The principle of security safeguards: Unauthorized activities

被引:2
作者
Dayarathna, Rasika [1 ]
机构
[1] Department of Computer and Systems Sciences, Stockholm University, the Royal Institute of Technology (KTH)
来源
Computer Law and Security Review | 2009年 / 25卷 / 02期
关键词
Data control; Information privacy; Information security; Information systems design; Password/passphrase; Privacy guidelines; Unauthorized data usage;
D O I
10.1016/j.clsr.2009.02.012
中图分类号
学科分类号
摘要
The principle of information security safeguards is a key information privacy principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers who are responsible for providing adequate protection. This paper takes a step toward bridging this knowledge gap by presenting an analysis of how Data Protection and Privacy Commissioners have evaluated the adequacy level of security protection measures given to personal information in selected privacy invasive cases. This study addresses both security measures used to protect personal information against unauthorized activities and the use of personal information in authentication mechanisms. This analysis also lays a foundation for building a set of guidelines that can be used by data controllers for designing, implementing, and operating both technological and organizational measures used to protect personal information. © 2009 Rasika Dayarathna.
引用
收藏
页码:165 / 172
页数:7
相关论文
共 31 条
  • [1] Dayarathna R., Towards bridging the knowledge gap between lawyers and technologists: the principle of security safeguards, International Journal of Technology Transfer and Commercialisation (IJTTC), 7, 1, pp. 34-44, (2008)
  • [2] Dayarathna R., The principle of security safeguards: accidental activities, Proceedings of the ISSA 2008 innovative minds conference, (2008)
  • [3] Dempsey J.X., Rubinstein I., Introduction: lawyers and technologists-joined at the hip?, IEEE Security and Privacy, 4, 3, pp. 15-19, (2006)
  • [4] HG-Annual Report, Personal data annual report 2004-05, (2006)
  • [5] HG-ar0304-6, (2004)
  • [6] Iachello G., Protecting personal data: can IT security management standards help?, Proceedings of the 19th annual computer security applications conference, 8, (2003)
  • [7] Muelle G., Rannenberg K., IT security and multilateral security, Multilateral security in communications, (1999)
  • [8] Subscriber complains telephone company disclosed confidential listing, (1997)
  • [9] Proceedings commissioner v commissioner of police, (1999)
  • [10] NZPrivCmr 3984, Woman requests video recording taken of her son while he was in hospital, (1995)
1234