End-user privacy in human-computer interaction
Foundations and Trends in Human-Computer Interaction
| Hi-index | 0.00 |
Compelled to improve information security by the introductionof personal data protection legislation, organizationsworldwide are adopting standardized securitymanagement guidelines to inform their internal processes.This paper analyzes whether existing security managementstandards support process requirements for personaldata management, drawing from experience withsecurity policies in private organizations and through ananalysis of current European and US legislation. Variousaspects of personal data management not commonly addressedby security standards are identified, and a numberof generally applicable enhancements are proposed toone common standard, IS17799. The appropriateness ofincluding data protection guidelines in security standardsis discussed, showing how these enhancements could simplifythe definition of personal data management proceduresin organizations.