Global ETD Search

1	An Examination of the Privacy Impact Assessment as a Vehicle for Privacy Policy Implementation in U.S. Federal Agencies Pandy, Susan M. 13 February 2013 (has links) The Privacy Act of 1974 was designed to protect personal privacy captured in the records held by government agencies. However, the scope of privacy protection has expanded in light of advances in technology, heightened security, ubiquitous threats, and the value of information. This environment has raised the expectations for public sector management of sensitive personal information and enhanced privacy protections. While the expanse of privacy policy implementation is broad, this study focuses specifically on how agencies implement privacy impact assessments (PIAs) as required under Section 208 of the E-Government Act of 2002. An enhanced understanding of the PIA implementation process serves as a portal into the strategic considerations and management challenges associated with broader privacy policy implementation efforts. A case study of how the U.S. Postal Service and the U.S. Department of Veterans Affairs have implemented PIAs provides rich insights into privacy policy implementation and outcomes. Elite interviews enriched by process data and document analysis show how each organization undertook different approaches to PIA implementation over time. This study introduces the sociology of law literature using Lauren Edelman's conceptual framework to understand how organizations respond to and interpret law from within the organization, or endogenously. Building upon Edelman's model, certain characteristics of the PIA implementation are analyzed to provide rich description of the factors that influence the implementation process and lead to different policy outcomes. The findings reflect valuable insights into the privacy policy implementation process and introduce the sociology of law literature to the field of public administration. This literature furthers our understanding of how organizations enact policy over time, how the implementation process unfolds and is impacted by critical factors, and for identifying emergent patterns in organizations. This study furthers our understanding how privacy policy, in particular, is implemented over time by examining the administrative capacities and levels of professionalism that are utilized to accomplish this effort. This research comes at a critical time in the context of the emerging legal and political environment for privacy that is characterized by new expectations by the public and the expanding role of government to manage and protect sensitive information. / Ph. D. privacy privacy impact assessment privacy policy data breach e-government
2	A systematic methodology for privacy impact assessments: a design science approach Spiekermann-Hoff, Sarah, Oetzel, Marie Caroline January 2014 (has links) (PDF) For companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting these data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company's reputation and finances, as well as negative effects for customers or employees (data subjects). To address this problem, we propose a methodology that systematically considers privacy issues by using a step-by-step privacy impact assessment (PIA). Existing PIA approaches cannot be applied easily because they are improperly structured or imprecise and lengthy. We argue that companies that employ our PIA can achieve "privacy-by-design", which is widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications.
3	An information processing model and a set of risk identification methods for privacy impact assessment in an international context / 国際的な文脈におけるプライバシー影響評価のための情報取扱モデル及び一連のリスク特定手法 Kuroda, Yuki 25 September 2023 (has links) 京都大学 / 新制・課程博士 / 博士(情報学) / 甲第24935号 / 情博第846号 / 新制\|\|情\|\|142(附属図書館) / 京都大学大学院情報学研究科社会情報学専攻 / (主査)教授黒田知宏, 教授矢守克也, 教授曽我部真裕 / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DGAM Privacy Impact Assessment Risk identification Data mapping Privacy Personal Information Protection 007
4	Den nya dataskyddsförordningens påverkan på svenska folkhögskolor : Med fokus på konsekvensbedömning / General data protection regulations effect on Swedish folk high schools : With focus on privacy impact assessment Pettersson, Malin January 2018 (has links) Syftet med denna studie är att undersöka hur folkhögskolor i Sverige hanterar den nya dataskyddsförordningen (nedan nämnd som förordningen eller GDPR) och fokuset har legat på konsekvensbedömning avseende dataskydd. GDPR handlar till stor del om att stärka den personliga integriteten. Konsekvensbedömning avseende dataskydd är ett nytt krav för organisationer som hanterar personuppgifter. Konsekvensbedömning avseende dataskydd handlar om att förebygga hot och sårbarheter samt att göra riskanalyser. Detta gäller säkerheten kring den tekniska biten såsom system där personuppgifter hanteras men även den mänskliga faktorn. Tidigare studier visar att konsekvensbedömning har funnits med länge men konsekvensbedömning för personuppgifter har inte tidigare varit ett krav. Den här studien visar att vissa folkhögskolor är familjära med processen medan vissa inte har utfört en konsekvensbedömning alls. Den här studien visar även att kunskaperna kring hur den nya förordningen påverkar folkhögskolor förbättrades efter ett utbildande webbinarium. Metoden som använts för denna studie är en intervjustudie som innefattar intervjuer med nyckelpersoner på folkhögskolor i Sverige där dessa har haft olika roller för att få en så bred bild som möjligt. Folkhögskolorna har varit på olika stadier i införandet av förordningen men även många likheter har presenterats. För att få fram svar på forskningsfrågan har intervjuer med fem nyckelpersoner på fyra olika folkhögskolor genomförts. Resultaten kommer att analyseras genom en innehållsanalys och genom analysen kommer rapporten kunna presentera en bild av hur folkhögskolor arbetar med personuppgifter, vilka förändringar kring arbetet som har uppkommit men också vilka utmaningar det finns att implementera GDPR och konsekvensbedömning. Sammanfattningsvis så kom det fram att folkhögskolor är olika i arbetet med konsekvensbedömning. Vissa folkhögskolor prioriterar det medan andra inte arbetar alls med det. Ett specifikt svar på hur folkhögskolor påverkas av GDPR och konsekvensbedömning kan inte ges sedan varje folkhögskola är olika varandra. Det kan bero på att folkhögskolor är frivilliga, till skillnad från grundskola och gymnasium och att folkhögskolor ofta drivs av fristående stiftelser. / The purpose of the work is to study how folk high schools in Sweden are handling General Data Protection Regulation (GDPR) and the focus has been on Privacy Impact Assessment (PIA). GDPR is mostly about strengthening personal privacy. PIA is a new requirement for organizations which are handling personal information. PIA is about preventing threats and vulnerabilities and about risk analyses. Both when it comes to security to systems where the personal information is stored but also about human factors. Earlier studies show that privacy impact assessment has been here for a long time but the privacy impact assessment regarding personal data has not been a requirement. This study showed that some of the folk high schools were familiar with the process, while some have never done that before. The study also shows that the knowledge of how the regulation is affecting folk high schools were improved after an educational webinar. The method that has been used for this work is an interview study which is based on interviewing key figures from folk high schools in Sweden. The respondents have mixed roles in the organizations, to get a wider picture. The folk high schools have been on various stages with implementing GDPR but shares similarities. To get an answer for the research question, the study was based on interviews with five key figures from four different folk high schools. The results were analysed based on a content analysis where the report aims to present an image of how the folk high schools are working with personal data, what changes have been made to meet the requirements for GDPR and privacy impact assessment but also what challenges exist when implementing them. The conclusion was that folk high schools are different when it comes to working with privacy impact assessment. Some are prioritizing it while some are not working with it at all. A certain answer to the question cannot be answered since there are differences between folk high schools. One reason for that is because folk high schools are optional, in difference of primary school and high schools, and often run by independent foundations. GDPR privacy impact assessment personal privacy folk high school risk management GDPR konsekvensbedömning integritet folkhögskolor riskhantering Engineering and Technology Teknik och teknologier
5	The EU General Data Protection Regulations and their consequences on computer system design / EUs allmänna dataskyddsförordning och dess konsekvenser för programsystemteknik Magnusson, Wilhelm January 2017 (has links) As of writing this thesis, the EU’s new data protection laws (GDPR) will start to apply within one year. The new regulations are poorly understood by many and rumours of varying accuracy are circling the IT industry. This thesis takes a look at the parts of the GDPR concerning system design and architecture, clarifying what they mean and their consequences for system design. The new regulations are compared to the old data protection laws (Directive 95/46/EC), showing how companies must alter their computer systems in order to adapt. Using evaluations of the old data protection laws predictions are made for how the GDPR will affect the IT industry going forward. One of the more important questions are what tools are available for companies when adapting to privacy protection regulations and threats. This thesis aims to identify the most common processes for this kind of system modification and compare their effectiveness in relation to the GDPR. / Vid framställningen av denna avhandling är det mindre än ett år innan EUs nya dataskyddsförordning (GDPR) träder i kraft. Många har bristande förståelse av de nya förordningarna och rykten av varierande korrekthet cirkulerar inom IT industrin. Denna avhandling utför en kritisk undersökning utav de delar inom GDPR som berör system design och arkitektur och beskriver dess innebörd för system design. De nya lagarna jämförs med de föregående dataskyddslagarna (Direktiv 95/46/EC) för att påvisa de modifikationer som kommer krävas för att anpassa datorsystem till de nya förordningarna. Genom att undersöka de äldre dataskyddslagarnas effekt på industrin görs även förutsägelser kring hur GDPR kommer påverka IT industrin inom den närmaste framtiden. Än av de intressantare frågorna är vilka metoder som finns tillgängliga för att underlätta systemanpassningar relaterade till dataskyddsförordningar. Denna avhandling syftar att identifiera de mest etablerade av dessa typer av processer och jämföra deras lämplighet i förhållande till GDPR. GDPR PbD PIA PUL privacy impact assessment privacy by design Directive 95/46/EC General Data Protection Regulations Computer Sciences Datavetenskap (datalogi)
6	Les tensions entre les principes juridiques applicables aux systèmes d'intelligence artificielle en droit québécois (explicabilité, exactitude, sécurité et équité) Aubin, Nicolas 08 1900 (has links) Le 21 septembre 2021, l’Assemblée nationale du Québec a adopté le projet de loi 64 afin de moderniser son régime de protection des renseignements personnels. S’inspirant du Règlement Général sur la Protection des Données européen, ce projet de loi renforce substantiellement les obligations des entreprises privées et des organismes publics à l’égard des renseignements personnels des Québécois. Ce projet de loi assure également le respect de certains principes juridiques applicables aux systèmes d’intelligence artificielle. Or, dans le cadre de ce mémoire, nous démontrons que des tensions existent entre quatre de ces principes. Ces principes sont : le principe d’explicabilité, le principe d’exactitude, le principe de sécurité ainsi que le principe d’équité et de non-discrimination. En effet, il est souvent difficile et parfois impossible d’assurer un respect conjoint de ces quatre principes. La présente étude se divise en trois chapitres. Le premier explore les quatre principes pour ensuite identifier les obligations légales québécoises qui permettent d’en assurer le respect. Le second expose les tensions entre ces principes. Le dernier propose une solution permettant aux entreprises et aux organismes publics québécois de réaliser les arbitrages nécessaires entre ces principes tout en respectant la Loi. / On September 21, 2021, the Quebec legislative passed Bill 64 to modernize its privacy regime. Inspired by the European General Data Protection Regulation, this bill strengthens the obligations of private companies and public bodies with respect to personal data. This bill also provides obligations protecting normative principles applicable to artificial intelligence systems. In this paper, we show that four of these principles exist in a state of tension. These principles are : explicability, accuracy, security and fairness and non-discrimination. Indeed, it is often difficult and sometimes impossible to ensure that these principles are respected together. This study is divided into three parts. The first part defines the four principles to then identifies how these principles are translated into Quebec law. The second part sets out the tensions between these principles. The last part provides a solution that would allow Quebec businesses and public bodies to make the necessary trade-offs between these principles in a matter that complies with their legal obligations. projet de loi 64 intelligence artificielle protection des renseignements personnels explicabilité exactitude sécurité discrimination équité vie privée bill 64 artificial intelligence data protection accuracy security discrimination fairness privacy impact assessment privacy impact assessment Law / Droit (UMI : 0398)
7	How should the protection of privacy, threatened by new technologies like radio frequency identification (RFID), be seen from a Judeo-Christian perspective? Schmidt, Erwin Walter 11 1900 (has links) Radio Frequency Identification (RFID) is a new technology which allows people to identify objects automatically but there is a suspicion that, if people are tracked, their privacy may be infringed. This raises questions about how far this technology is acceptable and how privacy should be protected. It is also initiated a discussion involving a wide range of technical, philosophical, political, social, cultural, and economical aspects. There is also a need to consider the ethical and theological perspectives. This dissertation takes all its relevant directions from a Judeo-Christian theological perspective. On one side the use of technology is considered, and on the other side the value of privacy, its infringements and protection are investigated. According to Jewish and Christian understanding human dignity has to be respected including the right to privacy. As a consequence of this RFID may only used for applications that do not infringe this right. This conclusion, however, is not limited to RFID; it will be relevant for other, future surveillance technologies as well. / Philosophy & Systematic Theology / M. Th. (Theological ethics) Radio frequency identification Privacy Human rights Right to privacy Technology Information and communication technology Privacy enhancing technology Internet of things Data protection Privacy impact assessment 201.66 Technology -- Religious aspects Technology -- Moral and ethical aspects Human rights Privacy, Right of
8	How should the protection of privacy, threatened by new technologies like radio frequency identification (RFID), be seen from a Judeo-Christian perspective? Schmidt, Erwin Walter 11 1900 (has links) Radio Frequency Identification (RFID) is a new technology which allows people to identify objects automatically but there is a suspicion that, if people are tracked, their privacy may be infringed. This raises questions about how far this technology is acceptable and how privacy should be protected. It is also initiated a discussion involving a wide range of technical, philosophical, political, social, cultural, and economical aspects. There is also a need to consider the ethical and theological perspectives. This dissertation takes all its relevant directions from a Judeo-Christian theological perspective. On one side the use of technology is considered, and on the other side the value of privacy, its infringements and protection are investigated. According to Jewish and Christian understanding human dignity has to be respected including the right to privacy. As a consequence of this RFID may only used for applications that do not infringe this right. This conclusion, however, is not limited to RFID; it will be relevant for other, future surveillance technologies as well. / Philosophy and Systematic Theology / M. Th. (Theological ethics) Radio frequency identification Privacy Human rights Right to privacy Technology Information and communication technology Privacy enhancing technology Internet of things Data protection Privacy impact assessment 201.66 Technology -- Religious aspects Technology -- Moral and ethical aspects Human rights Privacy, Right of
9	Les données personnelles sensibles : contribution à l'évolution du droit fondamental à la protection des données personnelles : étude comparée : Union Européenne, Allemagne, France, Grèce, Royaume-Uni / No English title available Koumpli, Christina 18 January 2019 (has links) La protection des données personnelles sensibles consistait, jusqu'au RGPD, en un contrôle préalable réalisé par une autorité indépendante, malgré l’obstacle posé à la libre circulation. Cette protection renforcée est aujourd'hui remplacée par l’obligation du responsable de traitement d’élaborer une étude d’impact. Une telle mutation implique un risque de pré-légitimation des traitements et peut être favorable au responsable de traitement. Or, est-elle conforme au droit fondamental à la protection des données personnelles ? La thèse interroge le contenu de ce droit et la validité du RGPD. À partir d'une étude comparative allant des années 1970 à nos jours, entre quatre pays et l’Union européenne, les données personnelles sensibles sont choisies comme moyen d'analyse en raison de la protection particulière dont elles font l’objet. Il est démontré qu’en termes juridiques, la conception préventive fait partie de l’histoire de la protection européenne des données et peut donner un sens à la protection et à son seul bénéficiaire, l’individu.Un tel sens serait d’ailleurs conforme aux Constitutions nationales qui garantissent aussi l’individu malgré leurs variations. Cependant, cette conception n’est pas forcement compatible avec l’art. 8 de la Charte des droits fondamentaux de l’UE. La thèse explique que cette disposition contient la garantie d’une conciliation (entre les libertés de l’UE et celles des individus) qui peut impliquer une réduction de la protection de ces dernières. Or, il revient à la CJUE, désormais seule compétente pour son interprétation, de dégager le contenu essentiel de ce droit ; objectif auquel la thèse pourrait contribuer. / Before the GDPR, protection of sensitive personal data consisted of a prior check by an independent authority despite limiting their free movement. This has been replaced by the obligation of the controller to prepare a privacy impact assessment. With this modification, one can assume a risk of pre-legitimization of data processing, putting the controller at an advantage. Is that compatible with the fundamental right to the protectionof personal data ? This thesis questions the content of this right and the validity of the GDPR. It is based on a comparative study from 1970s until present day between four European countries and the European Union, in which sensitive data are chosen as a meanto the analysis due to their particular protection. Research shows that in legal termsthe preventive conception is a part of the history of protection in the European Union. By limiting freedom of processing it gives meaning to protection and its only subject,the individual. Such an interpretation is compatible with National Constitutions despite their variations. However, the preventive conception of data protection is not so easily compatible with article 8 of the European Charter of Fundamental Rights. The thesis puts forward that this article contains the safeguard of a balancing, between EU liberties and individuals’ freedoms, which implicates reduced protection. It is up to the European Court of Justice to identify the essence of this right, an aim to which this thesis could contribute. Droits fondamentaux Conciliation Protection des données personnelles Article 8 Charte DFUE RGPD Données sensibles Engagement de conformité Étude d'impact Contrôle préalable Déclaration préalable Délégué à la protection des données Autorités indépendantes Droit comparé Fundamental rights Balancing Data protection Article 8 EU Charter GDPR Sensitive data Accountability Privacy impact assessment Prior check Notification Data protection officer Independent authorities Comparative law 342.085 8

Search results