L’accountability ou le principe de responsabilité en matière de protection des renseignements personnels / Accountability in data protection

Mouchard, Emilie

08 May 2018

Entre terme anglophone et concept transversal, l’accountability pose la question du principe de responsabilité et de sa réalisation dans la protection des renseignements personnels. Résultat d’un cheminement à la fois social et législatif, l’imputabilité qui ressort du concept fait de la protection des renseignements personnels un processus à la fois collaboratif et individuel de régulation au service de la responsabilité et des risques nouveaux générés par les technologies de l’information et le déploiement des théories de la responsabilité sociale des entreprises.À la fois objectif, mécanisme et instrument d’une protection des renseignements personnels efficace et efficiente, le principe d’accountability est un principe de droit et de gestion, souvent compris par les entreprises comme une technique de management interne. La mise en action de l’accountability project, par le biais de la reconnaissance du principe par l’OCDE, a mis en lumière l’idée d’une accountability comme un standard essentiel, un mécanisme nécessaire, et un besoin de moralisation à intégrer au regard des risques engendrés par les évolutions sociales et technologiques sur le droit fondamental à la vie privée et la protection des renseignements personnels. / Between anglophone word and transversal concept, accountability ask about the responsability and the enforcement of its principle in privacy laws. Result of a social and legislative path, the imputabilité, who came throught the concept, shows privacy laws as a collaborative and individual regulation process, serving the responsability and the risks that cames with the information technologies and the achievement of the corporate social responsability.In the same time seeing as a goal, a mechanism and an instrument of an effective and efficient privacy, the accountability principle is a legal and a management principle, used by companies as an intern management technic. The realisation of the accountability project take place with the acknoledgement of the principle by the OECD, who highlight the accountability as an essential standard, a necessary mecanism and a moralization requirement according the risks that came throught social and technological evolutions on the right to privacy and its laws.

Droit à la vie privée

Imputabilité

Renseignements personnels

Données personnelles

Technologies de l'information (TIC)

Privacy

Accountability

Data protection

Corporate social responsibility (CSR)

Internet

Som ett öppet vykort? : En fallstudie av hantering och bevarande av e-post ur ett informationssäkerhet- och informationskulturperspektiv / Like an Open Postcard? : A Case Study of the Management and Preservation of E-mail from an Information Security and Information Culture Perspective

Silander, Jenny

January 2019

This thesis is based on a case study of two Swedish municipalities. I have studied which strategies archivists and registrars use for managing and preserving e-mail within these organizations. The study constitutes a comparison between a municipality that has introduced a e-archive and one that has not done so. I also explore how the way in which e-mail is managed has changed over time in the municipalities since The General Data Protection Regulation (GDPR) was introduced in Sweden and throughout the EU in 2018. The study was conducted through qualitative methods. Semi-structured interviews with archivists and registrars from the two municipalities were completed. The empirical material from the interviews has been analysed using qualitative content analysis. This means that notes and transcriptions of the interviews was sorted and categorized and then transformed into the results of the study. The thesis theoretical framework consists of information culture and I have analysed in which way the information culture has changed in the organizations since the GDPR came into force. In addition, I also analysed my results from an information security perspective, since this is up-to-date with the GDPR and is an important aspect to consider in relation to of e-government and records management in the society today. The results show that there are a lot of challenges in the municipalities studied concerning management and preservation of e-mail, especially regarding how the people working in the organization tackle the e-mail. There is a great need that increased education about records management reaches out more in the organizations.The conclusion of this challenges is that information culture also has changed noticeably since the GDPR was introduced. The result of this has in many cases meant that many employees have gained a greater awareness that they need to start reviewing their e-mail inboxes, but they do not know how or in what way it should be done. To solve these problems, it is therefore essential that the education initiatives between archivists and registrars and the employees, that had begun to be implemented in the municipality’s, continues to be expanded. In conclusion and in summary, I would like to emphasize that it is important to consider information culture in organizations today. It is important both to be able to develop the organization's records management and also in a wider social context, in order to satisfy a good structure of public documents and our democratic right to take part of these. In addition to this, in my study, I have come to the conclusion that it is essential to consider the information security both within the public organizations and from a wider societal context, especially linked to management and preservation of e-mail. So far, the topic of managing and preserving e-mail linked to strategies used by organizations and how people influence these has been a rather unexplored area in the field of archival science. This study aims to create new knowledge about an area that is both current and important from a wider societal perspective as well as from an archival science perspective. This is a two years master's thesis in Archival Science.

E-mail

Information security

Information culture

E-government

Archivists

Registrars

E-post

informationssäkerhet

informationskultur

e-förvaltning

arkivarier

registratorer

dataskyddsförordningen

Other Humanities not elsewhere specified

Övrig annan humaniora

Návrh a implementace plánu zálohování dat společnosti / Data Backup Proposal and Implementation for the Company

Hriadeľ, Ondřej

January 2019

This diploma thesis is focused on the development of a new backup plan and its implementation. In introductory part of the thesis I explore the theorethical backround of data backup and data management. Next part is dedicated to analysis of current state and investor requierements. Last part is aimed to implementation of new backup plan with focusing on economic and quality point of view. Besides concept and realization of backup plan the concept of the backup directive is created .

Zobrazení a úprava informací v Transparency and Consent Framework / Transparency and Consent Framework Data Listing and Editing

Postulka, Aleš

January 2021

This thesis deals with the development of multilingual for web browsers Mozilla Firefox and Google Chrome. The purpose of the extension is to enable the automated management of provided consents to the processing of personal data on websites using the Transparency and Consent Framework. Extension was developed on the basis of knowledge about this framework and about legal norms GDPR and ePrivacy Directive, which deal with the protection of personal data. Knowledge of the method of developing extensions for web browsers using WebExtensions was also used during the implementation. During testing, consent was successfully enforced in 96,2 % of tested websites in Mozilla Firefox. In Google Chrome, success has been achieved in 82,1 % of tested websites. The banner requiring consent was not displayed in 33 % of websites in Mozilla Firefox and in 31,1 % of websites in Google Chrome.

Kommunal IT-säkerhet under en pandemi : Distansarbetets påverkan på informationssäkerhet / Municipal IT security during a pandemic : The impact of telework on information security

Axelsson, Louise, Rosvall, Erik

January 2021

Efter pandemins intåg i världen år 2020 har de flesta människor tvingats ändra sina levnadsvanor, både vad gäller privatliv som arbetsliv. I Sverige har anställda, där tjänsten tillåter, tvingats utföra sina arbetsuppgifter på distans och detta har oftast skett i det egna hemmet. Detta öppnar upp för en hel del frågor. Hur skall man kunna bibehålla en god informationssäkerhet när tjänster som hanterar känsliga och sekretessbelagda uppgifter flyttas till den anställdes hem? Denna studie kommer att undersöka en specifik forskningsfråga: Vilka konsekvenser har det ökade digitala distansarbetet resulterat i, vad gäller kommunal IT-säkerhet? En kvalitativ datainsamlingsmetod har använts. Vi har tagit del av tidigare studier och rapporter i ämnet och utfört intervjuer med respondenter som innehar en kommunal tjänst inom IT. Undersökningen fokuserar framför allt på de digitala verktyg som används, vilka strategier som finns, rådande hot gentemot data- och informationssäkerheten samt hantering av tidigare och framtida attacker.   Resultatet visar på att de flesta kommunerna vi intervjuade, använder sig av liknande verktyg för att kommunicera vid distansarbete och även för att säkerställa en säker uppkoppling. Trots givna strategier och riktlinjer från diverse myndigheter, använder kommunerna dessa främst som inspiration till egna policydokument. Under intervjuerna framkom det att de kommuner som utsatts för dataintrång har tagit lärdom och därefter vidtagit diverse åtgärder för att det inte skall upprepas. En slutsats som kan dras av studien är att risken för dataintrång gentemot kommunerna inte har ökat under pandemin.  Däremot har man kunnat konstatera att det är den anställdes brist på utbildning i IT-säkerhet som kan ses som det största hotet vad gäller distansarbete. För att minimera riskerna att känsliga och sekretessbelagda uppgifter läcker ut och hamnar i orätta händer, krävs ökad kunskap och tydliga direktiv vad som skall följas vid distansarbete. / After the pandemic entered the world in 2020, most people have been forced to change their lifestyles, both in terms of private life and work life. In Sweden, employees, where the service allows, have been forced to perform their tasks remotely and this has usually taken place in their own home. This opens up a lot of questions. How can good information security be maintained when services that handle sensitive and classified information are moved to the employee's home? This study will examine a specific research question: What consequences has the increased digital teleworking resulted in, in terms of municipal IT security? A qualitative data collection method has been used. We have taken part in previous studies and reports on the subject and conducted interviews with respondents who hold a municipal position in IT. The survey focuses primarily on the digital tools used, what strategies are available, current threats to data and information security and the management of past and future attacks. The results show that most of the municipalities we interviewed use similar tools to communicate during telework and also to ensure a secure connection. Despite given strategies and guidelines from various authorities, the municipalities use these primarily as inspiration for their own policy documents. During the interviews, it emerged that the municipalities that have been subjected to data breaches have learned lessons and subsequently taken various measures to ensure that it is not repeated. One conclusion that can be drawn from the study is that the risk of data breaches against the municipalities has not increased during the pandemic. On the other hand, it has been established that it is the employee's lack of training in IT security that can be seen as the biggest threat in terms of teleworking. In order to minimize the risks of sensitive and classified information being leaked and falling into the wrong hands, increased knowledge and clear directives are required as to what must be followed in teleworking.

Covid-19

telework

information security

data protection

municipal activities

hacking.

Covid-19

distansarbete

informationssäkerhet

IT-säkerhet

kommunal verksamhet

dataintrång.

Computer and Information Sciences

Data- och informationsvetenskap

Zabezpečení přenosu dat proti dlouhým shlukům chyb / Protection of data transmission against long error bursts

Malach, Roman

January 2008

This Master´s thesis discuses the protection of data transmission against long error bursts. The data is transmited throught the channel with defined error rate. Parameters of the channel are error-free interval 2000 bits and length of burst error 250 bits. One of the aims of this work is to make a set of possible methods for the realization of a system for data correction. The basic selection is made from most known codes. These codes are divided into several categories and then the best one is chosen for higher selection. Of course interleaving is used too. Only one code from each category can pass on to the higher level of the best code selection. At the end the codes are compared and the best three are simulated using the Matlab program to check correct function. From these three options, one is chosen as optimal regarding practical realization. Two options exist, hardware or software realization. The second one would seem more useful. The real codec is created in validator language C. Nowadays, considering language C and from a computer architecture point of view the 8 bits size of element unit is convenient. That´s why the code RS(255, 191), which works with 8 bits symbols, is optimal. In the next step the codec of this code is created containing the coder and decoder of the code above. The simulation of error channel is ensured by last program. Finally the results are presented using several examples.

Analyse verschiedener Distanzmetriken zur Messung des Anonymisierungsgrades theta

Eisoldt, Martin, Neise, Carsten, Müller, Andreas

23 August 2019

Das bereits existierende Konzept zur Bewertung der Anonymisierung von Testdaten wird in dieser Arbeit weiter untersucht. Dabei zeigen sich die Vor- und Nachteile gegenüber bereits existierenden Distanzmetriken. Weiterführend wird untersucht, welchen Einfluss Parameteränderungen auf die Ergebnisse haben.

info:eu-repo/classification/ddc/000

ddc:000

Anonymisierung ; Testdaten

Försäkringsbarheten för administrativa sanktionsavgifter enligt GDPR

Hemmings, Catharina

January 2019

Uppsatsen handlar om försäkringsbarheten för administrativa sanktionsavgifter (GDPR-sanktioner) som utfärdats till följd av en överträdelse av bestämmelserna i dataskyddsförordningen. Syftet med uppsatsen har varit att utreda om det enligt svensk rätt är möjligt att försäkra sådana avgifter. I uppsatsen redogörs för relevanta bestämmelser i det försäkringsavtalsrättsliga regelverket (FAL) och det försäkringsrörelserättsliga regelverket (FRL). Bland de bestämmelser som uppsatsen särskilt behandlar återfinns bestämmelserna om lagligt intresse i 6 kap. 1 § FAL och god försäkringsstandard i 4 kap. 3 § FRL.

General Data Protection Regulation

GDPR

dataskyddsförordningen

försäkringsbarhet

personuppgifter

försäkring

administrativa sanktionsavgifter

sanktionsavgifter

GDPR-sanktioner

lagligt intresse

försäkringsbart intresse

god försäkringsstandard

Datainspektionen

försäkringsrätt

Law

Juridik

Moderní technologie v medicíně a právo / Modern Technologies in Medicine and Law

Konečná, Klaudie

January 2020

Modern Technologies in Medicine and Law Abstract This thesis deals with the application of modern technologies in medicine from the perspective of law. The primary aim of this work is to analyse the given provisions of the Civil Code, Act on Health Services and Act on Medical Devices, and also to determine whether the current legislation represents a suitable legal framework able to respond to the implementation of modern technology in the healthcare sector. In connection with this analysis, author presents possibilities of legislative changes that would respond to these modern technologies. The work inter alia deals with the question of whether the use of some of these technologies within the provision of healthcare services can be considered compliant with the principle of lege artis. In the first chapter, the reader is introduced to the topic of the thesis. This chapter defines the basic terms and presents an overview of the legislation related to the chosen topic. The second chapter represents a main part of the thesis, where author deals with the topic of artificial intelligence. In this chapter, the reader is acquainted with the term of artificial intelligence and the definition of its legal status. Subsequently, author evaluates whether the current legislation constitutes appropriate legal frameworks...

Sledování zaměstnanců v kontextu Obecného nařízení o ochraně osobních údajů / Monitoring of employees in context of General Data Protection Regulation

Röslerová, Karolína

January 2020

1 Monitoring of employees in context of General Data Protection Regulation Abstract This diploma thesis focuses on the supervision and monitoring of employees from multiple perspectives. Based on the relevant European and national caselaw the thesis specifies whether employees shall have right to the protection of their privacy and integrity at the workplace. Thesis also analyses selected aspects of personal data protection with emphasis on personal data of employees as data subjects processed by employers as controllers. In particular attention is devoted to selected obligations, which arises from General Data Protection Regulation for such personal data processing in the light of relevant statements and guidelines provided by the European Data Protection Board, Article 29 Data Protection Working Party and the Office for Personal Data Protection. Thesis in detail addresses the supervision of employees carried out by § 316 of the Labour code, whereas interprets its provisions as well as conditions for establishing the supervision of employees arising from such interpretation. Classification of the provisions of the § 316 paragraph 1 to 3 and their interdependencies are further outlined. Thesis defines monitoring as one way to carry out supervision under paragraph 2 through the analysis of the term...