Using organisational safeguards to make justifiable privacy decisions when processing personal data

Authors:
Martin S. Olivier
Affiliations:
Department of Computer Science, University of Pretoria
Venue:
SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
Year:
2003

Citing 17
Cited 0

A model of authorization for next-generation database systems

ACM Transactions on Database Systems (TODS)
A taxonomy for secure object-oriented databases

ACM Transactions on Database Systems (TODS)
Business data communications (4th ed.)

Business data communications (4th ed.)
Onion routing

Communications of the ACM
Consistent, yet anonymous, Web access with LPWA

Communications of the ACM
The platform for privacy preferences

Communications of the ACM
TRUSTe: an online privacy seal program

Communications of the ACM
Anonymous Web transactions with Crowds

Communications of the ACM
Untraceable electronic mail, return addresses, and digital pseudonyms

Communications of the ACM
Security and privacy after September 11: the health care example

Proceedings of the 12th annual conference on Computers, freedom and privacy
E-P3P privacy policies and privacy authorization

Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
An Information-Flow for Privacy (InfoPriv)

Proceedings of the IFIP TC11 WG 11.3 Twelfth International Working Conference on Database Security XII: Status and Prospects
Database privacy: balancing confidentiality, integrity and availability

ACM SIGKDD Explorations Newsletter
Privacy-enhancing technologies: approaches and development

Computer Standards & Interfaces
Privacy-enhancing technologies for the Internet

COMPCON '97 Proceedings of the 42nd IEEE International Computer Conference
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Encryption wars: shifting tactics

IEEE Spectrum

Quantified Score

Hi-index	0.00

Visualization

Abstract

Privacy-enhancing technologies can be used to enhance the privacy of individuals who interact with information processing systems. This paper considers such technologies that can be used by the organisation to safeguard personal information it processes. The paper focuses on how access control could be used to protect the individual against misuse of personal data inside the organisation. More specifically the paper considers how such a privacy-enhancing technology can make a just choice when deciding whether an access request to personal data should be allowed or not.Access control decisions in this paper are based on the regulations that govern the interaction, the organisational policies that apply and the individual's privacy preferences.The proposed model forms part of the organisational safeguards layer of the Layered Privacy Architecture (LaPA) proposed earlier.