541 |
Analysis of Customer Personal Data Processing in a Swedish Public Transport OrganizationJovic, Katarina January 2020 (has links)
Purpose: The purpose of this research is to analyze the current routine for processing customers’ personal data in a Swedish public transport organization and advise on improvements that might be made to better comply with GDPR. Methodology: A qualitative study of personal data (as defined in the GDPR) based on five telephone interviews. The interviews were held in Swedish, then transcribed and finally translated to English for analysis. Literature perspectives: A research (neutral) perspective of the implementation regarding the General Data Protection Regulation (GDPR) within an organization. It is reported that GDPR tend to increase the tension in an organization. Some organizations expect GDPR will increase the annual budget and believe the business strategy will be changed. Findings: The organization is interested to clearly implement the regulation to their best interest they can. The organization see the centralization of customers’ data as a positive outcome and want to continue with IT-support for the GDPR process to get automated. The organization expresses they want to create a good relationship with their customers and be clear with the purpose of data collection. Conclusions: The research suggests that the organization should invest in IT support, help guiding the employees to understand the purpose of GDPR and produce staff guidelines. The staff guidelines should cover most of the issues that may occur during daily routines. However, if any anomalies occur regarding GDPR, the data processor should act as a guide to the employee. / Syfte: Syftet med kandidatuppsatsen är att analysera den nuvarande processen för bearbetning av kunders personuppgifter i en svensk kollektivtrafikorganisation samt ge förbättringsråd angående saker som kan förbättras för att bättre följa GDPR. Metod: En kvalitativ studie som handlar om personuppgifter (enligt definitionen i GDPR); baserat på fem telefonintervjuer. Intervjuerna hölls på svenska, transkriberades och översattes sedan till engelska för en analys. Teoretiska perspektiv: Ett forsknings- (objektivt) perspektiv på implementeringen av den allmänna dataskyddsförordningen (GDPR) inom en organisation. Det rapporteras att GDPR tenderar att öka stressen i en organisation. Vissa organisationer förväntar sig att GDPR kommer öka den årliga utgiften för databehandling samt tror att deras affärsstrategi kommer förändras. Resultat: Region Värmland Kollektivtrafik är intresserade av att genomföra GDPR förordningen i högsta grad. Organisationen ser centraliseringen av kundens personliga data som ett positivt resultat och vill fortsätta med IT-stöd för GDPR- processen för att den ska kunna bli automatiserad. Organisationen uttrycker att de vill skapa en bra relation med sina kunder och vara tydliga med syftet av datainsamlingen. Slutsatser: Studien antyder att organisationen bör investera i IT-stöd, hjälpa anställda att förstå syftet med GDPR samt ta fram personalriktlinjer. Personalriktlinjerna bör täcka de flesta problem som kan uppstå i de dagliga rutinerna. Om det däremot uppstår några avvikelser gällande GDPR, bör personbiträde fungera som en hjälpande hand för de anställda.
|
542 |
Právo na zapomnění v prostředí internetu / The right to be forgotten on the internetJůzová, Jana January 2016 (has links)
Diploma thesis The Right to be Forgotten on the Internet applies to the functions of Internet search engines, search algorithms and the impact of the digital footprint that on the Internet user essentially leaves. With this issue is, on the one hand, inseparably linked the protection of personal data in the online environment, on the other hand the constitutionally enshrined right to information and other fundamental rights. Not ignored should be also the risk of censorship of the Internet. An application of the right to be forgotten adds a whole new dimension to this problems. The right to be forgotten is inferred from the judgment of the European Court of Justice on 13 May 2014 in the case Costeja versus Google Spain, where an Internet user named Mario Costeja Gonzáles first succeeded with a request of removal of unflattering information about himself from results of the search engine Google. Thus a reform precedent will have a big impact on seeking information on the Internet in the future, since the pronouncement of the judgment about the removal of his personal data may ask any European Internet user. The thesis aims to analyze the issue of right to be forgotten in the context of searching for information on the Internet in the European Internet environment - it means not to be searched on the...
|
543 |
Privacy Paradox : En kvalitativ studie om svenskars medvetenhet och värnande om integritet / Privacy Paradox : A qualitative study on Swedes awareness and protection of integrityHarzdorf, Hjördis, Talal Abdulrahman, Hanin, Duric, Sumejja January 2019 (has links)
Genom digitalisering av samhället och teknologins utveckling har marknadsföringsstrategier progressivt reformerats, från att uppmärksamma produkter mot konsumenten till att istället sätta konsumenten i fokus. Genom avancerade algoritmer, Business Intelligence och digitala DNA spår har det blivit möjligt att individualisera och rikta marknadsföring mot konsumentens intressen och även förutse individens konsumentbeteende. Samtidigt uttrycker individer ett stort värde för anonymitet och integritet online. Trots detta fortsätter konsumenter att frivilligt att lämna sin persondata, främst via olika kundklubbar, internet och sociala medier. Detta beteende påvisar en så kallad “privacy paradox”. Privacy paradox syftar på medvetenhet och oro kring utgivandet av persondata samtidigt som man agerar annorlunda. Avsikten med denna studie var att utforska om fenomenet privacy paradox existerar inom svenska konsumenters handlingar och konsumentens medvetenhet kring användning av personlig data för riktad marknadsföring online. Det empiriska materialet i denna studie består av semi-strukturerade intervjuer med sju olika respondenter gällande deras medvetenhet, tillit och integritet online. Resultatet analyserades med hjälp av den tematiska strategin för att lättare identifiera beetendemönster som respondenterna utgav. Slutligen besvaras fenomenet privacy paradox hos svenska konsumenter genom tre forskningsfrågor 1.“Hur medvetna är svenska konsumenter om den information som de delar med sig av, i synnerhet inom riktad marknadsföring?” 2.“Hur mycket värnar svenska konsumenter om sin integritet?” 3.“ Påvisar svenska konsumenter privacy paradox och varför?”. Majoriteten av respondenterna var medvetna om personliga uppgifter online, dock varierade medvetenheten om vad för information som fanns tillgänglig både för privata användare och verksamheter. Man sa sig även värna om sin integritet men ens handlingar stödde inte detta till fullo. Med hjälp av denna studie fann man att fenomenet privacy paradox existerar hos de svenska konsumenter som deltog under denna studie. Anledningar till dessa var bland annat att man inte vill bli exkluderad från samhället och det kognitiva förtroendet till verksamheter. Man litar på att de gör rätt för sig. Värnande om integritet visades då genom att man minskade mängden personinformation som andra privatpersoner kunde komma åt. En annan anledning som uppkom var svårigheten i att bryta vanor och beteendemönster. Därför fortsätter man agera på samma sätt som tidigare, trots ny kunskap samt GDPR. Respondenter hade olika nivåer av förståelse riktad marknadsföring. Det majoriteten inte var medvetna om var mängden av lagrad information samt hur den samlas in t.ex. genom cookies. / Through digitalisation of the society and the technological development, the marketing strategies has progressively been reformed. From mainly giving attention to the product towards the consumers to instead place the consumer in the center of attention. Subsequently advanced algorithms, Business Intelligence and digital DNA tracing has enabled individualisation and target marketing, for the interest of the consumer, this also gave access to predict consumer behaviour. Meanwhile individuals put a big value on anonymity and integrity online. Despite this consumers keep sharing their data voluntary, primarily through customer clubs, the internet and social media. This behaviour demonstrates a so called “privacy paradox”. Privacy paradox refers consumers awareness and concern about sharing personal data, while still sharing their information. The purpose of this study was to examine whether the phenomenon of privacy paradox exists in Swedish consumers actions and the consumer’s awareness of the use of personal data for targeted online marketing. The empirical material in this study exists of semi-structured interviews with 7 different respondents regarding their consciousness, trust and integrity online. The results were analyzed through the thematic strategy to easily identify behavioural patterns that the respondents showed. Lastly, the phenomenon of privacy paradox in Swedish consumers is answered through three research questions 1. “How aware are Swedish consumers regarding the information they share, particularly in target marketing? 2. “How much does the Swedish consumer care about their integrity?” 3. “Does the Swedish consumer show privacy paradox and why?”. The majority of the respondents were aware that personal information exists online. The awareness regarding what kind of information that is available for both private users and organisations varied. While respondents mentioned that they want to protect their privacy, their actions proved otherwise. With the help of this study, we could conclude that the phenomenon named privacy paradox exists through the information gathered from the swedish consumers that participated in this study. Reasons being the willingness to not be excluded from society and the cognitive trust towards organizations. You trust that they do the right thing. Respondents protected privacy by reducing the amount of personal information other individuals could access. Another reason that was brought up was the difficulty in changing habits and behaviour. Therefore respondents continued doing the same things as before, despite new knowledge and GDPR. Respondents showed different levels of understanding regarding targeted marketing. However the majority was not aware of the amount of stored information and how it is collected, for example through cookies.
|
544 |
A validated information privacy governance questionnaire to measure the perception of how effective privacy is governed in a financial institution in the South African contextSwartz, Paulus 04 1900 (has links)
The general aim of this research is to develop a conceptual privacy governance framework (CPGF) that can be used to develop a valid and reliable information privacy governance questionnaire (IPGQ) to assess the perception of employees of how effective the organisation governs privacy.
The CPGF was developed to incorporate a comprehensive set of privacy components that could assist management in governing privacy across an organisation. IPGQ statements were derived from the theory of the sub-components of CPGF, evaluated by an expert panel and pre-tested by a pilot group. A quantitative mono method research was followed using a survey questionnaire to collect data in a financial institution in South Africa. Exploratory Factor Analysis (EFA) was used to determine the underlying factorial structure and the Cronbach Alpha was used to establish the internal reliability of the factors. From the initial item reduction of the constructs, four factors were derived to test the privacy perception of employees. The IPGQ consisted of 49 valid and reliable questions. One-way Analysis of Variance (ANOVA) was used, and three significant differences were discovered among the demographical groups for the age groups and two for the employment status groups (organisational commitment and privacy controls).
The CPGF and IPGQ can aid organisations to determine if organisations are effectively governing the privacy in the organisations in order to assist them in meeting the accountability condition of the Protection of Personal Information Act (POPIA). / Computing / M. Sc. (Information Systems)
|
545 |
L’encadrement juridique de l’exploitation des mégadonnées dans le secteur privé au QuébecDu Perron, Simon 01 1900 (has links)
Les mégadonnées font partie de ces sujets dont on entend parler sans trop savoir ce qu’ils signifient précisément. Souvent associés au domaine de l’intelligence artificielle, ces volumineux ensembles de données sont à la base d’un nombre croissant de modèles d’affaires axés sur la valorisation des données numériques que nous générons au quotidien. Le présent mémoire cherche à démontrer que cette exploitation des mégadonnées par les entreprises ne s’effectue pas dans un vide juridique.
Les mégadonnées ne peuvent être considérées comme un objet de droit en l’absence d’une définition formelle. Une revue de la littérature multidisciplinaire à leur sujet, invite à les concevoir comme un actif informationnel doté de cinq caractéristiques principales, soit leur volume, leur vélocité, leur variété, leur valeur et leur véracité. L’analyse de ces caractéristiques permet au juriste d’atteindre une compréhension suffisante de ce phénomène afin de l’aborder sous le prisme du droit positif. Suivant un exercice de qualification juridique, les mégadonnées émergent à la fois comme un bien meuble incorporel et comme un ensemble de documents technologiques portant divers renseignements dont certains peuvent être qualifiés de renseignements personnels.
Le cadre juridique applicable à l’exploitation des mégadonnées s’articule donc autour de la protection législative de la vie privée informationnelle qui s’incarne à travers les lois en matière de protection des renseignements personnels. Cet encadrement est complété par certaines règles relatives à la gestion documentaire et au droit à l’égalité. Une manière efficace de présenter cet encadrement juridique est selon le cycle de vie des renseignements personnels au sein des mégadonnées. Ainsi, il appert que les principes issus de l’approche personnaliste et minimaliste du droit québécois à la protection des renseignements personnels s’appliquent tant bien que mal à la collecte des données numériques ainsi qu’à leur traitement par les entreprises. / Big data is one of those topics we keep hearing about without knowing exactly what it means. Often associated with the field of artificial intelligence, these large datasets are the backbone of a growing number of business models that focus on leveraging the digital data we generate on a daily basis. This Master’s thesis seeks to demonstrate that this exploitation of big data by businesses is not happening in a legal vacuum.
Big data cannot be considered as an object of rights in the absence of a formal definition. A review of the multidisciplinary literature on the subject invites us to conceive them as an information asset with five main characteristics: volume, velocity, variety, value and veracity. The study of these characteristics allows the jurist to reach a sufficient understanding of the phenomenon in order to approach it through the lens of positive law. Following a legal qualification exercise, big data emerges both as intangible movable property and as a set of technological documents carrying various types of information, some of which can be qualified as personal information.
The legal framework governing the exploitation of big data is therefore built around the legislative protection of informational privacy, which is embodied in privacy laws. This framework is complemented by certain rules relating to document management and the right to equality. An effective way to present this legal framework is according to the life cycle of personal information within big data. Thus, it appears that the principles stemming from the personalist and minimalist approach of Quebec's data protection law apply, albeit not without struggle, to the collection of digital data as well as their processing by businesses.
|
546 |
Design and evaluation of a secure, privacy-preserving and cancelable biometric authentication : Bio-CapsuleSui, Yan 04 September 2014 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / A large portion of system breaches are caused by authentication failure either during the system login process or even in the post-authentication session, which is further related to the limitations associated with existing authentication approaches. Current authentication methods, whether proxy based or biometrics based, are hardly user-centric; and they either put burdens on users or endanger users' (biometric) security and privacy. In this research, we propose a biometrics based user-centric authentication approach. The main idea is to introduce a reference subject (RS) (for each system), securely fuse the user's biometrics with the RS, generate a BioCapsule (BC) (from the fused biometrics), and employ BCs for authentication. Such an approach is user-friendly, identity-bearing yet privacy-preserving, resilient, and revocable once a BC is compromised. It also supports "one-click sign on" across multiple systems by fusing the user's biometrics with a distinct RS on each system. Moreover, active and non-intrusive authentication can be automatically performed during the user's post-authentication on-line session. In this research, we also formally prove that the proposed secure fusion based BC approach is secure against various attacks and compare the new approach with existing biometrics based approaches. Extensive experiments show that the performance (i.e., authentication accuracy) of the new BC approach is comparable to existing typical biometric authentication approaches, and the new BC approach also possesses other desirable features such as diversity and revocability.
|
547 |
Les tensions entre les principes juridiques applicables aux systèmes d'intelligence artificielle en droit québécois (explicabilité, exactitude, sécurité et équité)Aubin, Nicolas 08 1900 (has links)
Le 21 septembre 2021, l’Assemblée nationale du Québec a adopté le projet de loi 64 afin de moderniser son régime de protection des renseignements personnels. S’inspirant du Règlement Général sur la Protection des Données européen, ce projet de loi renforce substantiellement les obligations des entreprises privées et des organismes publics à l’égard des renseignements personnels des Québécois. Ce projet de loi assure également le respect de certains principes juridiques applicables aux systèmes d’intelligence artificielle. Or, dans le cadre de ce mémoire, nous démontrons que des tensions existent entre quatre de ces principes. Ces principes sont : le principe d’explicabilité, le principe d’exactitude, le principe de sécurité ainsi que le principe d’équité et de non-discrimination. En effet, il est souvent difficile et parfois impossible d’assurer un respect conjoint de ces quatre principes. La présente étude se divise en trois chapitres. Le premier explore les quatre principes pour ensuite identifier les obligations légales québécoises qui permettent d’en assurer le respect. Le second expose les tensions entre ces principes. Le dernier propose une solution permettant aux entreprises et aux organismes publics québécois de réaliser les arbitrages nécessaires entre ces principes tout en respectant la Loi. / On September 21, 2021, the Quebec legislative passed Bill 64 to modernize its privacy regime. Inspired by the European General Data Protection Regulation, this bill strengthens the obligations of private companies and public bodies with respect to personal data. This bill also provides obligations protecting normative principles applicable to artificial intelligence systems. In this paper, we show that four of these principles exist in a state of tension. These principles are : explicability, accuracy, security and fairness and non-discrimination. Indeed, it is often difficult and sometimes impossible to ensure that these principles are respected together.
This study is divided into three parts. The first part defines the four principles to then identifies how these principles are translated into Quebec law. The second part sets out the tensions between these principles. The last part provides a solution that would allow Quebec businesses and public bodies to make the necessary trade-offs between these principles in a matter that complies with their legal obligations.
|
548 |
An Improved Utility Driven Approach Towards K-Anonymity Using Data Constraint RulesMorton, Stuart Michael 14 August 2013 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / As medical data continues to transition to electronic formats, opportunities arise for researchers to use this microdata to discover patterns and increase knowledge that can improve patient care. Now more than ever, it is critical to protect the identities of the
patients contained in these databases. Even after removing obvious “identifier”
attributes, such as social security numbers or first and last names, that clearly identify a specific person, it is possible to join “quasi-identifier” attributes from two or more publicly
available databases to identify individuals.
K-anonymity is an approach that has been used to ensure that no one individual
can be distinguished within a group of at least k individuals. However, the majority of the proposed approaches implementing k-anonymity have focused on improving the efficiency of algorithms implementing k-anonymity; less emphasis has been put towards ensuring the “utility” of anonymized data from a researchers’ perspective. We propose a
new data utility measurement, called the research value (RV), which extends existing
utility measurements by employing data constraints rules that are designed to improve
the effectiveness of queries against the anonymized data.
To anonymize a given raw dataset, two algorithms are proposed that use predefined
generalizations provided by the data content expert and their corresponding
research values to assess an attribute’s data utility as it is generalizing the data to
ensure k-anonymity. In addition, an automated algorithm is presented that uses
clustering and the RV to anonymize the dataset. All of the proposed algorithms scale
efficiently when the number of attributes in a dataset is large.
|
549 |
Conference Report: 4th Liechtenstein Talks on Economic Criminal Law: Criminal ComplianceMeserth, Markus 21 November 2023 (has links)
On June 23, 2023, the Professorship for Economic Criminal Law, Compliance, and Digitalization at the University of Liechtenstein successfully continued its hybrid event series, 'Liechtenstein Talks on Economic Criminal Law.' The central theme of the fourth conference was 'Criminal Compliance,' a key focus of the professorship's research. Experts from various countries discussed relevant aspects of compliance, particularly for Liechtenstein as a financial center, through five presentations and subsequent discussions.
In her opening speech, Prof. Dr. Konstantina Papathanasiou emphasized the practical significance of 'Criminal Compliance' and its growing importance in economic regulation. The conference covered a wide range of topics, from insights into the role of a compliance officer to internal investigations, compliance risk analysis, and the use of IT tools in data forensics. Papathanasiou also highlighted the recent publication of 'Corporate Criminal Law and Criminal Compliance,' available to participants in the LL.M. program in economic criminal law.
The presentations delved into diverse areas, such as the role of a compliance officer in Liechtenstein's financial market, the privatization of law enforcement through internal investigations, data protection in internal investigations, compliance risk analysis, and technological innovations in internal investigations. The speakers discussed tools like whistleblower platforms and AI-supported data forensics, addressing both opportunities and challenges.
|
550 |
[pt] A PROTEÇÃO DOS DADOS PESSOAIS COMO UM DIREITO FUNDAMENTAL AUTÔNOMO: BOAS PRÁTICAS DE COMPLIANCE FRENTE AO CAPITALISMO DE VIGILÂNCIA / [en] PERSONAL DATA PROTECTION AS A FUNDAMENTAL RIGHT ITSELF: COMPLIANCE GUIDELINES AGAINST THE SURVEILLANCE CAPITALISMRAFAELA SARTORE FURQUIM 04 July 2023 (has links)
[pt] Em razão do desenvolvimento tecnológico das últimas décadas, a sociedade
contemporânea passou por profundas mudanças que deram origem, segundo
Shoshana Zuboff, ao Capitalismo de vigilância. Diante deste cenário, o presente
estudo tem por objetivo analisar os reflexos desse fenômeno no ordenamento
jurídico brasileiro que justificaram a promulgação da Emenda Constitucional
115/22 e da Lei Geral de Proteção de Dados, constituindo um modelo regulatório
híbrido, fortemente baseado em princípios, no qual, além de estabelecer obrigações
para os agentes de tratamento, cria um ambiente de incentivo à adoção de boas
práticas e de governança. Para tanto, será analisado como o compliance de dados
pode ser um eficiente instrumento para promover, na prática, a adoção dos
princípios da LGPD e da regulação já existente da ANPD em prol uma cultura de
proteção de dados no Brasil. / [en] The technological development of recent decades, contemporary society has
faced profound changes that have given rise, according to Shoshana Zuboff, to
Surveillance Capitalism. Therefore, this study aims to analyze the impacts of
surveillance capitalism in the brazilian legal system that justified the promulgation
of Constitutional Amendment 115/22 and the Brazilian General Data Protection
Law (LGPD), based on the strong principled on a hybrid regulatory model in which,
in addition to establishing obligations for treatment agents, creates an environment
that encourages the adoption of good practices and governance. This way, it will be
analyzed how data compliance can be an efficient instrument to promote, in
practice, the adoption of the LGPD principles and the ANPD regulation in a data
protection culture in Brazil.
|
Page generated in 0.1026 seconds