiple user accounts. Computer users within corporations and institutions are subject to password policies, policies which require users to create passwords of a specified length and composition and change passwords regularly. These policies often prevent users from reusing previous selected passwords. Security vendors and professionals have sought to improve or even replace password authentication. Technologies such as multi-factor authentication and single sign-on have been developed to complement or even replace password authentication. The objective of the study was to investigate the password habits of South African computer and internet users. The aim was to assess their attitudes toward password security, to determine whether password policies affect the manner in which they manage their passwords and to investigate their exposure to alternate authentication technologies. The results from the online survey demonstrated that password practices of the participants across their professional and personal contexts were generally insecure. Participants often used shorter, simpler and ultimately less secure passwords. Participants would try to memorise all of their passwords or reuse the same password on most of their accounts. Many participants had not received any security awareness training, and additional security technologies (such as multi-factor authentication or password managers) were seldom used or provided to them. The password policies encountered by the participants in their organisations did little towards encouraging the users to apply more secure password practices. Users lack the knowledge and understanding about password security as they had received little or no training pertaining to it.
|
390 |
Ochrana spotřebitele v bankovnictví / Consumer protection in bankingPokorná, Adéla January 2007 (has links)
The significance of personal data protection in the Czech Republic and in other developed countries has been continually increasing. A bank's security system breakdown can cause not only a misuse of the client's personal data but also a financial loss that harms the client and the bank reputation as well. The aim of the thesis is an analysis of the direct banking security and protection means of sensitive data of prime banks on the Czech market. First chapter characterises the consumer protection issues in regard of banking. The second part of the thesis concentrates on the area of direct banking, its forms, possible threats and the particular security tools used by local banks. Last section consists of an analysis of the survey among the banks and their clients.
|
Page generated in 0.1174 seconds