Sample records for reserve system privacy
-
SCPR: Secure Crowdsourcing-Based Parking Reservation System
Directory of Open Access Journals (Sweden)
Changsheng Wan
2017-01-01
Full Text Available The crowdsourcing-based parking reservation system is a new computing paradigm, where private owners can rent their parking spots out. Security is the main concern for parking reservation systems. However, current schemes cannot provide user privacy protection for drivers and have no key agreement functions, resulting in a lot of security problems. Moreover, current schemes are typically based on the time-consuming bilinear pairing and not suitable for real-time applications. To solve these security and efficiency problems, we present a novel security protocol with user privacy called SCPR. Similar to protocols of this field, SCPR can authenticate drivers involved in the parking reservation system. However, different from other well-known approaches, SCPR uses pseudonyms instead of real identities for providing user privacy protection for drivers and designs a novel pseudonym-based key agreement protocol. Finally, to reduce the time cost, SCPR designs several novel cryptographic algorithms based on the algebraic signature technique. By doing so, SCPR can satisfy a number of security requirements and enjoy high efficiency. Experimental results show SCPR is feasible for real world applications.
-
75 FR 63703 - Privacy Act of 1974; Privacy Act Regulation
2010-10-18
... FEDERAL RESERVE SYSTEM 12 CFR Part 261a [Docket No. R-1313] Privacy Act of 1974; Privacy Act... implementing the Privacy Act of 1974 (Privacy Act). The primary changes concern the waiver of copying fees... records under the Privacy Act; the amendment of special procedures for the release of medical records to...
-
75 FR 81205 - Privacy Act: Revision of Privacy Act Systems of Records
2010-12-27
... DEPARTMENT OF AGRICULTURE Office of the Secretary Privacy Act: Revision of Privacy Act Systems of Records AGENCY: Office of the Secretary, USDA. ACTION: Notice to Revise Privacy Act Systems of Records... two Privacy Act Systems of Records entitled ``Information on Persons Disqualified from the...
-
76 FR 64115 - Privacy Act of 1974; Privacy Act System of Records
2011-10-17
... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-092)] Privacy Act of 1974; Privacy Act... retirement of one Privacy Act system of records notice. SUMMARY: In accordance with the Privacy Act of 1974, NASA is giving notice that it proposes to cancel the following Privacy Act system of records notice...
-
Towards Privacy Managment of Information Systems
Drageide, Vidar
2009-01-01
This masters thesis provides insight into the concept of privacy. It argues why privacy is important, and why developers and system owners should keep privacy in mind when developing and maintaining systems containing personal information. Following this, a strategy for evaluating the overall level of privacy in a system is defined. The strategy is then applied to parts of the cellphone system in an attempt to evaluate the privacy of traffic and location data in this system.
-
39 CFR 262.5 - Systems (Privacy).
2010-07-01
... 39 Postal Service 1 2010-07-01 2010-07-01 false Systems (Privacy). 262.5 Section 262.5 Postal... DEFINITIONS § 262.5 Systems (Privacy). (a) Privacy Act system of records. A Postal Service system containing... individual. (c) Computer matching program. A “matching program,” as defined in the Privacy Act, 5 U.S.C. 552a...
-
78 FR 40515 - Privacy Act of 1974; Privacy Act System of Records
2013-07-05
... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice 13-071] Privacy Act of 1974; Privacy Act System of Records AGENCY: National Aeronautics and Space Administration (NASA). ACTION: Notice of Privacy Act system of records. SUMMARY: Each Federal agency is required by the Privacy Act of 1974 to publish...
-
Privacy Implications of Surveillance Systems
DEFF Research Database (Denmark)
Thommesen, Jacob; Andersen, Henning Boje
2009-01-01
This paper presents a model for assessing the privacy „cost‟ of a surveillance system. Surveillance systems collect and provide personal information or observations of people by means of surveillance technologies such as databases, video or location tracking. Such systems can be designed for vari......This paper presents a model for assessing the privacy „cost‟ of a surveillance system. Surveillance systems collect and provide personal information or observations of people by means of surveillance technologies such as databases, video or location tracking. Such systems can be designed...... for various purposes, even as a service for those being observed, but in any case they will to some degree invade their privacy. The model provided here can indicate how invasive any particular system may be – and be used to compare the invasiveness of different systems. Applying a functional approach......, the model is established by first considering the social function of privacy in everyday life, which in turn lets us determine which different domains will be considered as private, and finally identify the different types of privacy invasion. This underlying model (function – domain – invasion) then serves...
-
78 FR 77503 - Privacy Act of 1974; Privacy Act System of Records
2013-12-23
... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice 13-149] Privacy Act of 1974; Privacy Act... proposed revisions to existing Privacy Act systems of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...
-
76 FR 67763 - Privacy Act of 1974; Privacy Act System of Records
2011-11-02
... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-109)] Privacy Act of 1974; Privacy Act... proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...
-
76 FR 64114 - Privacy Act of 1974; Privacy Act System of Records
2011-10-17
... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-093)] Privacy Act of 1974; Privacy Act... proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...
-
77 FR 69898 - Privacy Act of 1974; Privacy Act System of Records
2012-11-21
... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice 12-100] Privacy Act of 1974; Privacy Act... proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...
-
Privacy enhanced recommender system
Erkin, Zekeriya; Erkin, Zekeriya; Beye, Michael; Veugen, Thijs; Lagendijk, Reginald L.
2010-01-01
Recommender systems are widely used in online applications since they enable personalized service to the users. The underlying collaborative filtering techniques work on user’s data which are mostly privacy sensitive and can be misused by the service provider. To protect the privacy of the users, we
-
76 FR 64112 - Privacy Act of 1974; Privacy Act System of Records Appendices
2011-10-17
... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-091)] Privacy Act of 1974; Privacy Act...: Revisions of NASA Appendices to Privacy Act System of Records. SUMMARY: Notice is hereby given that NASA is... Privacy Act of 1974. This notice publishes those amendments as set forth below under the caption...
-
Liu, Xiao; Liu, An; Zhang, Xiangliang; Li, Zhixu; Liu, Guanfeng; Zhao, Lei; Zhou, Xiaofang
2017-01-01
result. However, none is designed for both hiding users’ private data and preventing privacy inference. To achieve this goal, we propose in this paper a hybrid approach for privacy-preserving recommender systems by combining differential privacy (DP
-
77 FR 32111 - Privacy Act System of Records
2012-05-31
... contacted in order to obtain that office's advice regarding obligations under the Privacy Act; 8. Breach... FEDERAL COMMUNICATIONS COMMISSION Privacy Act System of Records AGENCY: Federal Communications Commission. ACTION: Notice; one new Privacy Act system of records. SUMMARY: Pursuant to subsection (e)(4) of...
-
Liu, Xiao
2017-03-21
Privacy risks of recommender systems have caused increasing attention. Users’ private data is often collected by probably untrusted recommender system in order to provide high-quality recommendation. Meanwhile, malicious attackers may utilize recommendation results to make inferences about other users’ private data. Existing approaches focus either on keeping users’ private data protected during recommendation computation or on preventing the inference of any single user’s data from the recommendation result. However, none is designed for both hiding users’ private data and preventing privacy inference. To achieve this goal, we propose in this paper a hybrid approach for privacy-preserving recommender systems by combining differential privacy (DP) with randomized perturbation (RP). We theoretically show the noise added by RP has limited effect on recommendation accuracy and the noise added by DP can be well controlled based on the sensitivity analysis of functions on the perturbed data. Extensive experiments on three large-scale real world datasets show that the hybrid approach generally provides more privacy protection with acceptable recommendation accuracy loss, and surprisingly sometimes achieves better privacy without sacrificing accuracy, thus validating its feasibility in practice.
-
Differential privacy in intelligent transportation systems
Kargl, Frank; Friedman, Arik; Boreli, Roksana
2013-01-01
In this paper, we investigate how the concept of differential privacy can be applied to Intelligent Transportation Systems (ITS), focusing on protection of Floating Car Data (FCD) stored and processed in central Traffic Data Centers (TDC). We illustrate an integration of differential privacy with
-
The role of privacy protection in healthcare information systems adoption.
Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui
2013-10-01
Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.
-
32 CFR 505.3 - Privacy Act systems of records.
2010-07-01
... anticipated threats or hazards to the security or integrity of data, which could result in substantial harm... 32 National Defense 3 2010-07-01 2010-07-01 true Privacy Act systems of records. 505.3 Section 505... AND PUBLIC RELATIONS ARMY PRIVACY ACT PROGRAM § 505.3 Privacy Act systems of records. (a) Systems of...
-
22 CFR 308.7 - Use of social security account number in records systems. [Reserved
2010-04-01
... 22 Foreign Relations 2 2010-04-01 2010-04-01 true Use of social security account number in records systems. [Reserved] 308.7 Section 308.7 Foreign Relations PEACE CORPS IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 308.7 Use of social security account number in records systems. [Reserved] ...
-
78 FR 23810 - Privacy Act System of Records
2013-04-22
... SMALL BUSINESS ADMINISTRATION Privacy Act System of Records AGENCY: Small Business Administration. ACTION: Notice of new Privacy Act system of records and request for comment. SUMMARY: The Small Business... the protected information collected from applicants and participants in the Small Business Innovation...
-
A Secure and Privacy-Preserving Targeted Ad-System
Androulaki, Elli; Bellovin, Steven M.
Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to all entities involved.
-
77 FR 74851 - Privacy Act of 1974; System of Records
2012-12-18
... FEDERAL DEPOSIT INSURANCE CORPORATION Privacy Act of 1974; System of Records AGENCY: Federal Deposit Insurance Corporation. ACTION: Notice to Delete a System of Records. SUMMARY: In accordance with the requirements of the Privacy Act of 1974, as amended (Privacy Act), the Federal Deposit Insurance...
-
75 FR 20346 - Privacy Act of 1974; System of Records
2010-04-19
... DEPARTMENT OF EDUCATION Privacy Act of 1974; System of Records AGENCY: Federal Student Aid, Department of Education. ACTION: Notice of an altered system of records. SUMMARY: In accordance with the Privacy Act of 1974, as amended (Privacy Act), 5 United States Code (U.S.C.) 552a, the Chief Operating...
-
78 FR 33807 - Privacy Act New System of Records
2013-06-05
... DEPARTMENT OF COMMERCE [Docket No. 130520483-3483-01] Privacy Act New System of Records AGENCY... Department's proposal for a new system of records under the Privacy Act. The system is entitled ``Information... Department is creating a new system of records that will enable electronic registration, via the Internet...
-
75 FR 53262 - Privacy Act of 1974; System of Records
2010-08-31
... a new Privacy Act system of records, JUSTICE/FBI- 021, the Data Integration and Visualization System... provisions of the Privacy Act in order to avoid interference with the national security and criminal law...)(G), (H) and (I); (e)(5) and (8); (f) and (g) of the Privacy Act: (1) Data Integration and...
-
Analysis of Privacy-Enhancing Identity Management Systems
DEFF Research Database (Denmark)
Adjei, Joseph K.; Olesen, Henning
Privacy has become a major issue for policy makers. This has been impelled by the rapid development of technologies that facilitate collection, distribution, storage, and manipulation of personal information. Business organizations are finding new ways of leveraging the value derived from consumer...... is an attempt to understand the relationship between individuals’ intentions to disclose personal information, their actual personal information disclosure behaviours, and how these can be leveraged to develop privacy-enhancing identity management systems (IDMS) that users can trust. Legal, regulatory...... and technological aspects of privacy and technology adoption are also discussed....
-
2012-06-07
... of a data breach. (See also on HUD's privacy Web site, Appendix I for other ways that the Privacy Act... DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT [Docket No. FR-5613-N-04] Privacy Act of 1974; Notification to Update an Existing Privacy Act System of Records, ``Grievance Records'' AGENCY: Office of the...
-
Achieving Optimal Privacy in Trust-Aware Social Recommender Systems
Dokoohaki, Nima; Kaleli, Cihan; Polat, Huseyin; Matskin, Mihhail
Collaborative filtering (CF) recommenders are subject to numerous shortcomings such as centralized processing, vulnerability to shilling attacks, and most important of all privacy. To overcome these obstacles, researchers proposed for utilization of interpersonal trust between users, to alleviate many of these crucial shortcomings. Till now, attention has been mainly paid to strong points about trust-aware recommenders such as alleviating profile sparsity or calculation cost efficiency, while least attention has been paid on investigating the notion of privacy surrounding the disclosure of individual ratings and most importantly protection of trust computation across social networks forming the backbone of these systems. To contribute to addressing problem of privacy in trust-aware recommenders, within this paper, first we introduce a framework for enabling privacy-preserving trust-aware recommendation generation. While trust mechanism aims at elevating recommender's accuracy, to preserve privacy, accuracy of the system needs to be decreased. Since within this context, privacy and accuracy are conflicting goals we show that a Pareto set can be found as an optimal setting for both privacy-preserving and trust-enabling mechanisms. We show that this Pareto set, when used as the configuration for measuring the accuracy of base collaborative filtering engine, yields an optimized tradeoff between conflicting goals of privacy and accuracy. We prove this concept along with applicability of our framework by experimenting with accuracy and privacy factors, and we show through experiment how such optimal set can be inferred.
-
Privacy Management and Networked PPD Systems - Challenges Solutions.
Ruotsalainen, Pekka; Pharow, Peter; Petersen, Francoise
2015-01-01
Modern personal portable health devices (PPDs) become increasingly part of a larger, inhomogeneous information system. Information collected by sensors are stored and processed in global clouds. Services are often free of charge, but at the same time service providers' business model is based on the disclosure of users' intimate health information. Health data processed in PPD networks is not regulated by health care specific legislation. In PPD networks, there is no guarantee that stakeholders share same ethical principles with the user. Often service providers have own security and privacy policies and they rarely offer to the user possibilities to define own, or adapt existing privacy policies. This all raises huge ethical and privacy concerns. In this paper, the authors have analyzed privacy challenges in PPD networks from users' viewpoint using system modeling method and propose the principle "Personal Health Data under Personal Control" must generally be accepted at global level. Among possible implementation of this principle, the authors propose encryption, computer understandable privacy policies, and privacy labels or trust based privacy management methods. The latter can be realized using infrastructural trust calculation and monitoring service. A first step is to require the protection of personal health information and the principle proposed being internationally mandatory. This requires both regulatory and standardization activities, and the availability of open and certified software application which all service providers can implement. One of those applications should be the independent Trust verifier.
-
75 FR 68852 - Privacy Act of 1974; System of Records Notice
2010-11-09
...., Washington, DC 20590 or [email protected] . FOR FURTHER INFORMATION CONTACT: For privacy issues please... DEPARTMENT OF TRANSPORTATION Office of the Secretary Privacy Act of 1974; System of Records Notice... Secretary of Transportation (DOT/OST) proposes to establish a DOT-wide system of records under the Privacy...
-
77 FR 48984 - Privacy Act of 1974; System of Records Notice
2012-08-15
... Privacy Act systems, to facilitate their ability to respond to data security breach incidents (see OMB... DEPARTMENT OF HEALTH AND HUMAN SERVICES Privacy Act of 1974; System of Records Notice AGENCY...: In accordance with the requirements of the Privacy Act of 1974, HHS gives notice of a proposed...
-
32 CFR 806b.30 - Evaluating information systems for Privacy Act compliance.
2010-07-01
... privacy issues are unchanged. (d) The depth and content of the Privacy Impact Assessment should be... 32 National Defense 6 2010-07-01 2010-07-01 false Evaluating information systems for Privacy Act... FORCE ADMINISTRATION PRIVACY ACT PROGRAM Privacy Impact Assessments § 806b.30 Evaluating information...
-
Designing Privacy for You : A User Centric Approach For Privacy
Senarath, Awanthika; Arachchilage, Nalin A. G.; Slay, Jill
2017-01-01
Privacy directly concerns the user as the data owner (data- subject) and hence privacy in systems should be implemented in a manner which concerns the user (user-centered). There are many concepts and guidelines that support development of privacy and embedding privacy into systems. However, none of them approaches privacy in a user- centered manner. Through this research we propose a framework that would enable developers and designers to grasp privacy in a user-centered manner and implement...
-
Pythia: A Privacy-enhanced Personalized Contextual Suggestion System for Tourism
Drosatos, G.; Efraimidis, P.S.; Arampatzis, A.; Stamatelatos, G.; Athanasiadis, I.N.
2015-01-01
We present Pythia, a privacy-enhanced non-invasive contextual suggestion system for tourists, with important architectural innovations. The system offers high quality personalized recommendations, non-invasive operation and protection of user privacy. A key feature of Pythia is the exploitation of
-
76 FR 52320 - Privacy Act of 1974; System of Records
2011-08-22
... & Privacy, and DoD Information Assurance Regulations. Auditing: Audit trail records from all available.../JS Privacy Office, Freedom of Information Directorate, Washington Headquarters Services, 1155 Defense... Defense. DHA 23 System name: Pharmacy Data Transaction Service (PDTS). System location: Primary: Emdeon...
-
78 FR 73511 - Privacy Act of 1974; System of Records
2013-12-06
... DEPARTMENT OF DEFENSE [Docket ID: USN-2013-0046] Privacy Act of 1974; System of Records AGENCY... Privacy Act of 1974, as amended. The system being deleted is N01500-8, System Name: Personnel and Training... Internet at http://www.regulations.gov as they are received without change, including any personal...
-
78 FR 69076 - Privacy Act of 1974; System of Records
2013-11-18
... Medical Human Resources System internet (DMHRSi). DHA 12 EDHA 12 Third Party Collection System. DHA 16 DoD... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0216] Privacy Act of 1974... Defense Health Agency's compilation of Privacy Act SORNS. The realignment of the nineteen system...
-
77 FR 27756 - Privacy Act of 1974; System of Records
2012-05-11
...) deletes one system of records from its existing inventory of systems of records subject to the Privacy Act... inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. The deletion is... following system of records is deleted: 1. (18-04-03) ED Web Personalization Pilot Data Collection, 66 FR...
-
76 FR 67155 - Privacy Act of 1974; System of Records
2011-10-31
... inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: The... Federal Register Liaison Officer, Department of Defense. N05000-1 System name: OPNAV Headquarters Web... DEPARTMENT OF DEFENSE Department of the Navy [Docket ID USN-2011-0015] Privacy Act of 1974; System...
-
77 FR 44207 - Privacy Act of 1974, System of Records
2012-07-27
... 10, 2012. ADDRESSES: You may submit comments: Paper Comments Fax: (703) 666-5670. Mail: Chief Privacy... the Privacy Act. It is USAID's core financial management system and accounting system of record... Budget Execution, which are required to perform necessary accounting operations. Phoenix falls under...
-
75 FR 54662 - Privacy Act of 1974: Systems of Records
2010-09-08
..., Chief Privacy Officer, Office of Information Technology, 202-551-7209. In the Federal Register of August... SECURITIES AND EXCHANGE COMMISSION [Release No. PA-44A; File No. S7-17-10] Privacy Act of 1974: Systems of Records AGENCY: Securities and Exchange Commission. ACTION: Notice to establish systems of...
-
76 FR 35050 - Privacy Act of 1974: New System of Records
2011-06-15
.../Central-15, Health Claims Data Warehouse, to its inventory of records systems subject to the Privacy Act.... The data warehouse will be fully compliant with all applicable provisions of the Privacy Act, Health... fully compliant with all applicable provisions of the Privacy Act, Federal Information Security...
-
75 FR 10554 - Privacy Act of 1974; System of Records Notice
2010-03-08
..., privacy and security objectives: Provide driver-related MCMIS crash and inspection data electronically... to submit a Freedom of Information Act (FOIA) request or Privacy Act request to FMCSA for the data..., privacy and security objectives are being met. The PSP system will only allow operator-applicants to...
-
77 FR 12641 - Privacy Act of 1974; System of Records Notice
2012-03-01
..., DC 20590. For privacy issues, please contact: Claire W. Barrett (202-366-8135), Departmental Chief... DEPARTMENT OF TRANSPORTATION Office of the Secretary [Docket No. DOT-RITA-2012-0001] Privacy Act... the Privacy Act of 1974, the Department of Transportation proposes to add a new system of records...
-
Security, privacy and trust in cloud systems
Nepal, Surya
2013-01-01
The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content
-
2013-11-21
... Homeland Security, Washington, DC 20478. For privacy issues, please contact: Karen L. Neuman, (202) 343... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [DHS-2013-0073] Privacy Act of 1974... Defense Executive Reserve System of Records AGENCY: Department of Homeland Security, Privacy Office...
-
78 FR 43869 - Privacy Act of 1974; System of Records
2013-07-22
... DEPARTMENT OF DEFENSE Department of the Navy [Docket ID USN-2013-0025] Privacy Act of 1974; System... systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
75 FR 67703 - Privacy Act of 1974; System of Records
2010-11-03
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2010-0024] Privacy Act of 1974; System... record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed... the public is to make these submissions available for public viewing on the Internet at http://www...
-
77 FR 60412 - Privacy Act of 1974; System of Records
2012-10-03
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2012-0012] Privacy Act of 1974; System... systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
76 FR 60008 - Privacy Act of 1974; System of Records
2011-09-28
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2011-0023] Privacy Act of 1974; System... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
76 FR 82286 - Privacy Act of 1974; System of Records
2011-12-30
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2011-0028] Privacy Act of 1974; System... record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed... available for public viewing on the Internet at http://www.regulations.gov as they are received without...
-
76 FR 39394 - Privacy Act of 1974; System of Records
2011-07-06
... DEPARTMENT OF DEFENSE Department of the Navy [Docket ID USN-2011-0010] Privacy Act of 1974; System... systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
Privacy protection schemes for fingerprint recognition systems
Marasco, Emanuela; Cukic, Bojan
2015-05-01
The deployment of fingerprint recognition systems has always raised concerns related to personal privacy. A fingerprint is permanently associated with an individual and, generally, it cannot be reset if compromised in one application. Given that fingerprints are not a secret, potential misuses besides personal recognition represent privacy threats and may lead to public distrust. Privacy mechanisms control access to personal information and limit the likelihood of intrusions. In this paper, image- and feature-level schemes for privacy protection in fingerprint recognition systems are reviewed. Storing only key features of a biometric signature can reduce the likelihood of biometric data being used for unintended purposes. In biometric cryptosystems and biometric-based key release, the biometric component verifies the identity of the user, while the cryptographic key protects the communication channel. Transformation-based approaches only a transformed version of the original biometric signature is stored. Different applications can use different transforms. Matching is performed in the transformed domain which enable the preservation of low error rates. Since such templates do not reveal information about individuals, they are referred to as cancelable templates. A compromised template can be re-issued using a different transform. At image-level, de-identification schemes can remove identifiers disclosed for objectives unrelated to the original purpose, while permitting other authorized uses of personal information. Fingerprint images can be de-identified by, for example, mixing fingerprints or removing gender signature. In both cases, degradation of matching performance is minimized.
-
System And Method For Monitoring Traffic While Preserving Personal Privacy
Canepa, Edward
2015-08-06
A traffic monitoring system and method for mapping traffic speed and density while preserving privacy. The system can include fixed stations that make up a network and mobile probes that are associated with vehicles. The system and method do not gather, store, or transmit any unique or identifying information, and thereby preserves the privacy of members of traffic. The system and method provide real-time traffic density and speed mapping. The system and method can further be integrated with a complementary flood monitoring system and method.
-
78 FR 41918 - Privacy Act of 1974; System of Records
2013-07-12
... Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate.... SUMMARY: The Defense Finance and Accounting Service proposes to alter a system of records, T7905, entitled...: Mr. Gregory L. Outlaw, Defense Finance and Accounting Service, Freedom of Information/Privacy Act...
-
DEFF Research Database (Denmark)
Peen, Søren; Jansen, Thejs Willem; Jensen, Christian D.
2008-01-01
This chapter proposes a privacy assessment model called the Operational Privacy Assessment Model that includes organizational, operational and technical factors for the protection of personal data stored in an IT system. The factors can be evaluated in a simple scale so that not only the resulting...... graphical depiction can be easily created for an IT system, but graphical comparisons across multiple IT systems are also possible. Examples of factors presented in a Kiviat graph are also presented. This assessment tool may be used to standardize privacy assessment criteria, making it less painful...... for the management to assess privacy risks on their systems....
-
75 FR 33788 - Privacy Act of 1974; System of Records
2010-06-15
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0077] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES... on the Internet at http:// [[Page 33789
-
Zakaria, Nasriah; Ramli, Rusyaizila
2018-01-01
Psychiatric patients have privacy concerns when it comes to technology intervention in the hospital setting. In this paper, we present scenarios for psychiatric behavioral monitoring systems to be placed in psychiatric wards to understand patients' perception regarding privacy. Psychiatric behavioral monitoring refers to systems that are deemed useful in measuring clinical outcomes, but little research has been done on how these systems will impact patients' privacy. We conducted a case study in one teaching hospital in Malaysia. We investigated the physical factors that influence patients' perceived privacy with respect to a psychiatric monitoring system. The eight physical factors identified from the information system development privacy model, a comprehensive model for designing a privacy-sensitive information system, were adapted in this research. Scenario-based interviews were conducted with 25 patients in a psychiatric ward for 3 months. Psychiatric patients were able to share how physical factors influence their perception of privacy. Results show how patients responded to each of these dimensions in the context of a psychiatric behavioral monitoring system. Some subfactors under physical privacy are modified to reflect the data obtained in the interviews. We were able to capture the different physical factors that influence patient privacy.
-
A privacy protection for an mHealth messaging system
Aaleswara, Lakshmipathi; Akopian, David; Chronopoulos, Anthony T.
2015-03-01
In this paper, we propose a new software system that employs features that help the organization to comply with USA HIPAA regulations. The system uses SMS as the primary way of communication to transfer information. Lack of knowledge about some diseases is still a major reason for some harmful diseases spreading. The developed system includes different features that may help to communicate amongst low income people who don't even have access to the internet. Since the software system deals with Personal Health Information (PHI) it is equipped with an access control authentication system mechanism to protect privacy. The system is analyzed for performance to identify how much overhead the privacy rules impose.
-
75 FR 50987 - Privacy Act System of Records; National Animal Health Laboratory Network (NAHLN)
2010-08-18
...The U.S. Department of Agriculture (USDA) proposes to add a new Privacy Act system of records to its inventory of records systems subject to the Privacy Act of 1974, as amended, and invites public comment on this new records system. The system of records being proposed is the National Animal Health Laboratory Network. This notice is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of record systems maintained by the agency. Although the Privacy Act requires only that the portion of the system that describes ``routine uses'' of the system be published for comment, USDA invites comment on all portions of this notice.
-
78 FR 44931 - Privacy Act of 1974; System of Records
2013-07-25
...), as amended. This system will provide DLA installations with the ability to rapidly and effectively... Defense Privacy and Civil Liberties Web site at http://dpclo.defense.gov/privacy/SORNs/component/dla/index...: First name, last name, work email, work phone number, mobile phone number, short message service (SMS...
-
76 FR 63611 - Privacy Act of 1974; System of Records
2011-10-13
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID: USA-2011-0025] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES... submissions available for public viewing on the Internet at http:// [[Page 63612
-
K-Anonymity Based Privacy Risk Budgeting System for Interactive Record Linkage
Directory of Open Access Journals (Sweden)
Hye-Chung Kum
2017-04-01
The k-anonymity based privacy risk budgeting system provides a mechanism where we can concretely reason about the tradeoff between the privacy risks due to information disclosed, accuracy gained, and biases reduced during interactive record linkage.
-
Zakaria, Nasriah; Ramli, Rusyaizila
2018-01-01
Background Psychiatric patients have privacy concerns when it comes to technology intervention in the hospital setting. In this paper, we present scenarios for psychiatric behavioral monitoring systems to be placed in psychiatric wards to understand patients’ perception regarding privacy. Psychiatric behavioral monitoring refers to systems that are deemed useful in measuring clinical outcomes, but little research has been done on how these systems will impact patients’ privacy. Methods We conducted a case study in one teaching hospital in Malaysia. We investigated the physical factors that influence patients’ perceived privacy with respect to a psychiatric monitoring system. The eight physical factors identified from the information system development privacy model, a comprehensive model for designing a privacy-sensitive information system, were adapted in this research. Scenario-based interviews were conducted with 25 patients in a psychiatric ward for 3 months. Results Psychiatric patients were able to share how physical factors influence their perception of privacy. Results show how patients responded to each of these dimensions in the context of a psychiatric behavioral monitoring system. Conclusion Some subfactors under physical privacy are modified to reflect the data obtained in the interviews. We were able to capture the different physical factors that influence patient privacy. PMID:29343963
-
A smart-card-enabled privacy preserving E-prescription system.
Yang, Yanjiang; Han, Xiaoxi; Bao, Feng; Deng, Robert H
2004-03-01
Within the overall context of protection of health care information, privacy of prescription data needs special treatment. First, the involvement of diverse parties, especially nonmedical parties in the process of drug prescription complicates the protection of prescription data. Second, both patients and doctors have privacy stakes in prescription, and their privacy should be equally protected. Third, the following facts determine that prescription should not be processed in a truly anonymous manner: certain involved parties conduct useful research on the basis of aggregation of prescription data that are linkable with respect to either the patients or the doctors; prescription data has to be identifiable in some extreme circumstances, e.g., under the court order for inspection and assign liability. In this paper, we propose an e-prescription system to address issues pertaining to the privacy protection in the process of drug prescription. In our system, patients' smart cards play an important role. For one thing, the smart cards are implemented to be portable repositories carrying up-to-date personal medical records and insurance information, providing doctors instant data access crucial to the process of diagnosis and prescription. For the other, with the secret signing key being stored inside, the smart card enables the patient to sign electronically the prescription pad, declaring his acceptance of the prescription. To make the system more realistic, we identify the needs for a patient to delegate his signing capability to other people so as to protect the privacy of information housed on his card. A strong proxy signature scheme achieving technologically mutual agreements on the delegation is proposed to implement the delegation functionality.
-
Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.
Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping
2014-11-01
Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.
-
Directory of Open Access Journals (Sweden)
Zakaria N
2017-12-01
Full Text Available Nasriah Zakaria,1,2 Rusyaizila Ramli3 1Research Chair of Health Informatics and Promotion, 2Medical Informatics and E-learning Unit, Medical Education Department, College of Medicine, King Saud University, Riyadh, Kingdom of Saudi Arabia; 3Advanced Military Maintenance Repair and Overhaul Center (AMMROC, Abu Dhabi, UAE Background: Psychiatric patients have privacy concerns when it comes to technology intervention in the hospital setting. In this paper, we present scenarios for psychiatric behavioral monitoring systems to be placed in psychiatric wards to understand patients’ perception regarding privacy. Psychiatric behavioral monitoring refers to systems that are deemed useful in measuring clinical outcomes, but little research has been done on how these systems will impact patients’ privacy. Methods: We conducted a case study in one teaching hospital in Malaysia. We investigated the physical factors that influence patients’ perceived privacy with respect to a psychiatric monitoring system. The eight physical factors identified from the information system development privacy model, a comprehensive model for designing a privacy-sensitive information system, were adapted in this research. Scenario-based interviews were conducted with 25 patients in a psychiatric ward for 3 months. Results: Psychiatric patients were able to share how physical factors influence their perception of privacy. Results show how patients responded to each of these dimensions in the context of a psychiatric behavioral monitoring system. Conclusion: Some subfactors under physical privacy are modified to reflect the data obtained in the interviews. We were able to capture the different physical factors that influence patient privacy. Keywords: information system development (ISD, physical factor, privacy, psychiatric monitoring system
-
Privacy-preserving recommender systems in dynamic environments
Erkin, Z.; Veugen, T.; Lagendijk, R.L.
2013-01-01
Recommender systems play a crucial role today in on-line applications as they improve the customer satisfaction, and at the same time results in an increase in the profit for the service provider. However, there are serious privacy concerns as such systems rely on the personal data of the customers.
-
75 FR 22569 - Privacy Act of 1974; System of Records
2010-04-29
... DEPARTMENT OF DEFENSE Department of the Air Force [Docket ID: USAF-2010-0014] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... Internet at http://www.regulations.gov as they are received without change, including any personal...
-
76 FR 37329 - Privacy Act of 1974; System of Records
2011-06-27
... DEPARTMENT OF DEFENSE Department of the Air Force [Docket ID: USAF-2011-0018] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... public is to make these submissions available for public viewing on the Internet at http://www...
-
78 FR 60265 - Privacy Act of 1974; System of Records
2013-10-01
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2013-OS-0201] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
75 FR 33794 - Privacy Act of 1974; System of Records
2010-06-15
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID: USA-2010-0013] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... on the Internet at http://www.regulations.gov as they are received without change, including any...
-
Privacy Verification Using Ontologies
Kost, Martin; Freytag, Johann-Christoph; Kargl, Frank; Kung, Antonio
2011-01-01
As information systems extensively exchange information between participants, privacy concerns may arise from its potential misuse. A Privacy by Design (PbD) approach considers privacy requirements of different stakeholders during the design and the implementation of a system. Currently, a
-
A Privacy-Preserving Incentive Mechanism for Participatory Sensing Systems
Directory of Open Access Journals (Sweden)
Xiaoguang Niu
2018-01-01
Full Text Available The proliferation of mobile devices has facilitated the prevalence of participatory sensing applications in which participants collect and share information in their environments. The design of a participatory sensing application confronts two challenges: “privacy” and “incentive” which are two conflicting objectives and deserve deeper attention. Inspired by physical currency circulation system, this paper introduces the notion of E-cent, an exchangeable unit bearer currency. Participants can use the E-cent to take part in tasks anonymously. By employing E-cent, we propose an E-cent-based privacy-preserving incentive mechanism, called EPPI. As a dynamic balance regulatory mechanism, EPPI can not only protect the privacy of participant, but also adjust the whole system to the ideal situation, under which the rated tasks can be finished at minimal cost. To the best of our knowledge, EPPI is the first attempt to build an incentive mechanism while maintaining the desired privacy in participatory sensing systems. Extensive simulation and analysis results show that EPPI can achieve high anonymity level and remarkable incentive effects.
-
76 FR 10010 - Privacy Act of 1974; System of Records
2011-02-23
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0020] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... the public is to make these submissions available for public viewing on the Internet at http://www...
-
78 FR 52517 - Privacy Act of 1974; System of Records
2013-08-23
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2013-OS-0183] Privacy Act of 1974... systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed action will... public is to make these submissions available for public viewing on the Internet at http://www...
-
75 FR 22570 - Privacy Act of 1974; System of Records
2010-04-29
... DEPARTMENT OF DEFENSE Department of the Air Force [Docket ID: USAF-2010-0012] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... on the Internet at http://www.regulations.gov as they are received without change, including any...
-
76 FR 53420 - Privacy Act of 1974; Systems of Records
2011-08-26
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0097] Privacy Act of 1974... notice in its existing inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a... submissions available for public viewing on the Internet at http://www.regulations.gov as they are [[Page...
-
76 FR 11213 - Privacy Act of 1974; Systems of Records
2011-03-01
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2011-OS-0017] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... public is of make these submissions available for public viewing on the Internet at http://www...
-
77 FR 37002 - Privacy Act of 1974; System of Records
2012-06-20
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2012-OS-0072] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... available for public viewing on the Internet at http://www.regulations.gov as they are received without...
-
75 FR 39921 - Privacy Act of 1974; System of Records
2010-07-13
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0102] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... on the Internet at http://www.regulations.gov as they are received without change, including any...
-
75 FR 17910 - Privacy Act of 1974; Systems of Records
2010-04-08
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0040] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... viewing on the Internet at http://www.regulations.gov as they are received without change, including any...
-
76 FR 66698 - Privacy Act of 1974; System of Records
2011-10-27
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0117] Privacy Act of 1974... notice from its existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
75 FR 52517 - Privacy Act of 1974; System of Records
2010-08-26
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2010-OS-0117] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES... available for public viewing on the Internet at http://www.regulations.gov as they are received without...
-
75 FR 33789 - Privacy Act of 1974; System of Records
2010-06-15
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0078] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES... on the Internet at http://www.regulations.gov as they are received without change, including any...
-
77 FR 65539 - Privacy Act of 1974; System of Records
2012-10-29
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2012-OS-0132] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. [[Page... Internet at http://www.regulations.gov as they are received without change, including any personal...
-
76 FR 70428 - Privacy Act of 1974; System of Records
2011-11-14
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0120] Privacy Act of 1974... notice from its existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
76 FR 62394 - Privacy Act of 1974; System of Records
2011-10-07
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0109] Privacy Act of 1974... notice from its existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a... public is to make these submissions available for public viewing on the Internet at http://www...
-
75 FR 10476 - Privacy Act of 1974; Systems of Records
2010-03-08
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2010-OS-0021] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... on the Internet at http://www.regulations.gov as they are received without change, including any...
-
75 FR 81247 - Privacy Act of 1974; System of Records
2010-12-27
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2010-OS-0168] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... public is to make these submissions available for public viewing on the Internet at http://www...
-
75 FR 29728 - Privacy Act of 1974; System of Records
2010-05-27
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0067] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES... on the Internet at http://www.regulations.gov as they are received without change, including any...
-
76 FR 1411 - Privacy Act of 1974; System of Records
2011-01-10
... DEPARTMENT OF DEFENSE Department of the Air Force [Docket ID: USAF-2011-0001] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... the public is to make these submissions available for public viewing on the Internet at http://www...
-
78 FR 6078 - Privacy Act of 1974; System of Records
2013-01-29
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0011] Privacy Act of 1974... record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed... public is to make these submissions available for public viewing on the Internet at http:// [[Page 6079...
-
77 FR 37885 - Privacy Act of 1974; System of Records
2012-06-25
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2012-OS-0074] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES... available for public viewing on the Internet at http://www.regulations.gov as they are received without...
-
75 FR 16760 - Privacy Act of 1974; System of Records
2010-04-02
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0037] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... on the Internet at http://www.regulations.gov as they are received without change, including any...
-
75 FR 17910 - Privacy Act of 1974; System of Records
2010-04-08
... DEPARTMENT OF DEFENSE Department of the Navy [Docket ID: USN-2010-0007] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... viewing on the Internet at http://www.regulations.gov as they are received without change, including any...
-
77 FR 60400 - Privacy Act of 1974; System of Records
2012-10-03
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2012-OS-0119] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a(r)), as amended. DATES: This... public is to make these submissions available for public viewing on the Internet at http://www...
-
75 FR 63824 - Privacy Act of 1974; System of Records
2010-10-18
... DEPARTMENT OF DEFENSE Department of the Air Force [Docket ID: USAF-2010-0026] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... for public viewing on the Internet at http://www.regulations.gov as they are received without change...
-
75 FR 15694 - Privacy Act of 1974; Systems of Records
2010-03-30
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0035] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... on the Internet at http://www.regulations.gov as they are received without change, including any...
-
75 FR 65456 - Privacy Act of 1974; System of Records
2010-10-25
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0147] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. [[Page... available for public viewing on the Internet at http://www.regulations.gov as they are received without...
-
77 FR 26260 - Privacy Act of 1974; System of Records
2012-05-03
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2012-OS-0030] Privacy Act of 1974... inventory of records systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... make these submissions available for public viewing on the Internet at http://www.regulations.gov as...
-
77 FR 66442 - Privacy Act of 1974; System of Records
2012-11-05
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2012-OS-0133] Privacy Act of 1974... existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES... Internet at http://www.regulations.gov as they are received without change, including any personal...
-
78 FR 14273 - Privacy Act of 1974; System of Records
2013-03-05
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2013-OS-0019] Privacy Act of 1974... record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed... public is to make these submissions available for public viewing on the Internet at http://www...
-
75 FR 3714 - Privacy Act of 1974; System of Records
2010-01-22
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0004] Privacy Act of 1974... its existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as... available for public viewing on the Internet at http://www.regulations.gov as they are received without...
-
76 FR 28002 - Privacy Act of 1974; Systems of Records
2011-05-13
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0052] Privacy Act of 1974... existing inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES... the public is to make these submissions available for public viewing on the Internet at http://www...
-
77 FR 35945 - Privacy Act of 1974; System of Records
2012-06-15
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2012-OS-0067] Privacy Act of 1974... systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: The proposed action will be... Internet at http://www.regulations.gov as they are received without change, including any personal...
-
75 FR 69650 - Privacy Act of 1974; System of Records
2010-11-15
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID: USA-2010-0026] Privacy Act of 1974... record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed... from members of the public is to make these submissions available for public viewing on the Internet at...
-
78 FR 44102 - Privacy Act of 1974; System of Records
2013-07-23
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID: USA-2013-0027] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... of the public is to make these submissions available for public viewing on the Internet at http://www...
-
75 FR 62111 - Privacy Act of 1974; System of Records
2010-10-07
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0140] Privacy Act of 1974... records notices in its existing inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
78 FR 22525 - Privacy Act of 1974; System of Records
2013-04-16
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-0057] Privacy Act of 1974... systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This proposed action will... submissions available for public viewing on the Internet at http://www.regulations.gov as they are received...
-
78 FR 43258 - Privacy Act; System of Records: Human Resources Records, State-31
2013-07-19
... DEPARTMENT OF STATE [Public Notice 8384] Privacy Act; System of Records: Human Resources Records... system of records, Human Resources Records, State- 31, pursuant to the provisions of the Privacy Act of... State proposes that the current system will retain the name ``Human Resources Records'' (previously...
-
78 FR 18932 - Public Meeting: Unmanned Aircraft Systems Test Site Program; Privacy Approach
2013-03-28
... discussion about which privacy issues are raised by UAS operations and how law, public policy, and the...-0061] Public Meeting: Unmanned Aircraft Systems Test Site Program; Privacy Approach AGENCY: Federal... a public engagement session on Wednesday, April 3, 2013, on the proposed privacy policy approach for...
-
77 FR 30433 - Privacy Act of 1974: Implementation of Exemptions; Automated Targeting System
2012-05-23
... Border Protection, Mint Annex, 799 Ninth Street NW., Washington, DC 20229. For privacy issues please... Secretary 6 CFR Part 5 [Docket No. DHS-2012-0020] Privacy Act of 1974: Implementation of Exemptions; Automated Targeting System AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The...
-
78 FR 21600 - Privacy Act of 1974; System of Records
2013-04-11
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0050] Privacy Act of 1974... notice in its existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as... members of the public is to make these submissions available for public viewing on the Internet at http...
-
76 FR 10008 - Privacy Act of 1974; System of Records
2011-02-23
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0023] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... from members of the public is to make these submissions available for public viewing on the Internet at...
-
78 FR 31905 - Privacy Act of 1974; System of Records
2013-05-28
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0110] Privacy Act of 1974... notice in its existing inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as... members of the public is to make these submissions available for public viewing on the Internet at http...
-
76 FR 1409 - Privacy Act of 1974; System of Records
2011-01-10
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0001] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... from members of the public is to make these submissions available for public viewing on the Internet at...
-
76 FR 22682 - Privacy Act of 1974; System of Records
2011-04-22
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DOD-2011-OS-0044] Privacy Act of 1974... inventory of record systems subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This... from members of the public is to make these submissions available for public viewing on the Internet at...
-
78 FR 5788 - Privacy Act of 1974; System of Records
2013-01-28
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DoD-2013-OS-0005] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... of the public is to make these submissions available for public viewing on the Internet at http://www...
-
78 FR 14279 - Privacy Act of 1974; System of Records
2013-03-05
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID DoD-2013-OS-0040] Privacy Act of 1974... of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended. DATES: This... of the public is to make these submissions available for public viewing on the Internet at http://www...
-
Privacy and security in teleradiology.
Ruotsalainen, Pekka
2010-01-01
Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper. Copyright (c) 2009 Elsevier Ireland Ltd. All rights reserved.
-
Privacy-leakage codes for biometric authentication systems
Ignatenko, T.; Willems, F.M.J.
2014-01-01
In biometric privacy-preserving authentication systems that are based on key-binding, two terminals observe two correlated biometric sequences. The first terminal selects a secret key, which is independent of the biometric data, binds this secret key to the observed biometric sequence and
-
Big data privacy protection model based on multi-level trusted system
Zhang, Nan; Liu, Zehua; Han, Hongfeng
2018-05-01
This paper introduces and inherit the multi-level trusted system model that solves the Trojan virus by encrypting the privacy of user data, and achieve the principle: "not to read the high priority hierarchy, not to write the hierarchy with low priority". Thus ensuring that the low-priority data privacy leak does not affect the disclosure of high-priority data privacy. This paper inherits the multi-level trustworthy system model of Trojan horse and divides seven different risk levels. The priority level 1˜7 represent the low to high value of user data privacy, and realize seven kinds of encryption with different execution efficiency Algorithm, the higher the priority, the greater the value of user data privacy, at the expense of efficiency under the premise of choosing a more encrypted encryption algorithm to ensure data security. For enterprises, the price point is determined by the unit equipment users to decide the length of time. The higher the risk sub-group algorithm, the longer the encryption time. The model assumes that users prefer the lower priority encryption algorithm to ensure efficiency. This paper proposes a privacy cost model for each of the seven risk subgroups. Among them, the higher the privacy cost, the higher the priority of the risk sub-group, the higher the price the user needs to pay to ensure the privacy of the data. Furthermore, by introducing the existing pricing model of economics and the human traffic model proposed by this paper and fluctuating with the market demand, this paper improves the price of unit products when the market demand is low. On the other hand, when the market demand increases, the profit of the enterprise will be guaranteed under the guidance of the government by reducing the price per unit of product. Then, this paper introduces the dynamic factors of consumers' mood and age to optimize. At the same time, seven algorithms are selected from symmetric and asymmetric encryption algorithms to define the enterprise
-
Security And Privacy Issues in Healthcare Monitoring Systems: A Case Study
DEFF Research Database (Denmark)
Handler, Daniel Tolboe; Hauge, Lotte; Spognardi, Angelo
2017-01-01
Security and privacy issues are rarely taken into account in automated systems for monitoring elderly people in their home, exposing inhabitants to a number of threats they are usually not aware of. As a case study to expose the major vulnerabilities these systems are exposed to, this paper reviews...... a generic example of automated healthcare monitoring system. The security and privacy issues identified in this case study can be easily generalised and regarded as alarm bells for all the pervasive healthcare professionals....
-
Privacy, technology, and norms: the case of Smart Meters.
Horne, Christine; Darras, Brice; Bean, Elyse; Srivastava, Anurag; Frickel, Scott
2015-05-01
Norms shift and emerge in response to technological innovation. One such innovation is Smart Meters - components of Smart Grid energy systems capable of minute-to-minute transmission of consumer electricity use information. We integrate theory from sociological research on social norms and privacy to examine how privacy threats affect the demand for and expectations of norms that emerge in response to new technologies, using Smart Meters as a test case. Results from three vignette experiments suggest that increased threats to privacy created by Smart Meters are likely to provoke strong demand for and expectations of norms opposing the technology and that the strength of these normative rules is at least partly conditional on the context. Privacy concerns vary little with actors' demographic characteristics. These findings contribute to theoretical understanding of norm emergence and have practical implications for implementing privacy protections that effectively address concerns of electricity users. Copyright © 2014 Elsevier Inc. All rights reserved.
-
Efficient privacy-enhanced familiarity-based recommender system
Jeckmans, Arjan; Peter, Andreas; Hartel, Pieter H.
Recommender systems can help users to find interesting content, often based on similarity with other users. However, studies have shown that in some cases familiarity gives comparable results to similarity. Using familiarity has the added bonus of increasing privacy between users and utilizing a
-
Privacy and user trust in context-aware systems
Koldijk, S.J.; Koot, G.; Neerincx, M.A.; Kraaij, W.
2014-01-01
Context-aware systems (CAS) that collect personal information are a general trend. This leads to several privacy considerations, which we outline in this paper. We present as use-case the SWELL system, which collects information from various contextual sensors to provide support for well-being at
-
A PRIVACY MANAGEMENT ARCHITECTURE FOR PATIENT-CONTROLLED PERSONAL HEALTH RECORD SYSTEM
Directory of Open Access Journals (Sweden)
MD. NURUL HUDA
2009-06-01
Full Text Available Patient-controlled personal health record systems can help make health care safer, cheaper, and more convenient by facilitating patients to 1 grant any care provider access to their complete personal health records anytime from anywhere, 2 avoid repeated tests and 3 control their privacy transparently. In this paper, we present the architecture of our Privacy-aware Patient-controlled Personal Health Record (P3HR system through which a patient can view her integrated health history, and share her health information transparently with others (e.g., healthcare providers. Access to the health information of a particular patient is completely controlled by that patient. We also carry out intuitive security and privacy analysis of the P3HR system architecture considering different types of security attacks. Finally, we describe a prototype implementation of the P3HR system that we developed reflecting the special view of Japanese society. The most important advantage of P3HR system over other existing systems is that most likely P3HR system provides complete privacy protection without losing data accuracy. Unlike traditional partially anonymous health records (e.g., using k-anonymity or l-diversity, the health records in P3HR are closer to complete anonymity, and yet preserve data accuracy. Our approach makes it very unlikely that patients could be identified by an attacker from their anonymous health records in the P3HR system.
-
PAVS: A New Privacy-Preserving Data Aggregation Scheme for Vehicle Sensing Systems.
Xu, Chang; Lu, Rongxing; Wang, Huaxiong; Zhu, Liehuang; Huang, Cheng
2017-03-03
Air pollution has become one of the most pressing environmental issues in recent years. According to a World Health Organization (WHO) report, air pollution has led to the deaths of millions of people worldwide. Accordingly, expensive and complex air-monitoring instruments have been exploited to measure air pollution. Comparatively, a vehicle sensing system (VSS), as it can be effectively used for many purposes and can bring huge financial benefits in reducing high maintenance and repair costs, has received considerable attention. However, the privacy issues of VSS including vehicles' location privacy have not been well addressed. Therefore, in this paper, we propose a new privacy-preserving data aggregation scheme, called PAVS, for VSS. Specifically, PAVS combines privacy-preserving classification and privacy-preserving statistics on both the mean E(·) and variance Var(·), which makes VSS more promising, as, with minimal privacy leakage, more vehicles are willing to participate in sensing. Detailed analysis shows that the proposed PAVS can achieve the properties of privacy preservation, data accuracy and scalability. In addition, the performance evaluations via extensive simulations also demonstrate its efficiency.
-
Privacy, confidentiality and automated health information systems.
Vuori, H
1977-12-01
Professor Vuori's paper, first presented at the fourth Medico-legal Conference in Prague in the spring of this year, deals with the problem of the maintenance of confidentiality in computerized health records. Although more and more information is required, the hardware of the computer systems is so sophisticated that it would be very expensive indeed to 'break in' and steal from a modern data bank. Those concerned with programming computers are becoming more aware of their responsibilities concerning confidentiality and privacy, to the extent that a legal code of ethics for programmers is being formulated. They are also aware that the most sensitive of all relationships--the doctor-patient relationship--could be in danger if they failed to maintain high standards of integrity. An area of danger is where administrative boundaries between systems must be crossed--say between those of health and employment. Protection of privacy must be ensured by releasing full information about the type of data being stored, and by maintaining democratic control over the establishment of information systems.
-
Efficiency and Privacy Enhancement for a Track and Trace System of RFID-Based Supply Chains
Directory of Open Access Journals (Sweden)
Xunjun Chen
2015-06-01
Full Text Available One of the major applications of Radio Frequency Identification (RFID technology is in supply chain management as it promises to provide real-time visibility based on the function of track and trace. However, such an RFID-based track and trace system raises new security and privacy challenges due to the restricted resource of tags. In this paper, we refine three privacy related models (i.e., the privacy, path unlinkability, and tag unlinkability of RFID-based track and trace systems, and clarify the relations among these privacy models. Specifically, we have proven that privacy is equivalent to path unlinkability and tag unlinkability implies privacy. Our results simplify the privacy concept and protocol design for RFID-based track and trace systems. Furthermore, we propose an efficient track and trace scheme, Tracker+, which allows for authentic and private identification of RFID-tagged objects in supply chains. In the Tracker+, no computational ability is required for tags, but only a few bytes of storage (such as EPC Class 1 Gen 2 tags are needed to store the tag state. Indeed, Tracker+ reduces the memory requirements for each tag by one group element compared to the Tracker presented in other literature. Moreover, Tracker+ provides privacy against supply chain inside attacks.
-
Data Privacy in Cloud-assisted Healthcare Systems: State of the Art and Future Challenges.
Sajid, Anam; Abbas, Haider
2016-06-01
The widespread deployment and utility of Wireless Body Area Networks (WBAN's) in healthcare systems required new technologies like Internet of Things (IoT) and cloud computing, that are able to deal with the storage and processing limitations of WBAN's. This amalgamation of WBAN-based healthcare systems to cloud-based healthcare systems gave rise to serious privacy concerns to the sensitive healthcare data. Hence, there is a need for the proactive identification and effective mitigation mechanisms for these patient's data privacy concerns that pose continuous threats to the integrity and stability of the healthcare environment. For this purpose, a systematic literature review has been conducted that presents a clear picture of the privacy concerns of patient's data in cloud-assisted healthcare systems and analyzed the mechanisms that are recently proposed by the research community. The methodology used for conducting the review was based on Kitchenham guidelines. Results from the review show that most of the patient's data privacy techniques do not fully address the privacy concerns and therefore require more efforts. The summary presented in this paper would help in setting research directions for the techniques and mechanisms that are needed to address the patient's data privacy concerns in a balanced and light-weight manner by considering all the aspects and limitations of the cloud-assisted healthcare systems.
-
Location Privacy in RFID Applications
Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian
RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.
-
Romero, N.; Markopoulos, P.; Markopoulos, P.; De Ruyter, B.; MacKay, W.
2009-01-01
By their very nature, awareness systems bring about an increase in the level of communication between the individuals they connect. Sharing information regarding people’s whereabouts and activities raises privacy concerns, potentially compromising their ability to control who receives what
-
2010-05-19
..., VA 20598-6036 or [email protected] . For privacy issues please contact: Mary Ellen Callahan (703-235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0013] Privacy Act of..., Transportation Security Enforcement Record System, System of Records AGENCY: Privacy Office, DHS. ACTION: Notice...
-
Holistic Privacy-Preserving Identity Management System for the Internet of Things
Directory of Open Access Journals (Sweden)
Jorge Bernal Bernabe
2017-01-01
Full Text Available Security and privacy concerns are becoming an important barrier for large scale adoption and deployment of the Internet of Things. To address this issue, the identity management system defined herein provides a novel holistic and privacy-preserving solution aiming to cope with heterogeneous scenarios that requires both traditional online access control and authentication, along with claim-based approach for M2M (machine to machine interactions required in IoT. It combines a cryptographic approach for claim-based authentication using the Idemix anonymous credential system, together with classic IdM mechanisms by relying on the FIWARE IdM (Keyrock. This symbiosis endows the IdM system with advanced features such as privacy-preserving, minimal disclosure, zero-knowledge proofs, unlikability, confidentiality, pseudonymity, strong authentication, user consent, and offline M2M transactions. The IdM system has been specially tailored for the Internet of Things bearing in mind the management of both users’ and smart objects’ identity. Moreover, the IdM system has been successfully implemented, deployed, and tested in the scope of SocIoTal European research project.
-
Tales from the dark side: Privacy dark strategies and privacy dark patterns
DEFF Research Database (Denmark)
Bösch, Christoph; Erb, Benjamin; Kargl, Frank
2016-01-01
Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue...... that understanding the “dark side”, namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from...... a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from...
-
A Privacy-Preserving NFC Mobile Pass for Transport Systems
Directory of Open Access Journals (Sweden)
Ghada Arfaoui
2014-12-01
Full Text Available The emergence of the NFC (Near Field Communication technology brings new capacities to the next generation of smartphones, but also new security and privacy challenges. Indeed through its contactless interactions with external entities, the smartphone of an individual will become an essential authentication tool for service providers such as transport operators. However, from the point of view of the user, carrying a part of the service through his smartphone could be a threat for his privacy. Indeed, an external attacker or the service provider himself could be tempted to track the actions of the user. In this paper, we propose a privacy-preserving contactless mobile service, in which a user’s identity cannot be linked to his actions when using the transport system. The security of our proposition relies on the combination of a secure element in the smartphone and on a privacy-enhancing cryptographic protocol based on a variant of group signatures. In addition, although a user should remain anonymous and his actions unlinkable in his daily journeys, we designed a technique for lifting his anonymity in extreme circumstances. In order to guarantee the usability of our solution, we implemented a prototype demonstrating that our solution meets the major functional requirements for real transport systems: namely that the mobile pass can be validated at a gate in less than 300 ms, and this even if the battery of the smartphone is exhausted.
-
A Privacy-by-Design Contextual Suggestion System for Tourism
Directory of Open Access Journals (Sweden)
Pavlos S. Efraimidis
2016-05-01
Full Text Available We focus on personal data generated by the sensors and through the everyday usage of smart devices and take advantage of these data to build a non-invasive contextual suggestion system for tourism. The system, which we call Pythia, exploits the computational capabilities of modern smart devices to offer high quality personalized POI (point of interest recommendations. To protect user privacy, we apply a privacy by design approach within all of the steps of creating Pythia. The outcome is a system that comprises important architectural and operational innovations. The system is designed to process sensitive personal data, such as location traces, browsing history and web searches (query logs, to automatically infer user preferences and build corresponding POI-based user profiles. These profiles are then used by a contextual suggestion engine to anticipate user choices and make POI recommendations for tourists. Privacy leaks are minimized by implementing an important part of the system functionality at the user side, either as a mobile app or as a client-side web application, and by taking additional precautions, like data generalization, wherever necessary. As a proof of concept, we present a prototype that implements the aforementioned mechanisms on the Android platform accompanied with certain web applications. Even though the current prototype focuses only on location data, the results from the evaluation of the contextual suggestion algorithms and the user experience feedback from volunteers who used the prototype are very positive.
-
Privacy information management for video surveillance
Luo, Ying; Cheung, Sen-ching S.
2013-05-01
The widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been proposed to automatically redact images of trusted individuals in the surveillance video. To identify these individuals for protection, the most reliable approach is to use biometric signals such as iris patterns as they are immutable and highly discriminative. In this paper, we propose a privacy data management system to be used in a privacy-aware video surveillance system. The privacy status of a subject is anonymously determined based on her iris pattern. For a trusted subject, the surveillance video is redacted and the original imagery is considered to be the privacy information. Our proposed system allows a subject to access her privacy information via the same biometric signal for privacy status determination. Two secure protocols, one for privacy information encryption and the other for privacy information retrieval are proposed. Error control coding is used to cope with the variability in iris patterns and efficient implementation is achieved using surrogate data records. Experimental results on a public iris biometric database demonstrate the validity of our framework.
-
77 FR 65939 - Privacy Act of 1974; System of Records
2012-10-31
...) is amending the system of records currently entitled ``Veterans Health Information Systems and... Health Information Systems and Technology Architecture (VistA) Records-VA ROUTINE USES OF RECORDS... DEPARTMENT OF VETERANS AFFAIRS Privacy Act of 1974; System of Records AGENCY: Department of...
-
Bringer, Julien; Chabanne, Herve; Metayer, Daniel Le; Lescuyer, Roch
2017-01-01
This work aims to show the applicability, and how, of privacy by design approach to biometric systems and the benefit of using formal methods to this end. Starting from a general framework that has been introduced at STM in 2014, that enables to define privacy architectures and to formally reason about their properties, we explain how it can be adapted to biometrics. The choice of particular techniques and the role of the components (central server, secure module, biometric terminal, smart ca...
-
2013-01-11
...); prior experience completing pre-purchase counseling or education; regular access to a computer and... New Privacy Act System of Records, Pre-Purchase Homeownership Counseling Demonstration and Impact... of record is the Pre-Purchase Homeownership Counseling Demonstration and Impact Evaluation Random...
-
2011-05-02
... computer system that will house the data. We annually provide all our employees and contractors with... by the system: This system covers vocational experts, medical experts, other health care professional... Privacy Act System of Records, Housekeeping Changes, and New Routine Use AGENCY: Social Security...
-
2010-10-01
... 48 Federal Acquisition Regulations System 1 2010-10-01 2010-10-01 false Privacy. 39.105 Section 39... CONTRACTING ACQUISITION OF INFORMATION TECHNOLOGY General 39.105 Privacy. Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act (5 U.S.C...
-
Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy
Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.
-
Enhancing Privacy for Digital Rights Management
Petkovic, M.; Conrado, C.; Schrijen, G.J.; Jonker, Willem
2007-01-01
This chapter addresses privacy issues in DRM systems. These systems provide a means of protecting digital content, but may violate the privacy of users in that the content they purchase and their actions in the system can be linked to specific users. The chapter proposes a privacy-preserving DRM
-
77 FR 31606 - Privacy Act of 1974; System of Records
2012-05-29
... DEPARTMENT OF EDUCATION Privacy Act of 1974; System of Records AGENCY: Office of English Language Acquisition, Language Enhancement and Academic Achievement for Limited English Proficient Students, Department... Secretary of the Office of English Language Acquisition deletes the following system of records: System...
-
75 FR 13575 - Privacy Act of 1974; System of Records
2010-03-22
..., proposes to modify the Accounting Systems for the Department of Justice, Justice/DOJ-001, to update the... the system description is set forth below. FOR FURTHER INFORMATION CONTACT: Robin Moss, Privacy... NAME: Accounting Systems for the Department of Justice (DOJ). * * * * * RECORD SOURCE CATEGORIES...
-
77 FR 41774 - Privacy Act of 1974; System of Records
2012-07-16
... DEPARTMENT OF EDUCATION Privacy Act of 1974; System of Records AGENCY: Office of Management...-19176 (April 12, 2004). Electronic Access to This Document: The official version of this document is the... Assistant Secretary of the Office of Management deletes the following system of records: System No. System...
-
From Data Privacy to Location Privacy
Wang, Ting; Liu, Ling
Over the past decade, the research on data privacy has achieved considerable advancement in the following two aspects: First, a variety of privacy threat models and privacy principles have been proposed, aiming at providing sufficient protection against different types of inference attacks; Second, a plethora of algorithms and methods have been developed to implement the proposed privacy principles, while attempting to optimize the utility of the resulting data. The first part of the chapter presents an overview of data privacy research by taking a close examination at the achievements from the above two aspects, with the objective of pinpointing individual research efforts on the grand map of data privacy protection. As a special form of data privacy, location privacy possesses its unique characteristics. In the second part of the chapter, we examine the research challenges and opportunities of location privacy protection, in a perspective analogous to data privacy. Our discussion attempts to answer the following three questions: (1) Is it sufficient to apply the data privacy models and algorithms developed to date for protecting location privacy? (2) What is the current state of the research on location privacy? (3) What are the open issues and technical challenges that demand further investigation? Through answering these questions, we intend to provide a comprehensive review of the state of the art in location privacy research.
-
78 FR 37799 - Privacy Act of 1974; System of Records
2013-06-24
... Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to amend a System of Records. SUMMARY: The Defense Finance and Accounting Service is amending a system of records...
-
77 FR 58106 - Privacy Act of 1974; System of Records
2012-09-19
... Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to amend two Systems of Records. SUMMARY: The Defense Finance and Accounting Service is amending two systems of records...
-
78 FR 52518 - Privacy Act of 1974; System of Records
2013-08-23
... Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to amend a System of Records. SUMMARY: The Defense Finance and Accounting Service is amending a system of records...
-
77 FR 69444 - Privacy Act of 1974; System of Records
2012-11-19
..., Defense Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to amend a system of records. SUMMARY: The Defense Finance and Accounting Service is amending a system of records...
-
76 FR 77846 - Privacy Act of 1974; System of Records
2011-12-14
... terrorism and national security threat screening, system back-up, and continuity of operations purposes... DEPARTMENT OF JUSTICE [CPCLO Order No. 004-2011] Privacy Act of 1974; System of Records AGENCY: Federal Bureau of Investigation, Department of Justice. ACTION: Notice to amend system of records. SUMMARY...
-
Behavior Change Support Systems for Privacy and Security
Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Kulyk, Olga Anatoliyivna; Kelders, S.; van Gemert-Pijnen, L.; Oinas-Kukkonen, H
2015-01-01
This article proposes to use Behavior Change Support Systems (BCSSs) to improve the security of IT applications and the privacy of its users. We discuss challenges specific to BCSSs applied to information security, list research questions to be answered in order to meet these challenges, and propose
-
76 FR 46767 - Privacy Act of 1974; System of Records
2011-08-03
...: The Department of the Army proposes to add a system of records to its inventory of record systems... provides a student management system that integrates Web-enabled courseware to support online certification... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2011-0019] Privacy Act of 1974; System...
-
77 FR 75621 - Privacy Act of 1974; System of Records
2012-12-21
...; System of Records AGENCY: Defense Contract Audit Agency, DoD. ACTION: Notice to amend a System of Records. SUMMARY: The Defense Contract Audit Agency is amending a system of records notice in its existing.... SUPPLEMENTARY INFORMATION: The Defense Contract Audit Agency systems of records notices subject to the Privacy...
-
77 FR 77048 - Privacy Act of 1974; System of Records
2012-12-31
...; System of Records AGENCY: Defense Contract Audit Agency, DoD. ACTION: Notice to amend a System of Records. SUMMARY: The Defense Contract Audit Agency is amending a system of records notice in its existing.... SUPPLEMENTARY INFORMATION: The Defense Contract Audit Agency systems of records notices subject to the Privacy...
-
78 FR 27195 - Privacy Act of 1974; System of Records
2013-05-09
...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to delete two Systems of Records. SUMMARY: The Defense Finance and Accounting Service is deleting two systems of records...: The Defense Finance and Accounting Service systems of records notices subject to the Privacy Act of...
-
78 FR 27194 - Privacy Act of 1974; System of Records
2013-05-09
...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to delete two Systems of Records. SUMMARY: The Defense Finance and Accounting Service is deleting two systems of records...: The Defense Finance and Accounting Service systems of records notices subject to the Privacy Act of...
-
78 FR 69392 - Privacy Act of 1974; System of Records
2013-11-19
...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to delete a system of records. SUMMARY: The Defense Finance and Accounting Service is deleting a system of records... INFORMATION: The Defense Finance and Accounting Service systems of records notices subject to the Privacy Act...
-
Are Data Sharing and Privacy Protection Mutually Exclusive?
Joly, Yann; Dyke, Stephanie O M; Knoppers, Bartha M; Pastinen, Tomi
2016-11-17
We review emerging strategies to protect the privacy of research participants in international epigenome research: open consent, genome donation, registered access, automated procedures, and privacy-enhancing technologies. Copyright © 2016 Elsevier Inc. All rights reserved.
-
A review of privacy and usability issues in mobile health systems: Role of external factors.
Katusiime, Jane; Pinkwart, Niels
2017-10-01
The increased penetration of mobile devices has created opportunities in the health sector and led to emerging of mobile health systems. As much as the mobile health systems have registered tremendous progress, they have been faced with privacy and usability issues. Due to the sensitivity of health information, there is an ethical need to equip mobile health systems with adequate privacy measures. However, these systems should also be useable by the intended users. Even though many researchers are working on solutions, the issues still persist. External factors such as cultural differences have also contributed to the issues, yet they have been under researched. In this article, we conduct a systematic literature review of 22 articles, categorize and present privacy and usability issues and possible solutions. We then discuss the relevance and implications of external factors to the findings on privacy and usability. We end with recommendations to address these external factors.
-
78 FR 37775 - Privacy Act Systems of Records; Phytosanitary Certificate Issuance and Tracking System
2013-06-24
... DEPARTMENT OF AGRICULTURE Office of the Secretary [Docket No. APHIS-2012-0104] Privacy Act Systems of Records; Phytosanitary Certificate Issuance and Tracking System AGENCY: Animal and Plant Health... Health Inspection Service proposes to add a system of records to its inventory of records systems subject...
-
Li, Chun-Ta; Shih, Dong-Her; Wang, Chun-Cheng
2018-04-01
With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated. Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks. The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS. We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features
-
75 FR 75546 - Financial Management Service; Privacy Act of 1974, as Amended; System of Records
2010-12-03
... DEPARTMENT OF THE TREASURY Financial Management Service; Privacy Act of 1974, as Amended; System of Records AGENCY: Financial Management Service, Treasury. ACTION: Notice of proposed new system of records. SUMMARY: In accordance with the Privacy Act of 1974, as amended, the Financial Management Service...
-
Privacy-preserving clinical decision support system using Gaussian kernel-based classification.
Rahulamathavan, Yogachandran; Veluru, Suresh; Phan, Raphael C-W; Chambers, Jonathon A; Rajarajan, Muttukrishnan
2014-01-01
A clinical decision support system forms a critical capability to link health observations with health knowledge to influence choices by clinicians for improved healthcare. Recent trends toward remote outsourcing can be exploited to provide efficient and accurate clinical decision support in healthcare. In this scenario, clinicians can use the health knowledge located in remote servers via the Internet to diagnose their patients. However, the fact that these servers are third party and therefore potentially not fully trusted raises possible privacy concerns. In this paper, we propose a novel privacy-preserving protocol for a clinical decision support system where the patients' data always remain in an encrypted form during the diagnosis process. Hence, the server involved in the diagnosis process is not able to learn any extra knowledge about the patient's data and results. Our experimental results on popular medical datasets from UCI-database demonstrate that the accuracy of the proposed protocol is up to 97.21% and the privacy of patient data is not compromised.
-
78 FR 41916 - Privacy Act of 1974; System of Records
2013-07-12
... Defense Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to alter a System of Records. SUMMARY: The Defense Finance and Accounting Service proposes to alter a system of records...
-
76 FR 81910 - Abolishment of Privacy Act System of Records
2011-12-29
... Program Manager, USDA, Forest Service, Office of Safety and Occupational and Health, 1400 Independence... Management Handbook (FSH) 6209.11. This system is abolished and removed from the inventory of the USDA System... DEPARTMENT OF AGRICULTURE Office of the Secretary Abolishment of Privacy Act System of Records...
-
78 FR 45913 - Privacy Act of 1974; Systems of Records
2013-07-30
... at http://dpclo.defense.gov/privacy/SORNs/component/nsa/index.html . The proposed system report, as... Register Liaison Officer, Department of Defense. GNSA 14 System Name: NSA/CSS Library Patron File Control....'' Categories of individuals covered by the system: Delete entry and replace with ``NSA civilian employees...
-
78 FR 47309 - Privacy Act of 1974; System of Records
2013-08-05
...; System of Records AGENCY: Defense Finance and Accounting Service, DoD. ACTION: Notice to amend a System of Records. SUMMARY: The Defense Finance and Accounting Service proposes to alter a system of records... Defense Finance and Accounting Service systems of records notices subject to the Privacy Act of 1974 (5 U...
-
76 FR 43278 - Privacy Act; System of Records
2011-07-20
... the Privacy Act of 1974, 5 U.S.C. 552a, to publish a description of the systems of records containing... locked file cabinets, and electronic records are maintained on a password-protected desktop personal...'' published by the National Archives and Records Administration, Washington, DC. Paper records are shredded...
-
System And Method For Monitoring Traffic While Preserving Personal Privacy
Canepa, Edward; Claudel, Christian G.; Shamim, Atif; Dehwah, Ahmad H.; Mousa, Mustafa; Jiang, Jiming
2015-01-01
not gather, store, or transmit any unique or identifying information, and thereby preserves the privacy of members of traffic. The system and method provide real-time traffic density and speed mapping. The system and method can further be integrated with a
-
76 FR 114 - Privacy Act of 1974; System of Records
2011-01-03
...; System of Records AGENCY: Defense Contract Audit Agency, DoD. ACTION: Notice to amend a system of records. SUMMARY: The Defense Contract Audit Agency is proposing to amend a system of records notice in its... INFORMATION: The Defense Contract Audit Agency systems of records notices subject to the Privacy Act of 1974...
-
76 FR 115 - Privacy Act of 1974; System of Records
2011-01-03
...; System of Records AGENCY: Defense Contract Audit Agency, DoD. ACTION: Notice to amend a system of records. SUMMARY: The Defense Contract Audit Agency is proposing to amend a system of records notice in its... INFORMATION: The Defense Contract Audit Agency systems of records notices subject to the Privacy Act of 1974...
-
75 FR 35028 - Privacy Act of 1974; System of Records
2010-06-21
... FEDERAL HOUSING FINANCE AGENCY [No. 2010-N-07] Privacy Act of 1974; System of Records AGENCY: Federal Housing Finance Agency. ACTION: Notice of the establishment of a new system of records. SUMMARY: The Federal Housing Finance Agency (FHFA) is revising the proposed system of records notice that was...
-
78 FR 14283 - Privacy Act of 1974; System of Records
2013-03-05
... Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate... a system of records. SUMMARY: The Defense Finance and Accounting Service proposes to alter a system... identifiers or contact information. FOR FURTHER INFORMATION CONTACT: Mr. Gregory L. Outlaw, Defense Finance...
-
2012-01-24
... DEPARTMENT OF EDUCATION Privacy Act of 1974; System of Records--Migrant Education Bypass Program... (Privacy Act), the Department of Education (Department) publishes this notice of a new system of records... called a ``system of records.'' The Migrant Education Program (MEP) is authorized under Title I, Part C...
-
2013-08-05
... reference cited in the Privacy Act regulations. The National Practitioner Data Bank (NPDB) system of records... DEPARTMENT OF HEALTH AND HUMAN SERVICES 45 CFR Part 5b RIN 0906-AA97 National Practitioner Data Bank and Privacy Act; Exempt Records System; Technical Correction AGENCY: Health Resources and Services...
-
Privacy-preserving Kruskal-Wallis test.
Guo, Suxin; Zhong, Sheng; Zhang, Aidong
2013-10-01
Statistical tests are powerful tools for data analysis. Kruskal-Wallis test is a non-parametric statistical test that evaluates whether two or more samples are drawn from the same distribution. It is commonly used in various areas. But sometimes, the use of the method is impeded by privacy issues raised in fields such as biomedical research and clinical data analysis because of the confidential information contained in the data. In this work, we give a privacy-preserving solution for the Kruskal-Wallis test which enables two or more parties to coordinately perform the test on the union of their data without compromising their data privacy. To the best of our knowledge, this is the first work that solves the privacy issues in the use of the Kruskal-Wallis test on distributed data. Copyright © 2013 Elsevier Ireland Ltd. All rights reserved.
-
Privacy-related context information for ubiquitous health.
Seppälä, Antto; Nykänen, Pirkko; Ruotsalainen, Pekka
2014-03-11
Ubiquitous health has been defined as a dynamic network of interconnected systems. A system is composed of one or more information systems, their stakeholders, and the environment. These systems offer health services to individuals and thus implement ubiquitous computing. Privacy is the key challenge for ubiquitous health because of autonomous processing, rich contextual metadata, lack of predefined trust among participants, and the business objectives. Additionally, regulations and policies of stakeholders may be unknown to the individual. Context-sensitive privacy policies are needed to regulate information processing. Our goal was to analyze privacy-related context information and to define the corresponding components and their properties that support privacy management in ubiquitous health. These properties should describe the privacy issues of information processing. With components and their properties, individuals can define context-aware privacy policies and set their privacy preferences that can change in different information-processing situations. Scenarios and user stories are used to analyze typical activities in ubiquitous health to identify main actors, goals, tasks, and stakeholders. Context arises from an activity and, therefore, we can determine different situations, services, and systems to identify properties for privacy-related context information in information-processing situations. Privacy-related context information components are situation, environment, individual, information technology system, service, and stakeholder. Combining our analyses and previously identified characteristics of ubiquitous health, more detailed properties for the components are defined. Properties define explicitly what context information for different components is needed to create context-aware privacy policies that can control, limit, and constrain information processing. With properties, we can define, for example, how data can be processed or how components
-
Privacy-Preserving Trajectory Collection
DEFF Research Database (Denmark)
Gidofalvi, Gyozo; Xuegang, Huang; Pedersen, Torben Bach
2008-01-01
In order to provide context--aware Location--Based Services, real location data of mobile users must be collected and analyzed by spatio--temporal data mining methods. However, the data mining methods need precise location data, while the mobile users want to protect their location privacy....... To remedy this situation, this paper first formally defines novel location privacy requirements. Then, it briefly presents a system for privacy--preserving trajectory collection that meets these requirements. The system is composed of an untrusted server and clients communicating in a P2P network. Location...... data is anonymized in the system using data cloaking and data swapping techniques. Finally, the paper empirically demonstrates that the proposed system is effective and feasible....
-
Di Iorio, C T; Carinci, F; Azzopardi, J; Baglioni, V; Beck, P; Cunningham, S; Evripidou, A; Leese, G; Loevaas, K F; Olympios, G; Federici, M Orsini; Pruna, S; Palladino, P; Skeie, S; Taverner, P; Traynor, V; Benedetti, M Massi
2009-12-01
To foster the development of a privacy-protective, sustainable cross-border information system in the framework of a European public health project. A targeted privacy impact assessment was implemented to identify the best architecture for a European information system for diabetes directly tapping into clinical registries. Four steps were used to provide input to software designers and developers: a structured literature search, analysis of data flow scenarios or options, creation of an ad hoc questionnaire and conduction of a Delphi procedure. The literature search identified a core set of relevant papers on privacy (n = 11). Technicians envisaged three candidate system architectures, with associated data flows, to source an information flow questionnaire that was submitted to the Delphi panel for the selection of the best architecture. A detailed scheme envisaging an "aggregation by group of patients" was finally chosen, based upon the exchange of finely tuned summary tables. Public health information systems should be carefully engineered only after a clear strategy for privacy protection has been planned, to avoid breaching current regulations and future concerns and to optimise the development of statistical routines. The BIRO (Best Information Through Regional Outcomes) project delivers a specific method of privacy impact assessment that can be conveniently used in similar situations across Europe.
-
77 FR 24925 - Privacy Act of 1974; System of Records
2012-04-26
... given that the United States Department of Agriculture (USDA) is revising two Privacy Act (PA) systems... Agriculture (NIFA), formerly the Cooperative State Research, Education, and Extension Service (CSREES). DATES... INFORMATION: I. Background 1. Two systems of records are being revised. A. State Cooperative Extension Service...
-
78 FR 64196 - Privacy Act Altered System of Records
2013-10-28
... records to COMMERCE/DEPARTMENT-20, Biographical Files and Social Networks. The amendment serves to modify... DEPARTMENT OF COMMERCE [Docket No. 130730666-3877-02] Privacy Act Altered System of Records AGENCY: Department of Commerce. ACTION: Notice; Commerce/Department-20, Biographical Files. SUMMARY: The Department...
-
Technical Privacy Metrics: a Systematic Survey
Wagner, Isabel; Eckhoff, David
2018-01-01
The file attached to this record is the author's final peer reviewed version The goal of privacy metrics is to measure the degree of privacy enjoyed by users in a system and the amount of protection offered by privacy-enhancing technologies. In this way, privacy metrics contribute to improving user privacy in the digital world. The diversity and complexity of privacy metrics in the literature makes an informed choice of metrics challenging. As a result, instead of using existing metrics, n...
-
78 FR 34354 - Privacy Act of 1974; System of Records
2013-06-07
...(r) of the Privacy Act of 1974, as amended, was submitted on May 14, 2013, to the House Committee on... replace with ``System contains personnel data to support enlisted assignment, planning, programming...
-
76 FR 65535 - Privacy Act of 1974; System of Records
2011-10-21
... the FBI BRUs expressly as part of this system notice because the entire notice is being republished. While the FBI BRUs provide necessary flexibility in disseminating records from the system, FBI notes...: Elizabeth Withnell, Supervisory Attorney-Advisor, Privacy and Civil Liberties Unit, Office of the General...
-
78 FR 79412 - Privacy Act of 1974; System of Records
2013-12-30
... Defense Finance and Accounting Service proposes to alter a system of records, T7205, General Accounting... transaction-driven financial statements in support of Defense Finance and Accounting Service financial mission... INFORMATION: The Defense Finance and Accounting Service notices for systems of records subject to the Privacy...
-
78 FR 54445 - Privacy Act Systems of Records; Phytosanitary Certificate Issuance and Tracking System
2013-09-04
... INFORMATION CONTACT: Mr. Christian B. Dellis, Export Services, Plant Health Programs, Plant Protection and... DEPARTMENT OF AGRICULTURE Office of the Secretary [Docket No. APHIS-2012-0104] Privacy Act Systems of Records; Phytosanitary Certificate Issuance and Tracking System AGENCY: Animal and Plant Health...
-
77 FR 24242 - Privacy Act of 1974; System of Records
2012-04-23
... under the Freedom of Information Act (FOIA) or the Privacy Act. Categories of records in the system: The... allegation or complaint of discrimination based on race, color, religion, sex, national origin, age, or...
-
76 FR 58007 - Privacy Act of 1974; Report of a New System of Records
2011-09-19
..., Division of Information Security & Privacy Management, Enterprise Architecture and Strategy Group, Office... system contain Protected Health Information (PHI) as defined by HHS regulation ``Standards for Privacy of... such PHI that are otherwise authorized by these routine uses may only be made if, and as, permitted or...
-
Toward Privacy-Preserving Personalized Recommendation Services
Directory of Open Access Journals (Sweden)
Cong Wang
2018-02-01
Full Text Available Recommendation systems are crucially important for the delivery of personalized services to users. With personalized recommendation services, users can enjoy a variety of targeted recommendations such as movies, books, ads, restaurants, and more. In addition, personalized recommendation services have become extremely effective revenue drivers for online business. Despite the great benefits, deploying personalized recommendation services typically requires the collection of users’ personal data for processing and analytics, which undesirably makes users susceptible to serious privacy violation issues. Therefore, it is of paramount importance to develop practical privacy-preserving techniques to maintain the intelligence of personalized recommendation services while respecting user privacy. In this paper, we provide a comprehensive survey of the literature related to personalized recommendation services with privacy protection. We present the general architecture of personalized recommendation systems, the privacy issues therein, and existing works that focus on privacy-preserving personalized recommendation services. We classify the existing works according to their underlying techniques for personalized recommendation and privacy protection, and thoroughly discuss and compare their merits and demerits, especially in terms of privacy and recommendation accuracy. We also identity some future research directions. Keywords: Privacy protection, Personalized recommendation services, Targeted delivery, Collaborative filtering, Machine learning
-
Isolating Graphical Failure-Inducing Input for Privacy Protection in Error Reporting Systems
Directory of Open Access Journals (Sweden)
Matos João
2016-04-01
Full Text Available This work proposes a new privacy-enhancing system that minimizes the disclosure of information in error reports. Error reporting mechanisms are of the utmost importance to correct software bugs but, unfortunately, the transmission of an error report may reveal users’ private information. Some privacy-enhancing systems for error reporting have been presented in the past years, yet they rely on path condition analysis, which we show in this paper to be ineffective when it comes to graphical-based input. Knowing that numerous applications have graphical user interfaces (GUI, it is very important to overcome such limitation. This work describes a new privacy-enhancing error reporting system, based on a new input minimization algorithm called GUIᴍɪɴ that is geared towards GUI, to remove input that is unnecessary to reproduce the observed failure. Before deciding whether to submit the error report, the user is provided with a step-by-step graphical replay of the minimized input, to evaluate whether it still yields sensitive information. We also provide an open source implementation of the proposed system and evaluate it with well-known applications.
-
Privacy-Related Context Information for Ubiquitous Health
Nykänen, Pirkko; Ruotsalainen, Pekka
2014-01-01
Background Ubiquitous health has been defined as a dynamic network of interconnected systems. A system is composed of one or more information systems, their stakeholders, and the environment. These systems offer health services to individuals and thus implement ubiquitous computing. Privacy is the key challenge for ubiquitous health because of autonomous processing, rich contextual metadata, lack of predefined trust among participants, and the business objectives. Additionally, regulations and policies of stakeholders may be unknown to the individual. Context-sensitive privacy policies are needed to regulate information processing. Objective Our goal was to analyze privacy-related context information and to define the corresponding components and their properties that support privacy management in ubiquitous health. These properties should describe the privacy issues of information processing. With components and their properties, individuals can define context-aware privacy policies and set their privacy preferences that can change in different information-processing situations. Methods Scenarios and user stories are used to analyze typical activities in ubiquitous health to identify main actors, goals, tasks, and stakeholders. Context arises from an activity and, therefore, we can determine different situations, services, and systems to identify properties for privacy-related context information in information-processing situations. Results Privacy-related context information components are situation, environment, individual, information technology system, service, and stakeholder. Combining our analyses and previously identified characteristics of ubiquitous health, more detailed properties for the components are defined. Properties define explicitly what context information for different components is needed to create context-aware privacy policies that can control, limit, and constrain information processing. With properties, we can define, for example, how
-
Realization of quantum state privacy amplification in a nuclear magnetic resonance quantum system
International Nuclear Information System (INIS)
Hao, Liang; Wang, Chuan; Long, Gui Lu
2010-01-01
Quantum state privacy amplification (QSPA) is the quantum analogue of classical privacy amplification. If the state information of a series of single-particle states has some leakage, QSPA reduces this leakage by condensing the state information of two particles into the state of one particle. Recursive applications of the operations will eliminate the quantum state information leakage to a required minimum level. In this paper, we report the experimental implementation of a quantum state privacy amplification protocol in a nuclear magnetic resonance system. The density matrices of the states are constructed in the experiment, and the experimental results agree well with theory.
-
78 FR 38303 - Privacy Act of 1974; System of Records
2013-06-26
.... FOR FURTHER INFORMATION CONTACT: Mr. Leroy Jones, Department of the Army, Privacy Office, U.S. Army.../army/index.html . The Department of the Army proposes to amend two systems of records notices in its...
-
75 FR 39500 - Privacy Act of 1974; System of Records
2010-07-09
... from the address above. The proposed system report, as required by 5 U.S.C. 552a(r) of the Privacy Act... location: Add to entry as last paragraph ``Defense Information Systems Agency (DISA) Mega Center, Building... plate number, drivers license number, vehicle make, model, year, color, drivers identification...
-
75 FR 77849 - Privacy Act of 1974; System of Records
2010-12-14
... Agency, Defense Threat Reduction Agency, Missile Defense Organization, Pentagon Force Protection Agency... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2010-OS-0160] Privacy Act of 1974; System of Records AGENCY: Office of the Secretary of Defense, DoD. ACTION: Notice to add a system of...
-
77 FR 77049 - Privacy Act of 1974; System of Records
2012-12-31
..., Air Force Privacy Act Office, Office of Warfighting Integration and Chief Information officer, ATTN... of 1974 (5 U.S.C. 552a), as amended, which requires the submission of a new or altered system report...). Reason The Innovative Development through Employee Awareness (IDEA) Program Data System (IPDS) has been...
-
78 FR 69393 - Privacy Act of 1974; System of Records
2013-11-19
... Liberties Web site at http://dpclo.defense.gov/privacy/SORNs/component/ngia/index.html . The proposed system... the system: Current and former NGA employees, military personnel, contractors, employed by or assigned... certify, verify, or state) under penalty of perjury under the laws of the United States of America that...
-
Lattice Based Mix Network for Location Privacy in Mobile System
Directory of Open Access Journals (Sweden)
Kunwar Singh
2015-01-01
Full Text Available In 1981, David Chaum proposed a cryptographic primitive for privacy called mix network (Mixnet. A mixnet is cryptographic construction that establishes anonymous communication channel through a set of servers. In 2004, Golle et al. proposed a new cryptographic primitive called universal reencryption which takes the input as encrypted messages under the public key of the recipients not the public key of the universal mixnet. In Eurocrypt 2010, Gentry, Halevi, and Vaikunthanathan presented a cryptosystem which is an additive homomorphic and a multiplicative homomorphic for only one multiplication. In MIST 2013, Singh et al. presented a lattice based universal reencryption scheme under learning with error (LWE assumption. In this paper, we have improved Singh et al.’s scheme using Fairbrother’s idea. LWE is a lattice hard problem for which till now there is no polynomial time quantum algorithm. Wiangsripanawan et al. proposed a protocol for location privacy in mobile system using universal reencryption whose security is reducible to Decision Diffie-Hellman assumption. Once quantum computer becomes a reality, universal reencryption can be broken in polynomial time by Shor’s algorithm. In postquantum cryptography, our scheme can replace universal reencryption scheme used in Wiangsripanawan et al. scheme for location privacy in mobile system.
-
78 FR 22522 - Privacy Act of 1974: New System of Records
2013-04-16
... System cannot access records through the biometric hand reader technology. RETENTION AND DISPOSAL: The... Privacy Act of 1974 (5 U.S.C. 552a), as amended, titled ``Biometric Verification System (CSOSA-20).'' This... Biometric Verification System allows individuals under supervision to electronically check-in for office...
-
77 FR 61275 - Privacy Act of 1974: Implementation
2012-10-09
... (FBI) Privacy Act system of records titled FBI Data Warehouse System, JUSTICE/FBI- 022. This system is...)(G), (H), and (I), (5), and (8); (f); and (g) of the Privacy Act: (1) FBI Data Warehouse System... security; disclose information that would constitute an unwarranted invasion of another's personal privacy...
-
Towards context adaptive privacy decisions in ubiquitous computing
Schaub, Florian; Könings, Bastian; Weber, M.; Kargl, Frank
2012-01-01
In ubiquitous systems control of privacy settings will be increasingly difficult due to the pervasive nature of sensing and communication capabilities. We identify challenges for privacy decisions in ubiquitous systems and propose a system for in situ privacy decision support. When context changes
-
Privacy-preserving digital rights management
Conrado, C.; Petkovic, M.; Jonker, W.; Jonker, W.; Petkovic, M.
2004-01-01
DRM systems provide a means for protecting digital content, but at the same time they violate the privacy of users in a number of ways. This paper addresses privacy issues in DRM systems. The main challenge is how to allow a user to interact with the system in an anonymous/pseudonymous way, while
-
DEFF Research Database (Denmark)
Adjei, Joseph K.; Olesen, Henning
This paper discusses the effect of trust and information privacy concerns on citizens’ attitude towards national identity management systems. We introduce the privacyconcerns- trust model, which shows the role of trust in mediating and moderating citizens’ attitude towards identity management...... systems. We adopted a qualitative research approach in our analysis of data that was gathered through a series of interviews and a stakeholder workshop in Ghana. Our findings indicate that, beyond the threshold level of trust, societal information privacy concern is low; hence, trust is high, thereby...
-
75 FR 77044 - Financial Management Service; Privacy Act of 1974, as Amended; System of Records
2010-12-10
... DEPARTMENT OF THE TREASURY Financial Management Service; Privacy Act of 1974, as Amended; System of Records AGENCY: Financial Management Service, Treasury. ACTION: Withdrawal of a Privacy Act Notice... behalf of the Financial Management Service. DATES: December 10, 2010. FOR FURTHER INFORMATION CONTACT...
-
2012-11-09
....S.C. 791 et seq.; the Equal Pay Act, 29 U.S.C. 206(d); the Genetic Information Nondiscrimination Act... DEPARTMENT OF EDUCATION Privacy Act of 1974; System of Records--Alternative Dispute Resolution... with the Privacy Act of 1974, as amended, 5 U.S.C. 552a (Privacy Act), the Department of Education...
-
Privacy preserving data anonymization of spontaneous ADE reporting system dataset.
Lin, Wen-Yang; Yang, Duen-Chuan; Wang, Jie-Teng
2016-07-18
To facilitate long-term safety surveillance of marketing drugs, many spontaneously reporting systems (SRSs) of ADR events have been established world-wide. Since the data collected by SRSs contain sensitive personal health information that should be protected to prevent the identification of individuals, it procures the issue of privacy preserving data publishing (PPDP), that is, how to sanitize (anonymize) raw data before publishing. Although much work has been done on PPDP, very few studies have focused on protecting privacy of SRS data and none of the anonymization methods is favorable for SRS datasets, due to which contain some characteristics such as rare events, multiple individual records, and multi-valued sensitive attributes. We propose a new privacy model called MS(k, θ (*) )-bounding for protecting published spontaneous ADE reporting data from privacy attacks. Our model has the flexibility of varying privacy thresholds, i.e., θ (*) , for different sensitive values and takes the characteristics of SRS data into consideration. We also propose an anonymization algorithm for sanitizing the raw data to meet the requirements specified through the proposed model. Our algorithm adopts a greedy-based clustering strategy to group the records into clusters, conforming to an innovative anonymization metric aiming to minimize the privacy risk as well as maintain the data utility for ADR detection. Empirical study was conducted using FAERS dataset from 2004Q1 to 2011Q4. We compared our model with four prevailing methods, including k-anonymity, (X, Y)-anonymity, Multi-sensitive l-diversity, and (α, k)-anonymity, evaluated via two measures, Danger Ratio (DR) and Information Loss (IL), and considered three different scenarios of threshold setting for θ (*) , including uniform setting, level-wise setting and frequency-based setting. We also conducted experiments to inspect the impact of anonymized data on the strengths of discovered ADR signals. With all three
-
PRUB: A Privacy Protection Friend Recommendation System Based on User Behavior
Directory of Open Access Journals (Sweden)
Wei Jiang
2016-01-01
Full Text Available The fast developing social network is a double-edged sword. It remains a serious problem to provide users with excellent mobile social network services as well as protecting privacy data. Most popular social applications utilize behavior of users to build connection with people having similar behavior, thus improving user experience. However, many users do not want to share their certain behavioral information to the recommendation system. In this paper, we aim to design a secure friend recommendation system based on the user behavior, called PRUB. The system proposed aims at achieving fine-grained recommendation to friends who share some same characteristics without exposing the actual user behavior. We utilized the anonymous data from a Chinese ISP, which records the user browsing behavior, for 3 months to test our system. The experiment result shows that our system can achieve a remarkable recommendation goal and, at the same time, protect the privacy of the user behavior information.
-
76 FR 50721 - Privacy Act of 1974; System of Records
2011-08-16
... . Follow the instructions for submitting comments. Mail: Federal Docket Management System Office, 1160... of the Army, Privacy Office, U.S. Army Records Management and Declassification Agency, 7701 Telegraph...; laboratory reports, polygraph reports, documentary evidence, physical evidence, summary and administrative...
-
78 FR 14274 - Privacy Act of 1974; System of Records
2013-03-05
.../privacy/SORNs/govt/Gov_Wide_Notices.html . K700.13 602-26, Retention Register Files (February 22, 1993, 58... systems of records notices K700.13 602-26, Retention Register Files (February 22, 1993, 58 FR 10562); K700...
-
78 FR 65011 - Privacy Act of 1974: New System of Records
2013-10-30
... Program under section 1334 of the Affordable Care Act (42 U.S.C. 18054). PURPOSE: OPM operates this system... password- protected computers and systems. Computer firewalls will be maintained to prevent access by... OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974: New System of Records AGENCY: U.S. Office of...
-
Computer-Aided Identification and Validation of Privacy Requirements
Directory of Open Access Journals (Sweden)
Rene Meis
2016-05-01
Full Text Available Privacy is a software quality that is closely related to security. The main difference is that security properties aim at the protection of assets that are crucial for the considered system, and privacy aims at the protection of personal data that are processed by the system. The identification of privacy protection needs in complex systems is a hard and error prone task. Stakeholders whose personal data are processed might be overlooked, or the sensitivity and the need of protection of the personal data might be underestimated. The later personal data and the needs to protect them are identified during the development process, the more expensive it is to fix these issues, because the needed changes of the system-to-be often affect many functionalities. In this paper, we present a systematic method to identify the privacy needs of a software system based on a set of functional requirements by extending the problem-based privacy analysis (ProPAn method. Our method is tool-supported and automated where possible to reduce the effort that has to be spent for the privacy analysis, which is especially important when considering complex systems. The contribution of this paper is a semi-automatic method to identify the relevant privacy requirements for a software-to-be based on its functional requirements. The considered privacy requirements address all dimensions of privacy that are relevant for software development. As our method is solely based on the functional requirements of the system to be, we enable users of our method to identify the privacy protection needs that have to be addressed by the software-to-be at an early stage of the development. As initial evaluation of our method, we show its applicability on a small electronic health system scenario.
-
76 FR 39392 - Privacy Act of 1974; System of Records
2011-07-06
....regulations.gov . Follow the instructions for submitting comments. Mail: Federal Docket Management System...: Mr. Leroy Jones, Department of the Army, Privacy Office, U.S. Army Records Management and... address, counselor's phone number and email, documentary evidence, affidavits, information from individual...
-
76 FR 26714 - Privacy Act of 1974; System of Records
2011-05-09
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2011-0010] Privacy Act of 1974; System... specialty, credit hours accumulated, examination and lesson course completion status, assignment history... history, student academic status, curricula, course description, scheduling, testing, academic, graduation...
-
Smart Grid Privacy through Distributed Trust
Lipton, Benjamin
Though the smart electrical grid promises many advantages in efficiency and reliability, the risks to consumer privacy have impeded its deployment. Researchers have proposed protecting privacy by aggregating user data before it reaches the utility, using techniques of homomorphic encryption to prevent exposure of unaggregated values. However, such schemes generally require users to trust in the correct operation of a single aggregation server. We propose two alternative systems based on secret sharing techniques that distribute this trust among multiple service providers, protecting user privacy against a misbehaving server. We also provide an extensive evaluation of the systems considered, comparing their robustness to privacy compromise, error handling, computational performance, and data transmission costs. We conclude that while all the systems should be computationally feasible on smart meters, the two methods based on secret sharing require much less computation while also providing better protection against corrupted aggregators. Building systems using these techniques could help defend the privacy of electricity customers, as well as customers of other utilities as they move to a more data-driven architecture.
-
Designing an Authorization System Based on Patient Privacy Preferences in Japan.
Morris, Kensuke; Yamamoto, Goshiro; Hiragi, Shusuke; Ohtera, Shosuke; Sakai, Michi; Sugiyama, Osamu; Okamoto, Kazuya; Nambu, Masayuki; Kuroda, Tomohiro
2018-01-01
High accessibility of Electronic Health Record systems can increase usability but creates simultaneously patients' anxieties about privacy issues. In order to reduce the privacy concerns, we focused on control and awareness, and designed an approach that can provide availability of patient's clinical data to doctors in two scenarios; (S1) direct control by the patient when they are conscious, (S2) control by a trusted representative when the patient is unconscious. In this paper, we show further analysis in a survey (n = 310, age range: 19-91) done to test the acceptability of our concept of a using a trusted representative and to further understand the concerns of Japanese citizens to improve our system design. These results in S1 suggest that patients concerned about control have a stronger inclination to also choose full awareness. We found also that patients tended to choose the same level of awareness for the representative as they did for themselves in S2. In addition, patients who chose awareness in S1 tended to choose the same for their representative in S2 and themselves after recovery from unconsciousness. We also discuss the significant differences found between the age-groups 20-39 and 60-79. We conclude that the system design of privacy aware EHR systems must be improved to consider patients who want to preserve their choice of control in the event they become unconscious but do not want to use a representative to maintain control.
-
48 CFR 52.224-2 - Privacy Act.
2010-10-01
... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Privacy Act. 52.224-2... AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 52.224-2 Privacy... agency function: Privacy Act (APR 1984) (a) The Contractor agrees to— (1) Comply with the Privacy Act of...
-
Privacy and Access Control for IHE-Based Systems
Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian
Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.
-
78 FR 41919 - Privacy Act of 1974; System of Records
2013-07-12
.... SUMMARY: The Defense Finance and Accounting Service proposes to alter a system of records, T7340c... identifiers or contact information. FOR FURTHER INFORMATION CONTACT: Mr. Gregory L. Outlaw, Defense Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate Communications...
-
78 FR 14281 - Privacy Act of 1974; System of Records
2013-03-05
... Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate... Records. SUMMARY: The Defense Finance and Accounting Service proposes to amend a system of records in its.... FOR FURTHER INFORMATION CONTACT: Mr. Gregory L. Outlaw, Defense Finance and Accounting Service...
-
Ensuring privacy in the study of pathogen genetics.
Mehta, Sanjay R; Vinterbo, Staal A; Little, Susan J
2014-08-01
Rapid growth in the genetic sequencing of pathogens in recent years has led to the creation of large sequence databases. This aggregated sequence data can be very useful for tracking and predicting epidemics of infectious diseases. However, the balance between the potential public health benefit and the risk to personal privacy for individuals whose genetic data (personal or pathogen) are included in such work has been difficult to delineate, because neither the true benefit nor the actual risk to participants has been adequately defined. Existing approaches to minimise the risk of privacy loss to participants are based on de-identification of data by removal of a predefined set of identifiers. These approaches neither guarantee privacy nor protect the usefulness of the data. We propose a new approach to privacy protection that will quantify the risk to participants, while still maximising the usefulness of the data to researchers. This emerging standard in privacy protection and disclosure control, which is known as differential privacy, uses a process-driven rather than data-centred approach to protecting privacy. Copyright © 2014 Elsevier Ltd. All rights reserved.
-
A security and privacy preserving e-prescription system based on smart cards.
Hsu, Chien-Lung; Lu, Chung-Fu
2012-12-01
In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.
-
Fuzzy Privacy Decision for Context-Aware Access Personal Information
Institute of Scientific and Technical Information of China (English)
ZHANG Qingsheng; QI Yong; ZHAO Jizhong; HOU Di; NIU Yujie
2007-01-01
A context-aware privacy protection framework was designed for context-aware services and privacy control methods about access personal information in pervasive environment. In the process of user's privacy decision, it can produce fuzzy privacy decision as the change of personal information sensitivity and personal information receiver trust. The uncertain privacy decision model was proposed about personal information disclosure based on the change of personal information receiver trust and personal information sensitivity. A fuzzy privacy decision information system was designed according to this model. Personal privacy control policies can be extracted from this information system by using rough set theory. It also solves the problem about learning privacy control policies of personal information disclosure.
-
DEFF Research Database (Denmark)
Gerdes, Anne; Larsen, Henrik Legind; Rouces, Jacobo
2013-01-01
This paper clarifies privacy challenges related to the EU project, ePOOLICE, which aims at developing an environmental scanning system for fighting organized crime by improving law enforcement agencies opportunities for strategic proactive planning in response to emerging organized crime threats...... privacy all through the system design process....
-
UnLynx: A Decentralized System for Privacy-Conscious Data Sharing
Directory of Open Access Journals (Sweden)
Froelicher David
2017-10-01
Full Text Available Current solutions for privacy-preserving data sharing among multiple parties either depend on a centralized authority that must be trusted and provides only weakest-link security (e.g., the entity that manages private/secret cryptographic keys, or leverage on decentralized but impractical approaches (e.g., secure multi-party computation. When the data to be shared are of a sensitive nature and the number of data providers is high, these solutions are not appropriate. Therefore, we present UnLynx, a new decentralized system for efficient privacy-preserving data sharing. We consider m servers that constitute a collective authority whose goal is to verifiably compute on data sent from n data providers. UnLynx guarantees the confidentiality, unlinkability between data providers and their data, privacy of the end result and the correctness of computations by the servers. Furthermore, to support differentially private queries, UnLynx can collectively add noise under encryption. All of this is achieved through a combination of a set of new distributed and secure protocols that are based on homomorphic cryptography, verifiable shuffling and zero-knowledge proofs. UnLynx is highly parallelizable and modular by design as it enables multiple security/privacy vs. runtime tradeoffs. Our evaluation shows that UnLynx can execute a secure survey on 400,000 personal data records containing 5 encrypted attributes, distributed over 20 independent databases, for a total of 2,000,000 ciphertexts, in 24 minutes.
-
76 FR 51869 - Privacy Act Implementation
2011-08-19
... permanent residence. Maintain includes collect, use, disseminate, or control. Privacy Act means the Privacy... announces the creation, deletion, or amendment of one or more system of records. System of records notices... reference and university libraries or electronically at the [[Page 51873
-
Ensuring the security and privacy of information in mobile health-care communication systems
Directory of Open Access Journals (Sweden)
Ademola P. Abidoye
2011-09-01
Full Text Available The sensitivity of health-care information and its accessibility via the Internet and mobile technology systems is a cause for concern in these modern times. The privacy, integrity and confidentiality of a patient’s data are key factors to be considered in the transmission of medical information for use by authorised health-care personnel. Mobile communication has enabled medical consultancy, treatment, drug administration and the provision of laboratory results to take place outside the hospital. With the implementation of electronic patient records and the Internet and Intranets, medical information sharing amongst relevant health-care providers was made possible. But the vital issue in this method of information sharing is security: the patient’s privacy, as well as the confidentiality and integrity of the health-care information system, should not be compromised. We examine various ways of ensuring the security and privacy of a patient’s electronic medical information in order to ensure the integrity and confidentiality of the information.
-
A Model-Based Privacy Compliance Checker
Siani Pearson; Damien Allison
2009-01-01
Increasingly, e-business organisations are coming under pressure to be compliant to a range of privacy legislation, policies and best practice. There is a clear need for high-level management and administrators to be able to assess in a dynamic, customisable way the degree to which their enterprise complies with these. We outline a solution to this problem in the form of a model-driven automated privacy process analysis and configuration checking system. This system models privacy compliance ...
-
78 FR 5784 - Privacy Act of 1974; System of Records
2013-01-28
... records. SUMMARY: The Defense Finance and Accounting Service proposes to alter a system of records in its.... FOR FURTHER INFORMATION CONTACT: Mr. Gregory Outlaw, Defense Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate Communications, DFAS-HKC/IN, 8899 E. 56th...
-
78 FR 16837 - Privacy Act of 1974; System of Records
2013-03-19
... uses this information to obtain customer feedback concerning their service experience and the level of... listed under ``COMMERCE/ PAT-TM-20 Customer Call Center, Assistance and Satisfaction Survey Records... through the agency's telephone support system or customer service centers. The Privacy Act notice is being...
-
77 FR 73973 - Privacy Act of 1974, System of Records
2012-12-12
... will become effective on January 25, 2013. ADDRESSES: You may submit comments: Paper Comments Fax: (703... requiring protection under the Privacy Act. It is USAID's core financial management system and accounting..., Accounts Receivables, and Budget Execution, which are required to perform necessary accounting operations...
-
77 FR 34943 - Privacy Act of 1974; System of Records
2012-06-12
... DEPARTMENT OF EDUCATION Privacy Act of 1974; System of Records AGENCY: Office of Planning..., 2012. FOR FURTHER INFORMATION CONTACT: Carmel Martin, Assistant Secretary for Planning, Evaluation and... 20202- 4500. Telephone: (202) 401-3676. If you use a telecommunications device for the deaf (TDD) or a...
-
77 FR 56676 - Privacy Act of 1974; System of Records
2012-09-13
... of records to account for the previous omission of an accounting of disclosure when records may be.... Accounting of disclosure records: The date, nature, and purpose of each disclosure of a Privacy Act covered..., including FOIA and Privacy Act requests, and to comply with FOIA and Privacy Act disclosure accounting and...
-
2013-02-11
... DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT [Docket No. FR-5613-N-06-C] Privacy Act of 1974; New System of Records, Office of General Counsel E-Discovery Management System: Republication of System.... SUMMARY: Pursuant to the provision of the Privacy Act of 1974, HUD is providing notice of its formal...
-
Privacy and Security Research Group workshop on network and distributed system security: Proceedings
Energy Technology Data Exchange (ETDEWEB)
1993-05-01
This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.
-
Security And Privacy Issues in Health Monitoring Systems: eCare@Home Case Study
DEFF Research Database (Denmark)
Wearing, Thomas; Dragoni, Nicola
2016-01-01
Automated systems for monitoring elderly people in their home are becoming more and more common. Indeed, an increasing number of home sensor networks for healthcare can be found in the recent literature, indicating a clear research direction in smart homes for health-care. Although the huge amount...... of sensitive data these systems deal with and expose to the external world, security and privacy issues are surpris-ingly not taken into consideration. The aim of this paper is to raise some key security and privacy issues that home health monitor systems should face with. The analysis is based on a real world...... monitoring sensor network for healthcare built in the context of the eCare@Home project....
-
76 FR 72325 - Privacy Act; Exempt Record System
2011-11-23
... DEPARTMENT OF HEALTH AND HUMAN SERVICES 45 CFR Part 5b RIN 0906-AA91 Privacy Act; Exempt Record... are guaranteed access to, and correction rights for, substantive information reported to the NPDB. The procedures, appearing in 45 CFR part 60, use the Privacy Act access and correction procedures as a basic...
-
2011-11-23
... http://www.regulations.gov . FOR FURTHER INFORMATION CONTACT: For general questions and privacy issues... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0094] Privacy Act of 1974; Department of Homeland Security/ALL--017 General Legal Records System of Records AGENCY: Privacy...
-
78 FR 14280 - Privacy Act of 1974; System of Records
2013-03-05
... Records. SUMMARY: The Defense Finance and Accounting Service proposes to alter a system of records notice... information. FOR FURTHER INFORMATION CONTACT: Mr. Gregory L. Outlaw, Defense Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate Communications, DFAS-HKC/IN, 8899 E. 56th...
-
78 FR 14286 - Privacy Act of 1974; System of Records
2013-03-05
... Records. SUMMARY: The Defense Finance and Accounting Service proposes to amend a system of records in its... information. FOR FURTHER INFORMATION CONTACT: Mr. Gregory L. Outlaw, Defense Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate Communications, DFAS-HKC/IN, 8899 E. 56th...
-
78 FR 14285 - Privacy Act of 1974; System of Records
2013-03-05
... Records. SUMMARY: The Defense Finance and Accounting Service proposes to alter a system of records in its.... FOR FURTHER INFORMATION CONTACT: Mr. Gregory L. Outlaw, Defense Finance and Accounting Service, Freedom of Information/Privacy Act Program Manager, Corporate Communications, DFAS-HKC/IN, 8899 E. 56th...
-
75 FR 67700 - Privacy Act of 1974; System of Records
2010-11-03
... DEPARTMENT OF DEFENSE Department of the Army [Docket ID USA-2010-0023] Privacy Act of 1974; System... Medical Examination with supporting documentation, the Report of Medical History, and any other reporting... Report of Medical Examination with supporting documentation, the Report of Medical History, and any other...
-
2010-07-01
... 31 Money and Finance: Treasury 1 2010-07-01 2010-07-01 false Privacy Act. 0.216 Section 0.216... RULES OF CONDUCT Rules of Conduct § 0.216 Privacy Act. Employees involved in the design, development, operation, or maintenance of any system of records or in maintaining records subject to the Privacy Act of...
-
78 FR 73508 - Privacy Act of 1974; System of Records
2013-12-06
....gov/privacy/SORNs/component/airforce/index.html . The proposed systems reports, as required by 5 U.S.C..., citizenship, military and/or federal civilian service information, and private and professional affiliations... (or certify, verify, or state) under penalty of perjury under the laws of the United States of America...
-
Security and privacy in electronic health records: a systematic literature review.
Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio
2013-06-01
To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright
-
Location privacy protection in mobile networks
Liu, Xinxin
2013-01-01
This SpringerBrief analyzes the potential privacy threats in wireless and mobile network environments, and reviews some existing works. It proposes multiple privacy preserving techniques against several types of privacy threats that are targeting users in a mobile network environment. Depending on the network architecture, different approaches can be adopted. The first proposed approach considers a three-party system architecture where there is a trusted central authority that can be used to protect users? privacy. The second approach considers a totally distributed environment where users per
-
75 FR 47797 - Privacy Act of 1974; System of Records
2010-08-09
... Officer, Department of Defense. Deletion: S330.40 CAHS System name: Employee Assistance Program Records (August 27, 1999; 64 FR 46889). Reason: This collection is covered under the existing DHHS/FOH EAP Privacy notice 09-90-0010, entitled ``Employee Assistance Program (EAP) Records, HHS/OS/ASAM/OHR.'' [FR Doc. 2010...
-
A Taxonomy of Privacy Constructs for Privacy-Sensitive Robotics
Rueben, Matthew; Grimm, Cindy M.; Bernieri, Frank J.; Smart, William D.
2017-01-01
The introduction of robots into our society will also introduce new concerns about personal privacy. In order to study these concerns, we must do human-subject experiments that involve measuring privacy-relevant constructs. This paper presents a taxonomy of privacy constructs based on a review of the privacy literature. Future work in operationalizing privacy constructs for HRI studies is also discussed.
-
DEFF Research Database (Denmark)
Sørensen, Lene Tolstrup; Khajuria, Samant; Skouby, Knud Erik
2015-01-01
Currently, the discussions are going on the elements and definition of 5G networks. One of the elements in this discussion is how to provide for user controlled privacy for securing users' digital interaction. The purpose of this paper is to present elements of user controlled privacy needed...... for the future 5G networks. The paper concludes that an ecosystem consisting of Trusted Third Party between the end user and the service providers as a distributed system could be integrated to secure the perspective of user controlled privacy for future systems...
-
Li, Hongtao; Guo, Feng; Zhang, Wenyin; Wang, Jie; Xing, Jinsheng
2018-02-14
The widely use of IoT technologies in healthcare services has pushed forward medical intelligence level of services. However, it also brings potential privacy threat to the data collection. In healthcare services system, health and medical data that contains privacy information are often transmitted among networks, and such privacy information should be protected. Therefore, there is a need for privacy-preserving data collection (PPDC) scheme to protect clients (patients) data. We adopt (a,k)-anonymity model as privacy pretection scheme for data collection, and propose a novel anonymity-based PPDC method for healthcare services in this paper. The threat model is analyzed in the client-server-to-user (CS2U) model. On client-side, we utilize (a,k)-anonymity notion to generate anonymous tuples which can resist possible attack, and adopt a bottom-up clustering method to create clusters that satisfy a base privacy level of (a 1 ,k 1 )-anonymity. On server-side, we reduce the communication cost through generalization technology, and compress (a 1 ,k 1 )-anonymous data through an UPGMA-based cluster combination method to make the data meet the deeper level of privacy (a 2 ,k 2 )-anonymity (a 1 ≥ a 2 , k 2 ≥ k 1 ). Theoretical analysis and experimental results prove that our scheme is effective in privacy-preserving and data quality.
-
Privacy preserving surveillance and the tracking-paradox
Greiner, S.; Birnstill, Pascal; Krempel, Erik; Beckert, B.; Beyerer, Jürgen
2013-01-01
Increasing capabilities of intelligent video surveillance systems impose new threats to privacy while, at the same time, offering opportunities for reducing the privacy invasiveness of surveillance measures as well as their selectivity. We show that aggregating more data about observed people does not necessarily lead to less privacy, but can increase the selectivity of surveillance measures. In case of video surveillance in a company environment, if we enable the system to authenticate emplo...
-
Trust information-based privacy architecture for ubiquitous health.
Ruotsalainen, Pekka Sakari; Blobel, Bernd; Seppälä, Antto; Nykänen, Pirkko
2013-10-08
Ubiquitous health is defined as a dynamic network of interconnected systems that offers health services independent of time and location to a data subject (DS). The network takes place in open and unsecure information space. It is created and managed by the DS who sets rules that regulate the way personal health information is collected and used. Compared to health care, it is impossible in ubiquitous health to assume the existence of a priori trust between the DS and service providers and to produce privacy using static security services. In ubiquitous health features, business goals and regulations systems followed often remain unknown. Furthermore, health care-specific regulations do not rule the ways health data is processed and shared. To be successful, ubiquitous health requires novel privacy architecture. The goal of this study was to develop a privacy management architecture that helps the DS to create and dynamically manage the network and to maintain information privacy. The architecture should enable the DS to dynamically define service and system-specific rules that regulate the way subject data is processed. The architecture should provide to the DS reliable trust information about systems and assist in the formulation of privacy policies. Furthermore, the architecture should give feedback upon how systems follow the policies of DS and offer protection against privacy and trust threats existing in ubiquitous environments. A sequential method that combines methodologies used in system theory, systems engineering, requirement analysis, and system design was used in the study. In the first phase, principles, trust and privacy models, and viewpoints were selected. Thereafter, functional requirements and services were developed on the basis of a careful analysis of existing research published in journals and conference proceedings. Based on principles, models, and requirements, architectural components and their interconnections were developed using system
-
Privacy Protection Research of Mobile RFID
Institute of Scientific and Technical Information of China (English)
2007-01-01
Radio Frequency Identification is one of the most controversial technologies at present.It is very difficult to detect who reads a tag incorporated into products owned by a person,a significant concern to privacy threats in RFID system arises from this reason.User privacy problem is prior considersion for mobile RFID service,because most mobile RFID service based on end-user service.Propose a solution for user privacy protection,which is a modification of EPC Class 1 Generation 2 protocol,and introduce a privacy protection scenario for mobile RFID service using this method.
-
76 FR 44888 - Privacy Act of 1974, System of Records
2011-07-27
... Privacy Act of 1974 (5 U.S.C. 552a), as amended, entitled ``USAID-30, Google Apps Business Edition''. This... . SUPPLEMENTARY INFORMATION: The Google Apps Business Edition is being established as an Agency-wide system of...'') cloud computing model. The suite is composed of Gmail for e-mail, Google Docs for office productivity...
-
78 FR 41920 - Privacy Act of 1974; System of Records
2013-07-12
... Civil Liberties Office Web site at http://dpclo.defense.gov/privacy/SORNs/component/army/index.html... systems of records notices. Individual should provide full name, SSN and/or DoD ID number and military... penalty of perjury under the laws of the United States of America that the foregoing is true and correct...
-
Privacy under construction : A developmental perspective on privacy perception
Steijn, W.M.P.; Vedder, A.H.
2015-01-01
We present a developmental perspective regarding the difference in perceptions toward privacy between young and old. Here, we introduce the notion of privacy conceptions, that is, the specific ideas that individuals have regarding what privacy actually is. The differences in privacy concerns often
-
Beyond individual-centric privacy : Information technology in social systems
Pieters, W.
2017-01-01
In the public debate, social implications of information technology are mainly seen through the privacy lens. Impact assessments of information technology are also often limited to privacy impact assessments, which are focused on individual rights and well-being, as opposed to the social
-
48 CFR 352.224-70 - Privacy Act.
2010-10-01
... 48 Federal Acquisition Regulations System 4 2010-10-01 2010-10-01 false Privacy Act. 352.224-70... SOLICITATION PROVISIONS AND CONTRACT CLAUSES Texts of Provisions and Clauses 352.224-70 Privacy Act. As prescribed in 324.103(b)(2), the Contracting Officer shall insert the following clause: Privacy Act (January...
-
Privacy Bridges: EU and US Privacy Experts In Search of Transatlantic Privacy Solutions
Abramatic, J.-F.; Bellamy, B.; Callahan, M.E.; Cate, F.; van Eecke, P.; van Eijk, N.; Guild, E.; de Hert, P.; Hustinx, P.; Kuner, C.; Mulligan, D.; O'Connor, N.; Reidenberg, J.; Rubinstein, I.; Schaar, P.; Shadbolt, N.; Spiekermann, S.; Vladeck, D.; Weitzner, D.J.; Zuiderveen Borgesius, F.; Hagenauw, D.; Hijmans, H.
2015-01-01
The EU and US share a common commitment to privacy protection as a cornerstone of democracy. Following the Treaty of Lisbon, data privacy is a fundamental right that the European Union must proactively guarantee. In the United States, data privacy derives from constitutional protections in the
-
A Generic Privacy Quantification Framework for Privacy-Preserving Data Publishing
Zhu, Zutao
2010-01-01
In recent years, the concerns about the privacy for the electronic data collected by government agencies, organizations, and industries are increasing. They include individual privacy and knowledge privacy. Privacy-preserving data publishing is a research branch that preserves the privacy while, at the same time, withholding useful information in…
-
Protecting privacy in a clinical data warehouse.
Kong, Guilan; Xiao, Zhichun
2015-06-01
Peking University has several prestigious teaching hospitals in China. To make secondary use of massive medical data for research purposes, construction of a clinical data warehouse is imperative in Peking University. However, a big concern for clinical data warehouse construction is how to protect patient privacy. In this project, we propose to use a combination of symmetric block ciphers, asymmetric ciphers, and cryptographic hashing algorithms to protect patient privacy information. The novelty of our privacy protection approach lies in message-level data encryption, the key caching system, and the cryptographic key management system. The proposed privacy protection approach is scalable to clinical data warehouse construction with any size of medical data. With the composite privacy protection approach, the clinical data warehouse can be secure enough to keep the confidential data from leaking to the outside world. © The Author(s) 2014.
-
2010-10-01
... 45 Public Welfare 4 2010-10-01 2010-10-01 false What Privacy Act exemptions or control of systems of records are exempt from disclosure? 2508.19 Section 2508.19 Public Welfare Regulations Relating to... ACT OF 1974 § 2508.19 What Privacy Act exemptions or control of systems of records are exempt from...
-
Business Information Exchange System with Security, Privacy, and Anonymity
Directory of Open Access Journals (Sweden)
Sead Muftic
2016-01-01
Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.
-
Choose Privacy Week: Educate Your Students (and Yourself) about Privacy
Adams, Helen R.
2016-01-01
The purpose of "Choose Privacy Week" is to encourage a national conversation to raise awareness of the growing threats to personal privacy online and in day-to-day life. The 2016 Choose Privacy Week theme is "respecting individuals' privacy," with an emphasis on minors' privacy. A plethora of issues relating to minors' privacy…
-
The Privacy Coach: Supporting customer privacy in the Internet of Things
Broenink, Gerben; Hoepman, Jaap-Henk; Hof, Christian van 't; van Kranenburg, Rob; Smits, David; Wisman, Tijmen
2010-01-01
The Privacy Coach is an application running on a mobile phone that supports customers in making privacy decisions when confronted with RFID tags. The approach we take to increase customer privacy is a radical departure from the mainstream research efforts that focus on implementing privacy enhancing technologies on the RFID tags themselves. Instead the Privacy Coach functions as a mediator between customer privacy preferences and corporate privacy policies, trying to find a match between the ...
-
Extending SQL to Support Privacy Policies
Ghazinour, Kambiz; Pun, Sampson; Majedi, Maryam; Chinaci, Amir H.; Barker, Ken
Increasing concerns over Internet applications that violate user privacy by exploiting (back-end) database vulnerabilities must be addressed to protect both customer privacy and to ensure corporate strategic assets remain trustworthy. This chapter describes an extension onto database catalogues and Structured Query Language (SQL) for supporting privacy in Internet applications, such as in social networks, e-health, e-governmcnt, etc. The idea is to introduce new predicates to SQL commands to capture common privacy requirements, such as purpose, visibility, generalization, and retention for both mandatory and discretionary access control policies. The contribution is that corporations, when creating the underlying databases, will be able to define what their mandatory privacy policies arc with which all application users have to comply. Furthermore, each application user, when providing their own data, will be able to define their own privacy policies with which other users have to comply. The extension is supported with underlying catalogues and algorithms. The experiments demonstrate a very reasonable overhead for the extension. The result is a low-cost mechanism to create new systems that arc privacy aware and also to transform legacy databases to their privacy-preserving equivalents. Although the examples arc from social networks, one can apply the results to data security and user privacy of other enterprises as well.
-
Information privacy in organizations: empowering creative and extrarole performance.
Alge, Bradley J; Ballinger, Gary A; Tangirala, Subrahmaniam; Oakley, James L
2006-01-01
This article examines the relationship of employee perceptions of information privacy in their work organizations and important psychological and behavioral outcomes. A model is presented in which information privacy predicts psychological empowerment, which in turn predicts discretionary behaviors on the job, including creative performance and organizational citizenship behavior (OCB). Results from 2 studies (Study 1: single organization, N=310; Study 2: multiple organizations, N=303) confirm that information privacy entails judgments of information gathering control, information handling control, and legitimacy. Moreover, a model linking information privacy to empowerment and empowerment to creative performance and OCBs was supported. Findings are discussed in light of organizational attempts to control employees through the gathering and handling of their personal information. (c) 2006 APA, all rights reserved.
-
2012-07-17
... DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT [Docket No. FR-5613-N-06] Privacy Act of 1974; Notice of a New System of Records, Office of General Counsel E-Discovery Management System AGENCY: Office of the Chief Information Officer. ACTION: Notification of New Privacy Act System of Records, E-Discovery...
-
Not All Adware Is Badware: Towards Privacy-Aware Advertising
Haddadi, Hamed; Guha, Saikat; Francis, Paul
Online advertising is a major economic force in the Internet today. A basic goal of any advertising system is to accurately target the ad to the recipient audience. While Internet technology brings the promise of extremely well-targeted ad placement, there have always been serious privacy concerns surrounding personalization. Today there is a constant battle between privacy advocates and advertisers, where advertisers try to push new personalization technologies, and privacy advocates try to stop them. As long as privacy advocates, however, are unable to propose an alternative personalization system that is private, this is a battle they are destined to lose. This paper presents the framework for such an alternative system, the Private Verifiable Advertising (Privad). We describe the privacy issues associated with today’s advertising systems, describe Privad, and discuss its pros and cons and the challenges that remain.
-
Privacy preserving processing of genomic data: A survey.
Akgün, Mete; Bayrak, A Osman; Ozer, Bugra; Sağıroğlu, M Şamil
2015-08-01
Recently, the rapid advance in genome sequencing technology has led to production of huge amount of sensitive genomic data. However, a serious privacy challenge is confronted with increasing number of genetic tests as genomic data is the ultimate source of identity for humans. Lately, privacy threats and possible solutions regarding the undesired access to genomic data are discussed, however it is challenging to apply proposed solutions to real life problems due to the complex nature of security definitions. In this review, we have categorized pre-existing problems and corresponding solutions in more understandable and convenient way. Additionally, we have also included open privacy problems coming with each genomic data processing procedure. We believe our classification of genome associated privacy problems will pave the way for linking of real-life problems with previously proposed methods. Copyright © 2015 Elsevier Inc. All rights reserved.
-
Stalla-Bourdillon, Sophie; Ryan, Mark D
2014-01-01
Securing privacy in the current environment is one of the great challenges of today's democracies. Privacy vs. Security explores the issues of privacy and security and their complicated interplay, from a legal and a technical point of view. Sophie Stalla-Bourdillon provides a thorough account of the legal underpinnings of the European approach to privacy and examines their implementation through privacy, data protection and data retention laws. Joshua Philips and Mark D. Ryan focus on the technological aspects of privacy, in particular, on today's attacks on privacy by the simple use of today'
-
Cooperative advanced Driver assistance Systems - Technological measures for data privacy compliance
Jäger, Hubert; Schnieder, Lars
2016-01-01
Cooperative advanced driver assistance systems (ADAS) will contribute to road traffic safety: Critical situations will be detected, the driver alerted and control of the vehicle interfered with automatically. However, the introduction of such driver assistance systems presupposes that data privacy issues have already been solved in advance. A necessary condition for the driver to accept and trust new Driver assistance systems is that his/her personal and personally identifiable data will be t...
-
Siljee B.I.J.
2015-01-01
This paper describes two privacy patterns for creating privacy transparency: the Personal Data Table pattern and the Privacy Policy Icons pattern, as well as a full overview of privacy transparency patterns. It is a first step in creating a full set of privacy design patterns, which will aid
-
77 FR 65049 - Privacy Act; System of Records: Translator and Interpreter Records, State-37
2012-10-24
... DEPARTMENT OF STATE [Public Notice 8066] Privacy Act; System of Records: Translator and... an existing system of records, Translator and Interpreter Records, State-37, pursuant to the... INFORMATION: The Department of State proposes that the current system will retain the name ``Translator and...
-
Privacy Awareness: A Means to Solve the Privacy Paradox?
Pötzsch, Stefanie
People are limited in their resources, i.e. they have limited memory capabilities, cannot pay attention to too many things at the same time, and forget much information after a while; computers do not suffer from these limitations. Thus, revealing personal data in electronic communication environments and being completely unaware of the impact of privacy might cause a lot of privacy issues later. Even if people are privacy aware in general, the so-called privacy paradox shows that they do not behave according to their stated attitudes. This paper discusses explanations for the existing dichotomy between the intentions of people towards disclosure of personal data and their behaviour. We present requirements on tools for privacy-awareness support in order to counteract the privacy paradox.
-
Security of electronic medical information and patient privacy: what you need to know.
Andriole, Katherine P
2014-12-01
The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.
-
... Home → NLM Privacy Policy URL of this page: https://medlineplus.gov/privacy.html NLM Privacy Policy To ... out of cookies in the most popular browsers, http://www.usa.gov/optout_instructions.shtml. Please note ...
-
75 FR 39669 - Privacy Act of 1974; System of Records
2010-07-12
...In accordance with the Privacy Act of 1974, as amended (Privacy Act), the Department of Education (Department) publishes this notice proposing to revise the system of records notice for the Hotline Complaint Files of the Inspector General (18-10-04), 64 FR 30157-59 (June 4, 1999). The Department proposes to amend this system of records notice by: (1) Adding that a purpose of the system is to report on complaints and allegations related to American Recovery and Reinvestment Act of 2009 (ARRA) funds to the Recovery Accountability and Transparency Board (RATB) as established by the ARRA (Pub. L. 111- 5); (2) adding a new routine use to allow the disclosure of ARRA- related complaints and allegations to the RATB; (3) adding a new routine use to allow for disclosure of information in connection with response and remedial efforts in the event of a data breach in accordance with Office of Management and Budget (OMB) requirements in M-07-16 (May 22, 2007); (4) revising the routine use ``Disclosure to Public and Private Sources in Connection with the Higher Education Act of 1965, as amended (HEA)'' to allow the disclosure of information to an educational institution or a school that is or was a party to an agreement with the Secretary of Education pursuant to the HEA; and (5) updating the address of the System Manager.
-
Concentrated Differential Privacy
Dwork, Cynthia; Rothblum, Guy N.
2016-01-01
We introduce Concentrated Differential Privacy, a relaxation of Differential Privacy enjoying better accuracy than both pure differential privacy and its popular "(epsilon,delta)" relaxation without compromising on cumulative privacy loss over multiple computations.
-
77 FR 52043 - Privacy Act of 1974; Proposed Exempt New System of Records
2012-08-28
... networks. According to DHS' Privacy Impact Assessment for Einstein 2 (available on the DHS Cybersecurity... maintained on portable/mobile storage devices only for valid, business purposes, with prior approval, and in... access (i.e., valid, business need- to-know). Records from this system are available to the System...
-
Mandatory Enforcement of Privacy Policies using Trusted Computing Principles
Kargl, Frank; Schaub, Florian; Dietzel, Stefan
Modern communication systems and information technology create significant new threats to information privacy. In this paper, we discuss the need for proper privacy protection in cooperative intelligent transportation systems (cITS), one instance of such systems. We outline general principles for
-
Dekker, M.A.C.; Etalle, Sandro; den Hartog, Jeremy; Petkovic, M.; Jonker, W.; Jonker, Willem
2007-01-01
Privacy is a prime concern in today's information society. To protect the privacy of individuals, enterprises must follow certain privacy practices, while collecting or processing personal data. In this chapter we look at the setting where an enterprise collects private data on its website,
-
A Mobile, Dynamic, and Privacy-Preserving Matching System for Car and Taxi Pools
Directory of Open Access Journals (Sweden)
Shin-Yan Chiou
2014-01-01
Full Text Available Recently, rates of vehicle ownership have risen globally, exacerbating problems including air pollution, lack of parking, and traffic congestion. While many solutions to these problems have been proposed, carpooling remains one of the most effective approaches. Recently, several carpooling platforms have been built on cloud computing systems, with originators posting online list of departure/arrival points and schedules from which participants can search for rides that match their needs. However, it can be difficult to make matches quickly and the systems are subject to privacy concerns in that they may disclose private information such as names, registration data, and departure/arrival schedules. This paper proposes a dynamic matching method for car/taxi pools for use in mobile devices via ad hoc Wi-Fi networks. The proposed method also preserves user privacy including names and departure/arrival schedules. Moreover, the system does not require the user to register any personal data, so such data cannot be leaked. The system was implemented on the Android mobile platform, allowing users to immediately and securely access the system via their smart phones.
-
Dekker, M.A.C.; Etalle, S.; Hartog, den J.I.; Petkovic, M.; Jonker, W.
2007-01-01
Privacy is a prime concern in today’s information society. To protect the privacy of individuals, enterprises must follow certain privacy practices while collecting or processing personal data. In this chapter we look at the setting where an enterprise collects private data on its website, processes
-
Quantifying the costs and benefits of privacy-preserving health data publishing.
Khokhar, Rashid Hussain; Chen, Rui; Fung, Benjamin C M; Lui, Siu Man
2014-08-01
Cost-benefit analysis is a prerequisite for making good business decisions. In the business environment, companies intend to make profit from maximizing information utility of published data while having an obligation to protect individual privacy. In this paper, we quantify the trade-off between privacy and data utility in health data publishing in terms of monetary value. We propose an analytical cost model that can help health information custodians (HICs) make better decisions about sharing person-specific health data with other parties. We examine relevant cost factors associated with the value of anonymized data and the possible damage cost due to potential privacy breaches. Our model guides an HIC to find the optimal value of publishing health data and could be utilized for both perturbative and non-perturbative anonymization techniques. We show that our approach can identify the optimal value for different privacy models, including K-anonymity, LKC-privacy, and ∊-differential privacy, under various anonymization algorithms and privacy parameters through extensive experiments on real-life data. Copyright © 2014 Elsevier Inc. All rights reserved.
-
Vehicular ad hoc network security and privacy
Lin, X
2015-01-01
Unlike any other book in this area, this book provides innovative solutions to security issues, making this book a must read for anyone working with or studying security measures. Vehicular Ad Hoc Network Security and Privacy mainly focuses on security and privacy issues related to vehicular communication systems. It begins with a comprehensive introduction to vehicular ad hoc network and its unique security threats and privacy concerns and then illustrates how to address those challenges in highly dynamic and large size wireless network environments from multiple perspectives. This book is richly illustrated with detailed designs and results for approaching security and privacy threats.
-
Sankar, Pamela
2003-01-01
During the past 10 years, the number of genetic tests performed more than tripled, and public concern about genetic privacy emerged. The majority of states and the U.S. government have passed regulations protecting genetic information. However, research has shown that concerns about genetic privacy are disproportionate to known instances of information misuse. Beliefs in genetic determinacy explain some of the heightened concern about genetic privacy. Discussion of the debate over genetic testing within families illustrates the most recent response to genetic privacy concerns.
-
Opening More Data : A New Privacy Risk Scoring Model for Open Data
Ali-Eldin, A.M.T.; Zuiderwijk-van Eijk, AMG; Janssen, M.F.W.H.A.
2017-01-01
While the opening of data has become a common practice for both governments and companies, many datasets
are still not published since they might violate privacy regulations. The risk on privacy violations is a factor
that often blocks the publication of data and results in a reserved -
Privacy-Preserving Biometric Authentication: Challenges and Directions
Directory of Open Access Journals (Sweden)
Elena Pagnin
2017-01-01
Full Text Available An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a means of authenticating people due to the wide range of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication. The most characteristic feature of this authentication method is the naturally strong bond between a user and her biometric credentials. This very same advantageous property, however, raises serious security and privacy concerns in case the biometric trait gets compromised. In this article, we present the most challenging issues that need to be taken into consideration when designing secure and privacy-preserving biometric authentication protocols. More precisely, we describe the main threats against privacy-preserving biometric authentication systems and give directions on possible countermeasures in order to design secure and privacy-preserving biometric authentication protocols.
-
On privacy-preserving protocols for smart metering systems security and privacy in smart grids
Borges de Oliveira, Fábio
2017-01-01
This book presents current research in privacy-preserving protocols for smart grids. It contains several approaches and compares them analytically and by means of simulation. In particular, the book introduces asymmetric DC-Nets, which offer an ideal combination of performance and features in comparison with homomorphic encryption; data anonymization via cryptographic protocols; and data obfuscation by means of noise injection or by means of the installation of storage banks. The author shows that this theory can be leveraged into several application scenarios, and how asymmetric DC-Nets are generalizations of additive homomorphic encryption schemes and abstractions of symmetric DC-Nets. The book provides the reader with an understanding about smart grid scenarios, the privacy problem, and the mathematics and algorithms used to solve it.
-
DEFF Research Database (Denmark)
Rosengaard, Hans Ulrik
2015-01-01
En beskrivelse af feltet for forskning i Privacy med særligt henblik på privacys betydning for muligheden for at styre sin egen selvbeskrivelse......En beskrivelse af feltet for forskning i Privacy med særligt henblik på privacys betydning for muligheden for at styre sin egen selvbeskrivelse...
-
Chen, Hsuan-Ting; Chen, Wenghong
2015-01-01
Sampling 515 college students, this study investigates how privacy protection, including profile visibility, self-disclosure, and friending, are influenced by privacy concerns and efficacy regarding one's own ability to manage privacy settings, a factor that researchers have yet to give a great deal of attention to in the context of social networking sites (SNSs). The results of this study indicate an inconsistency in adopting strategies to protect privacy, a disconnect from limiting profile visibility and friending to self-disclosure. More specifically, privacy concerns lead SNS users to limit their profile visibility and discourage them from expanding their network. However, they do not constrain self-disclosure. Similarly, while self-efficacy in privacy management encourages SNS users to limit their profile visibility, it facilitates self-disclosure. This suggests that if users are limiting their profile visibility and constraining their friending behaviors, it does not necessarily mean they will reduce self-disclosure on SNSs because these behaviors are predicted by different factors. In addition, the study finds an interaction effect between privacy concerns and self-efficacy in privacy management on friending. It points to the potential problem of increased risk-taking behaviors resulting from high self-efficacy in privacy management and low privacy concerns.
-
The privacy coach: Supporting customer privacy in the internet of things
Broenink, E.G.; Hoepman, J.H.; Hof, C. van 't; Kranenburg, R. van; Smits, D.; Wisman, T.
2010-01-01
The Privacy Coach is an application running on a mobile phone that supports customers in making privacy decisions when confronted with RFID tags. The approach we take to increase customer privacy is a radical departure from the mainstream research efforts that focus on implementing privacy enhancing
-
Semantic Security: Privacy Definitions Revisited
Jinfei Liu; Li Xiong; Jun Luo
2013-01-01
In this paper we illustrate a privacy framework named Indistinguishabley Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party computation. We introduce three representative privacy notions in the literature, Bayes-optimal privacy for privacy preserving data publishing, differential privacy for statistical data release, and privacy w.r.t. semi-honest behavior in the secure...
-
Privacy and security in teleradiology
International Nuclear Information System (INIS)
Ruotsalainen, Pekka
2010-01-01
Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.
-
Privacy and security in teleradiology
Energy Technology Data Exchange (ETDEWEB)
Ruotsalainen, Pekka [National Institute for Health and Welfare, Helsinki (Finland)], E-mail: pekka.ruotsalainen@THL.fi
2010-01-15
Teleradiology is probably the most successful eHealth service available today. Its business model is based on the remote transmission of radiological images (e.g. X-ray and CT-images) over electronic networks, and on the interpretation of the transmitted images for diagnostic purpose. Two basic service models are commonly used teleradiology today. The most common approach is based on the message paradigm (off-line model), but more developed teleradiology systems are based on the interactive use of PACS/RIS systems. Modern teleradiology is also more and more cross-organisational or even cross-border service between service providers having different jurisdictions and security policies. This paper defines the requirements needed to make different teleradiology models trusted. Those requirements include a common security policy that covers all partners and entities, common security and privacy protection principles and requirements, controlled contracts between partners, and the use of security controls and tools that supporting the common security policy. The security and privacy protection of any teleradiology system must be planned in advance, and the necessary security and privacy enhancing tools should be selected (e.g. strong authentication, data encryption, non-repudiation services and audit-logs) based on the risk analysis and requirements set by the legislation. In any case the teleradiology system should fulfil ethical and regulatory requirements. Certification of the whole teleradiology service system including security and privacy is also proposed. In the future, teleradiology services will be an integrated part of pervasive eHealth. Security requirements for this environment including dynamic and context aware security services are also discussed in this paper.
-
Supporting Privacy of Computations in Mobile Big Data Systems
Directory of Open Access Journals (Sweden)
Sriram Nandha Premnath
2016-05-01
Full Text Available Cloud computing systems enable clients to rent and share computing resources of third party platforms, and have gained widespread use in recent years. Numerous varieties of mobile, small-scale devices such as smartphones, red e-health devices, etc., across users, are connected to one another through the massive internetwork of vastly powerful servers on the cloud. While mobile devices store “private information” of users such as location, payment, health data, etc., they may also contribute “semi-public information” (which may include crowdsourced data such as transit, traffic, nearby points of interests, etc. for data analytics. In such a scenario, a mobile device may seek to obtain the result of a computation, which may depend on its private inputs, crowdsourced data from other mobile devices, and/or any “public inputs” from other servers on the Internet. We demonstrate a new method of delegating real-world computations of resource-constrained mobile clients using an encrypted program known as the garbled circuit. Using the garbled version of a mobile client’s inputs, a server in the cloud executes the garbled circuit and returns the resulting garbled outputs. Our system assures privacy of the mobile client’s input data and output of the computation, and also enables the client to verify that the evaluator actually performed the computation. We analyze the complexity of our system. We measure the time taken to construct the garbled circuit as well as evaluate it for varying number of servers. Using real-world data, we evaluate our system for a practical, privacy preserving search application that locates the nearest point of interest for the mobile client to demonstrate feasibility.
-
76 FR 3098 - Privacy Act of 1974; Systems of Records
2011-01-19
... requests and/or records have been referred to the National Security Agency/Central Security Service (NSA..., Department of Defense Privacy Program; NSA/CSS Policy 1-5; NSA/CSS Freedom of Information Act Program; NSA/CSS Policy 1-34; Implementation of the Privacy Act of 1974; NSA/CSS Policy 1-15, Mandatory...
-
Berridge, Clara
2016-10-01
This study examines articulations of the relationship between privacy and passive monitoring by users and former users of a sensor-based remote monitoring system. A new conceptualization of privacy provides a framework for a constructive analysis of the study's findings with practical implications. Forty-nine in-depth semistructured interviews were conducted with elder residents, family members, and staff of 6 low-income independent living residence apartment buildings where the passive monitoring system had been offered for 6 years. Transcribed interviews were coded into the Dedoose software service and were analyzed using methods of grounded theory. Five diverse articulations of the relationship between privacy and passive monitoring emerged. The system produced new knowledge about residents and enabled staff to decide how much of that knowledge to disclose to residents. They chose not to disclose to residents their reason for following up on system-generated alerts for 2 reasons: concern that feelings of privacy invasion may arise and cause dissatisfaction with the technology, and the knowledge that many resident users did not comprehend the extent of its features and would be alarmed. This research reveals the importance and challenges of obtaining informed consent. It identifies where boundary intrusion can occur in the use of passive monitoring as well as how changes to technology design and practice could create opportunities for residents to manage their own boundaries according to their privacy needs. The diversity of approaches to privacy supports the need for "opportunity for boundary management" to be employed as both a design and practice principle. © The Author 2015. Published by Oxford University Press on behalf of The Gerontological Society of America. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com.
-
Guaranteeing Privacy-Observing Data Exchange
DEFF Research Database (Denmark)
Probst, Christian W.
2016-01-01
Privacy is a major concern in large of parts of the world when exchanging information. Ideally, we would like to be able to have fine-grained control about how information that we deem sensitive can be propagated and used. While privacy policy languages exist, it is not possible to control whether...... the entity that receives data is living up to its own policy specification. In this work we present our initial work on an approach that empowers data owners to specify their privacy preferences, and data consumers to specify their data needs. Using a static analysis of the two specifications, our approach...... then finds a communication scheme that complies with these preferences and needs. While applicable to online transactions, the same techniques can be used in development of IT systems dealing with sensitive data. To the best of our knowledge, no existing privacy policy languages supports negotiation...
-
Location Privacy Techniques in Client-Server Architectures
DEFF Research Database (Denmark)
Jensen, Christian Søndergaard; Lu, Hua; Yiu, Man Lung
2009-01-01
A typical location-based service returns nearby points of interest in response to a user location. As such services are becoming increasingly available and popular, location privacy emerges as an important issue. In a system that does not offer location privacy, users must disclose their exact...... locations in order to receive the desired services. We view location privacy as an enabling technology that may lead to increased use of location-based services. In this chapter, we consider location privacy techniques that work in traditional client-server architectures without any trusted components other....... Third, their effectiveness is independent of the distribution of other users, unlike the k-anonymity approach. The chapter characterizes the privacy models assumed by existing techniques and categorizes these according to their approach. The techniques are then covered in turn according...
-
Aspects of privacy for electronic health records.
Haas, Sebastian; Wohlgemuth, Sven; Echizen, Isao; Sonehara, Noboru; Müller, Günter
2011-02-01
Patients' medical data have been originally generated and maintained by health professionals in several independent electronic health records (EHRs). Centralized electronic health records accumulate medical data of patients to improve their availability and completeness; EHRs are not tied to a single medical institution anymore. Nowadays enterprises with the capacity and knowledge to maintain this kind of databases offer the services of maintaining EHRs and adding personal health data by the patients. These enterprises get access on the patients' medical data and act as a main point for collecting and disclosing personal data to third parties, e.g. among others doctors, healthcare service providers and drug stores. Existing systems like Microsoft HealthVault and Google Health comply with data protection acts by letting the patients decide on the usage and disclosure of their data. But they fail in satisfying essential requirements to privacy. We propose a privacy-protecting information system for controlled disclosure of personal data to third parties. Firstly, patients should be able to express and enforce obligations regarding a disclosure of health data to third parties. Secondly, an organization providing EHRs should neither be able to gain access to these health data nor establish a profile about patients. Copyright © 2010 Elsevier Ireland Ltd. All rights reserved.
-
76 FR 43993 - Privacy Act of 1974; System of Records
2011-07-22
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0081] Privacy Act of 1974... the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed action would be effective... the public is to make these submissions available for public viewing on the Internet at http://www...
-
76 FR 45543 - Privacy Act of 1974; System of Records
2011-07-29
... DEPARTMENT OF DEFENSE Office of the Secretary [Docket ID: DOD-2011-OS-0082] Privacy Act of 1974... subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended. DATES: This proposed action will be... the public is to make these submissions available for public viewing on the Internet at http://www...
-
Understanding Engagement with the Privacy Domain Through Design Research.
Vasalou, A.; Oostveen, A.; Bowers, Christopher; Beale, R.
2015-01-01
This paper reports findings from participatory design research aimed at uncovering how technological interventions can engage users in the domain of privacy. Our work was undertaken in the context of a new design concept “Privacy Trends” whose aspiration is to foster technology users’ digital literacy regarding ongoing privacy risks and elucidate how such risks fit within existing social, organizational and political systems, leading to a longer term privacy concern. Our study reveals two cha...
-
AnonySense: Opportunistic and Privacy-Preserving Context Collection
DEFF Research Database (Denmark)
Triandopoulos, Nikolaos; Kapadia, Apu; Cornelius, Cory
2008-01-01
on tessellation and clustering to protect users' privacy against the system while reporting context, and k-anonymous report aggregation to improve the users' privacy against applications receiving the context. We outline the architecture and security properties of AnonySense, and focus on evaluating our....... We propose AnonySense, a general-purpose architecture for leveraging users' mobile devices for measuring context, while maintaining the privacy of the users.AnonySense features multiple layers of privacy protection-a framework for nodes to receive tasks anonymously, a novel blurring mechanism based...
-
Comparative Approaches to Biobanks and Privacy.
Rothstein, Mark A; Knoppers, Bartha Maria; Harrell, Heather L
2016-03-01
Laws in the 20 jurisdictions studied for this project display many similar approaches to protecting privacy in biobank research. Although few have enacted biobank-specific legislation, many countries address biobanking within other laws. All provide for some oversight mechanisms for biobank research, even though the nature of that oversight varies between jurisdictions. Most have some sort of controlled access system in place for research with biobank specimens. While broad consent models facilitate biobanking, countries without national or federated biobanks have been slow to adopt broad consent. International guidelines have facilitated sharing and generally take a proportional risk approach, but many countries have provisions guiding international sharing and a few even limit international sharing. Although privacy laws may not prohibit international collaborations, the multi-prong approach to privacy unique to each jurisdiction can complicate international sharing. These symposium issues can serve as a resource for explaining the sometimes intricate privacy laws in each studied jurisdiction, outlining the key issues with regards to privacy and biobanking, and serving to describe a framework for the process of harmonization of privacy laws. © 2016 American Society of Law, Medicine & Ethics.
-
Social Media Users’ Legal Consciousness About Privacy
Directory of Open Access Journals (Sweden)
Katharine Sarikakis
2017-02-01
Full Text Available This article explores the ways in which the concept of privacy is understood in the context of social media and with regard to users’ awareness of privacy policies and laws in the ‘Post-Snowden’ era. In the light of presumably increased public exposure to privacy debates, generated partly due to the European “Right to be Forgotten” ruling and the Snowden revelations on mass surveillance, this article explores users’ meaning-making of privacy as a matter of legal dimension in terms of its violations and threats online and users’ ways of negotiating their Internet use, in particular social networking sites. Drawing on the concept of legal consciousness, this article explores through focus group interviews the ways in which social media users negotiate privacy violations and what role their understanding of privacy laws (or lack thereof might play in their strategies of negotiation. The findings are threefold: first, privacy is understood almost universally as a matter of controlling one’s own data, including information disclosure even to friends, and is strongly connected to issues about personal autonomy; second, a form of resignation with respect to control over personal data appears to coexist with a recognized need to protect one’s private data, while respondents describe conscious attempts to circumvent systems of monitoring or violation of privacy, and third, despite widespread coverage of privacy legal issues in the press, respondents’ concerns about and engagement in “self-protecting” tactics derive largely from being personally affected by violations of law and privacy.
-
Privacy context model for dynamic privacy adaptation in ubiquitous computing
Schaub, Florian; Koenings, Bastian; Dietzel, Stefan; Weber, M.; Kargl, Frank
Ubiquitous computing is characterized by the merger of physical and virtual worlds as physical artifacts gain digital sensing, processing, and communication capabilities. Maintaining an appropriate level of privacy in the face of such complex and often highly dynamic systems is challenging. We argue
-
A vision-based system for intelligent monitoring: human behaviour analysis and privacy by context.
Chaaraoui, Alexandros Andre; Padilla-López, José Ramón; Ferrández-Pastor, Francisco Javier; Nieto-Hidalgo, Mario; Flórez-Revuelta, Francisco
2014-05-20
Due to progress and demographic change, society is facing a crucial challenge related to increased life expectancy and a higher number of people in situations of dependency. As a consequence, there exists a significant demand for support systems for personal autonomy. This article outlines the vision@home project, whose goal is to extend independent living at home for elderly and impaired people, providing care and safety services by means of vision-based monitoring. Different kinds of ambient-assisted living services are supported, from the detection of home accidents, to telecare services. In this contribution, the specification of the system is presented, and novel contributions are made regarding human behaviour analysis and privacy protection. By means of a multi-view setup of cameras, people's behaviour is recognised based on human action recognition. For this purpose, a weighted feature fusion scheme is proposed to learn from multiple views. In order to protect the right to privacy of the inhabitants when a remote connection occurs, a privacy-by-context method is proposed. The experimental results of the behaviour recognition method show an outstanding performance, as well as support for multi-view scenarios and real-time execution, which are required in order to provide the proposed services.
-
A Vision-Based System for Intelligent Monitoring: Human Behaviour Analysis and Privacy by Context
Directory of Open Access Journals (Sweden)
Alexandros Andre Chaaraoui
2014-05-01
Full Text Available Due to progress and demographic change, society is facing a crucial challenge related to increased life expectancy and a higher number of people in situations of dependency. As a consequence, there exists a significant demand for support systems for personal autonomy. This article outlines the vision@home project, whose goal is to extend independent living at home for elderly and impaired people, providing care and safety services by means of vision-based monitoring. Different kinds of ambient-assisted living services are supported, from the detection of home accidents, to telecare services. In this contribution, the specification of the system is presented, and novel contributions are made regarding human behaviour analysis and privacy protection. By means of a multi-view setup of cameras, people’s behaviour is recognised based on human action recognition. For this purpose, a weighted feature fusion scheme is proposed to learn from multiple views. In order to protect the right to privacy of the inhabitants when a remote connection occurs, a privacy-by-context method is proposed. The experimental results of the behaviour recognition method show an outstanding performance, as well as support for multi-view scenarios and real-time execution, which are required in order to provide the proposed services.
-
Centralized Duplicate Removal Video Storage System with Privacy Preservation in IoT
Directory of Open Access Journals (Sweden)
Hongyang Yan
2018-06-01
Full Text Available In recent years, the Internet of Things (IoT has found wide application and attracted much attention. Since most of the end-terminals in IoT have limited capabilities for storage and computing, it has become a trend to outsource the data from local to cloud computing. To further reduce the communication bandwidth and storage space, data deduplication has been widely adopted to eliminate the redundant data. However, since data collected in IoT are sensitive and closely related to users’ personal information, the privacy protection of users’ information becomes a challenge. As the channels, like the wireless channels between the terminals and the cloud servers in IoT, are public and the cloud servers are not fully trusted, data have to be encrypted before being uploaded to the cloud. However, encryption makes the performance of deduplication by the cloud server difficult because the ciphertext will be different even if the underlying plaintext is identical. In this paper, we build a centralized privacy-preserving duplicate removal storage system, which supports both file-level and block-level deduplication. In order to avoid the leakage of statistical information of data, Intel Software Guard Extensions (SGX technology is utilized to protect the deduplication process on the cloud server. The results of the experimental analysis demonstrate that the new scheme can significantly improve the deduplication efficiency and enhance the security. It is envisioned that the duplicated removal system with privacy preservation will be of great use in the centralized storage environment of IoT.
-
Centralized Duplicate Removal Video Storage System with Privacy Preservation in IoT.
Yan, Hongyang; Li, Xuan; Wang, Yu; Jia, Chunfu
2018-06-04
In recent years, the Internet of Things (IoT) has found wide application and attracted much attention. Since most of the end-terminals in IoT have limited capabilities for storage and computing, it has become a trend to outsource the data from local to cloud computing. To further reduce the communication bandwidth and storage space, data deduplication has been widely adopted to eliminate the redundant data. However, since data collected in IoT are sensitive and closely related to users' personal information, the privacy protection of users' information becomes a challenge. As the channels, like the wireless channels between the terminals and the cloud servers in IoT, are public and the cloud servers are not fully trusted, data have to be encrypted before being uploaded to the cloud. However, encryption makes the performance of deduplication by the cloud server difficult because the ciphertext will be different even if the underlying plaintext is identical. In this paper, we build a centralized privacy-preserving duplicate removal storage system, which supports both file-level and block-level deduplication. In order to avoid the leakage of statistical information of data, Intel Software Guard Extensions (SGX) technology is utilized to protect the deduplication process on the cloud server. The results of the experimental analysis demonstrate that the new scheme can significantly improve the deduplication efficiency and enhance the security. It is envisioned that the duplicated removal system with privacy preservation will be of great use in the centralized storage environment of IoT.
-
Privacy Preserving Association Rule Mining Revisited: Privacy Enhancement and Resources Efficiency
Mohaisen, Abedelaziz; Jho, Nam-Su; Hong, Dowon; Nyang, Daehun
Privacy preserving association rule mining algorithms have been designed for discovering the relations between variables in data while maintaining the data privacy. In this article we revise one of the recently introduced schemes for association rule mining using fake transactions (FS). In particular, our analysis shows that the FS scheme has exhaustive storage and high computation requirements for guaranteeing a reasonable level of privacy. We introduce a realistic definition of privacy that benefits from the average case privacy and motivates the study of a weakness in the structure of FS by fake transactions filtering. In order to overcome this problem, we improve the FS scheme by presenting a hybrid scheme that considers both privacy and resources as two concurrent guidelines. Analytical and empirical results show the efficiency and applicability of our proposed scheme.
-
Enhancing Security and Privacy in Video Surveillance through Role-Oriented Access Control Mechanism
DEFF Research Database (Denmark)
Mahmood Rajpoot, Qasim
sensitive regions, e.g. faces, from the videos. However, very few research efforts have focused on addressing the security aspects of video surveillance data and on authorizing access to this data. Interestingly, while PETs help protect the privacy of individuals, they may also hinder the usefulness....... Pervasive usage of such systems gives substantial powers to those monitoring the videos and poses a threat to the privacy of anyone observed by the system. Aside from protecting privacy from the outside attackers, it is equally important to protect the privacy of individuals from the inside personnel...... involved in monitoring surveillance data to minimize the chances of misuse of the system, e.g. voyeurism. In this context, several techniques to protect the privacy of individuals, called privacy enhancing techniques (PET) have therefore been proposed in the literature which detect and mask the privacy...
-
Avi Goldfarb; Catherine Tucker
2011-01-01
Information and communication technology now enables firms to collect detailed and potentially intrusive data about their customers both easily and cheaply. This means that privacy concerns are no longer limited to government surveillance and public figures' private lives. The empirical literature on privacy regulation shows that privacy regulation may affect the extent and direction of data-based innovation. We also show that the impact of privacy regulation can be extremely heterogeneous. T...
-
An Efficient and Privacy-Preserving Multiuser Cloud-Based LBS Query Scheme
Directory of Open Access Journals (Sweden)
Lu Ou
2018-01-01
Full Text Available Location-based services (LBSs are increasingly popular in today’s society. People reveal their location information to LBS providers to obtain personalized services such as map directions, restaurant recommendations, and taxi reservations. Usually, LBS providers offer user privacy protection statement to assure users that their private location information would not be given away. However, many LBSs run on third-party cloud infrastructures. It is challenging to guarantee user location privacy against curious cloud operators while still permitting users to query their own location information data. In this paper, we propose an efficient privacy-preserving cloud-based LBS query scheme for the multiuser setting. We encrypt LBS data and LBS queries with a hybrid encryption mechanism, which can efficiently implement privacy-preserving search over encrypted LBS data and is very suitable for the multiuser setting with secure and effective user enrollment and user revocation. This paper contains security analysis and performance experiments to demonstrate the privacy-preserving properties and efficiency of our proposed scheme.
-
Enhanced Internet Mobility and Privacy Using Public Cloud
Directory of Open Access Journals (Sweden)
Ping Zhang
2017-01-01
Full Text Available Internet mobile users are concerned more and more about their privacy nowadays as both researches and real world incidents show that leaking of communication and location privacy can lead to serious consequence, and many research works have been done to anonymize individual user from aggregated location data. However, just the communication itself between the mobile users and their peers or website could collect considerable privacy of the mobile users, such as location history, to other parties. In this paper, we investigated the potential privacy risk of mobile Internet users and proposed a scalable system built on top of public cloud services that can hide mobile user’s network location and traffic from communication peers. This system creates a dynamic distributed proxy network for each mobile user to minimize performance overhead and operation cost.
-
29 CFR 71.50 - General exemptions pursuant to subsection (j) of the Privacy Act.
2010-07-01
... (Investigative Case Tracking Systems/Audit Information Reporting Systems, USDOL/OIG), a system of records... ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 Exemption of Records Systems Under the Privacy Act § 71.50 General exemptions pursuant to subsection (j) of the Privacy Act. (a) The following systems of...
-
77 FR 5062 - Privacy Act of 1974; Consolidation of National Labor Relations Board Systems of Records
2012-02-01
...: Next Generation Case Management System (NxGen) (NLRB-33). NxGen stores electronic case tracking... consolidation of six Privacy Act systems of records notices into one notice: Next Generation Case Management... systems of records notices: Judicial Case Management System--Pending Case List (JCMS-PCL) and Associated...
-
Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A
2014-08-01
With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. Copyright © 2014 The Aurthors. Published by Elsevier Inc. All rights reserved.
-
Users or Students? Privacy in University MOOCS.
Jones, Meg Leta; Regner, Lucas
2016-10-01
Two terms, student privacy and Massive Open Online Courses, have received a significant amount of attention recently. Both represent interesting sites of change in entrenched structures, one educational and one legal. MOOCs represent something college courses have never been able to provide: universal access. Universities not wanting to miss the MOOC wave have started to build MOOC courses and integrate them into the university system in various ways. However, the design and scale of university MOOCs create tension for privacy laws intended to regulate information practices exercised by educational institutions. Are MOOCs part of the educational institutions these laws and policies aim to regulate? Are MOOC users students whose data are protected by aforementioned laws and policies? Many university researchers and faculty members are asked to participate as designers and instructors in MOOCs but may not know how to approach the issues proposed. While recent scholarship has addressed the disruptive nature of MOOCs, student privacy generally, and data privacy in the K-12 system, we provide an in-depth description and analysis of the MOOC phenomenon and the privacy laws and policies that guide and regulate educational institutions today. We offer privacy case studies of three major MOOC providers active in the market today to reveal inconsistencies among MOOC platform and the level and type of legal uncertainty surrounding them. Finally, we provide a list of organizational questions to pose internally to navigate the uncertainty presented to university MOOC teams.
-
2010-07-13
...: Economic Recovery List (ERL) Database, Social Security Administration. SYSTEM CLASSIFICATION: None. SYSTEM... SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Proposed System of Records and Routine Use Disclosures AGENCY: Social Security Administration (SSA). ACTION: Proposed System of Records...
-
Fractional Reserve in Banking System
Valkonen, Maria
2016-01-01
This thesis is aimed to provide understanding of the role of the fractional reserve in the mod-ern banking system worldwide and particularly in Finland. The fractional reserve banking is used worldwide, but the benefits of this system are very disputable. On the one hand, experts say that the fractional reserve is a necessary instrument for the normal business and profit making. On the other hand, sceptics openly criticize the fractional reserve system and blame it for fiat money (money n...
-
Revocable privacy: Principles, use cases, and technologies
Lueks, W.; Everts, M.H.; Hoepman, J.H.
2016-01-01
Security and privacy often seem to be at odds with one another. In this paper, we revisit the design principle of revocable privacy which guides the creation of systems that offer anonymity for people who do not violate a predefined rule, but can still have consequences for people who do violate the
-
Al-Fadhli, Meshal Shehab
2007-01-01
The concept of privacy is hard to understand and is not easy to define, because this concept is linked with several dimensions. Internet Privacy is associated with the use of the Internet and most likely appointed under communications privacy, involving the user of the Internet’s personal information and activities, and the disclosure of them online. This essay is going to present the meaning of privacy and the implications of it for Internet users. Also, this essay will demonstrate some of t...
-
Privacy encounters in Teledialogue
DEFF Research Database (Denmark)
Andersen, Lars Bo; Bøge, Ask Risom; Danholt, Peter
2017-01-01
Privacy is a major concern when new technologies are introduced between public authorities and private citizens. What is meant by privacy, however, is often unclear and contested. Accordingly, this article utilises grounded theory to study privacy empirically in the research and design project...... Teledialogue aimed at introducing new ways for public case managers and placed children to communicate through IT. The resulting argument is that privacy can be understood as an encounter, that is, as something that arises between implicated actors and entails some degree of friction and negotiation....... An argument which is further qualified through the philosophy of Gilles Deleuze. The article opens with a review of privacy literature before continuing to present privacy as an encounter with five different foci: what technologies bring into the encounter; who is related to privacy by implication; what...
-
Inter-organizational future proof EHR systems. A review of the security and privacy related issues.
van der Linden, Helma; Kalra, Dipak; Hasman, Arie; Talmon, Jan
2009-03-01
Identification and analysis of privacy and security related issues that occur when health information is exchanged between health care organizations. Based on a generic scenario questions were formulated to reveal the occurring issues. Possible answers were verified in literature. Ensuring secure health information exchange across organizations requires a standardization of security measures that goes beyond organizational boundaries, such as global definitions of professional roles, global standards for patient consent and semantic interoperable audit logs. As to be able to fully address the privacy and security issues in interoperable EHRs and the long-life virtual EHR it is necessary to realize a paradigm shift from storing all incoming information in a local system to retrieving information from external systems whenever that information is deemed necessary for the care of the patient.
-
75 FR 17938 - Privacy Act of 1974; Deletion of an Existing System of Records
2010-04-08
... DEPARTMENT OF HEALTH AND HUMAN SERVICES Health Resources and Services Administration Privacy Act of 1974; Deletion of an Existing System of Records AGENCY: Department of Health and Human Services... address comments to: Policy Director, Bureau of Clinician Recruitment and Service (BCRS), Health Resources...
-
A Privacy-Preserving Intelligent Medical Diagnosis System Based on Oblivious Keyword Search
Directory of Open Access Journals (Sweden)
Zhaowen Lin
2017-01-01
Full Text Available One of the concerns people have is how to get the diagnosis online without privacy being jeopardized. In this paper, we propose a privacy-preserving intelligent medical diagnosis system (IMDS, which can efficiently solve the problem. In IMDS, users submit their health examination parameters to the server in a protected form; this submitting process is based on Paillier cryptosystem and will not reveal any information about their data. And then the server retrieves the most likely disease (or multiple diseases from the database and returns it to the users. In the above search process, we use the oblivious keyword search (OKS as a basic framework, which makes the server maintain the computational ability but cannot learn any personal information over the data of users. Besides, this paper also provides a preprocessing method for data stored in the server, to make our protocol more efficient.
-
29 CFR 71.52 - Specific exemptions pursuant to subsection (k)(5) of the Privacy Act.
2010-07-01
... (Investigative Case Tracking Systems/Audit Information Reporting Systems, USDOL/OIG), a system of records... AND ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 Exemption of Records Systems Under the Privacy Act § 71.52 Specific exemptions pursuant to subsection (k)(5) of the Privacy Act. (a) The following systems...
-
29 CFR 71.51 - Specific exemptions pursuant to subsection (k)(2) of the Privacy Act.
2010-07-01
... (Investigative Case Tracking Systems/Audit Information Reporting Systems, USDOL/OIG), a system of records... AND ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 Exemption of Records Systems Under the Privacy Act § 71.51 Specific exemptions pursuant to subsection (k)(2) of the Privacy Act. (a) The following systems...
-
Trajectory data privacy protection based on differential privacy mechanism
Gu, Ke; Yang, Lihao; Liu, Yongzhi; Liao, Niandong
2018-05-01
In this paper, we propose a trajectory data privacy protection scheme based on differential privacy mechanism. In the proposed scheme, the algorithm first selects the protected points from the user’s trajectory data; secondly, the algorithm forms the polygon according to the protected points and the adjacent and high frequent accessed points that are selected from the accessing point database, then the algorithm calculates the polygon centroids; finally, the noises are added to the polygon centroids by the differential privacy method, and the polygon centroids replace the protected points, and then the algorithm constructs and issues the new trajectory data. The experiments show that the running time of the proposed algorithms is fast, the privacy protection of the scheme is effective and the data usability of the scheme is higher.
-
Privacy preserving interactive record linkage (PPIRL).
Kum, Hye-Chung; Krishnamurthy, Ashok; Machanavajjhala, Ashwin; Reiter, Michael K; Ahalt, Stanley
2014-01-01
Record linkage to integrate uncoordinated databases is critical in biomedical research using Big Data. Balancing privacy protection against the need for high quality record linkage requires a human-machine hybrid system to safely manage uncertainty in the ever changing streams of chaotic Big Data. In the computer science literature, private record linkage is the most published area. It investigates how to apply a known linkage function safely when linking two tables. However, in practice, the linkage function is rarely known. Thus, there are many data linkage centers whose main role is to be the trusted third party to determine the linkage function manually and link data for research via a master population list for a designated region. Recently, a more flexible computerized third-party linkage platform, Secure Decoupled Linkage (SDLink), has been proposed based on: (1) decoupling data via encryption, (2) obfuscation via chaffing (adding fake data) and universe manipulation; and (3) minimum information disclosure via recoding. We synthesize this literature to formalize a new framework for privacy preserving interactive record linkage (PPIRL) with tractable privacy and utility properties and then analyze the literature using this framework. Human-based third-party linkage centers for privacy preserving record linkage are the accepted norm internationally. We find that a computer-based third-party platform that can precisely control the information disclosed at the micro level and allow frequent human interaction during the linkage process, is an effective human-machine hybrid system that significantly improves on the linkage center model both in terms of privacy and utility.
-
A framework for privacy and security analysis of probe-based traffic information systems
Canepa, Edward S.; Claudel, Christian G.
2013-01-01
Most large scale traffic information systems rely on fixed sensors (e.g. loop detectors, cameras) and user generated data, this latter in the form of GPS traces sent by smartphones or GPS devices onboard vehicles. While this type of data is relatively inexpensive to gather, it can pose multiple security and privacy risks, even if the location tracks are anonymous. In particular, creating bogus location tracks and sending them to the system is relatively easy. This bogus data could perturb traffic flow estimates, and disrupt the transportation system whenever these estimates are used for actuation. In this article, we propose a new framework for solving a variety of privacy and cybersecurity problems arising in transportation systems. The state of traffic is modeled by the Lighthill-Whitham-Richards traffic flow model, which is a first order scalar conservation law with concave flux function. Given a set of traffic flow data, we show that the constraints resulting from this partial differential equation are mixed integer linear inequalities for some decision variable. The resulting framework is very flexible, and can in particular be used to detect spoofing attacks in real time, or carry out attacks on location tracks. Numerical implementations are performed on experimental data from the Mobile Century experiment to validate this framework. © 2013 ACM.
-
Privacy as Invisibility: Pervasive Surveillance and the Privatization of Peer-to-Peer Systems
Directory of Open Access Journals (Sweden)
Francesca Musiani
2011-06-01
Full Text Available This article addresses the ongoing, increasing privatization of peer-to-peer (P2P file sharing systems – the emergence of systems that users may only join by personal, friend-to-friend invitation. It argues that, within P2P systems, privacy is increasingly coinciding with “mere” invisibility vis-à-vis the rest of the Internet ecosystem because of a trend that has shaped the recent history of P2P technology: The alternation between forms of pervasive surveillance of such systems, and reactions by developers and users to such restrictive measures. Yet, it also suggests that the richness of today’s landscape of P2P technology development and use, mainly in the field of Internet-based services, opens up new dimensions to the conceptualization of privacy, and may give room to a more articulate definition of the concept as related to P2P technology; one that includes not only the need of protection from external attacks, and the temporary outcomes of the competition between surveillance and counter-surveillance measures, but also issues such as user empowerment through better control over personal information, reconfiguration of data management practices, and removal of intermediaries in sharing and communication activities.
-
An innovative privacy preserving technique for incremental datasets on cloud computing.
Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Aljeroudi, Yazan
2016-08-01
Cloud computing (CC) is a magnificent service-based delivery with gigantic computer processing power and data storage across connected communications channels. It imparted overwhelming technological impetus in the internet (web) mediated IT industry, where users can easily share private data for further analysis and mining. Furthermore, user affable CC services enable to deploy sundry applications economically. Meanwhile, simple data sharing impelled various phishing attacks and malware assisted security threats. Some privacy sensitive applications like health services on cloud that are built with several economic and operational benefits necessitate enhanced security. Thus, absolute cyberspace security and mitigation against phishing blitz became mandatory to protect overall data privacy. Typically, diverse applications datasets are anonymized with better privacy to owners without providing all secrecy requirements to the newly added records. Some proposed techniques emphasized this issue by re-anonymizing the datasets from the scratch. The utmost privacy protection over incremental datasets on CC is far from being achieved. Certainly, the distribution of huge datasets volume across multiple storage nodes limits the privacy preservation. In this view, we propose a new anonymization technique to attain better privacy protection with high data utility over distributed and incremental datasets on CC. The proficiency of data privacy preservation and improved confidentiality requirements is demonstrated through performance evaluation. Copyright © 2016 Elsevier Inc. All rights reserved.
-
2012-11-27
... privacy issues, please contact: Jonathan Cantor, (202-343-1717), Acting Chief Privacy Officer, Privacy... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...
-
76 FR 24489 - Privacy Act of 1974; Amendment to System of Records
2011-05-02
... message). Fax: 202-482-9237, Attention: Elaine Newton, Privacy Officer. Mail, Hand Delivery/Courier...: Elaine Newton, Privacy Officer. FOR FURTHER INFORMATION CONTACT: Ms. Newton at the Office of Government... 4685 (Jan. 26, 2009); and in support of this Administration's core principles of the business of...
-
76 FR 21902 - Privacy Act of 1974; Report of a New System of Records
2011-04-19
..., Information and Systems Management Services (ISMS), U.S. Department of Health and Human Services, Parklawn... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... for integrating acquisition with financial management (one interface between HCAS and UFMS) and other...
-
Patient Privacy in the Era of Big Data.
Kayaalp, Mehmet
2018-01-20
Privacy was defined as a fundamental human right in the Universal Declaration of Human Rights at the 1948 United Nations General Assembly. However, there is still no consensus on what constitutes privacy. In this review, we look at the evolution of privacy as a concept from the era of Hippocrates to the era of social media and big data. To appreciate the modern measures of patient privacy protection and correctly interpret the current regulatory framework in the United States, we need to analyze and understand the concepts of individually identifiable information, individually identifiable health information, protected health information, and de-identification. The Privacy Rule of the Health Insurance Portability and Accountability Act defines the regulatory framework and casts a balance between protective measures and access to health information for secondary (scientific) use. The rule defines the conditions when health information is protected by law and how protected health information can be de-identified for secondary use. With the advents of artificial intelligence and computational linguistics, computational text de-identification algorithms produce de-identified results nearly as well as those produced by human experts, but much faster, more consistently and basically for free. Modern clinical text de-identification systems now pave the road to big data and enable scientists to access de-identified clinical information while firmly protecting patient privacy. However, clinical text de-identification is not a perfect process. In order to maximize the protection of patient privacy and to free clinical and scientific information from the confines of electronic healthcare systems, all stakeholders, including patients, health institutions and institutional review boards, scientists and the scientific communities, as well as regulatory and law enforcement agencies must collaborate closely. On the one hand, public health laws and privacy regulations define rules
-
32 CFR Appendix E to Part 806b - Privacy Impact Assessment
2010-07-01
... operating automated information systems. 15 http://www.whitehouse.gov/omb/circulars/a130/a130trans4.html. (4... concerns about highly integrated information systems operated by the government make it imperative to... presents any threats to privacy. (d) What systems have to complete a Privacy Impact Assessment? Accomplish...
-
Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi
2015-08-01
Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.
-
2012-07-23
... Homeland Security, Washington, DC 20478. For privacy issues, please contact: Mary Ellen Callahan (703) 235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0097] Privacy Act of... Assistance Grant Programs System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system...
-
DEFF Research Database (Denmark)
Ryberg, Jesper
2017-01-01
An introduction is presented in which editor discusses various articles within the issue on topics including ethical challenges with importance of privacy for well-being, impact of brain-reading on mind privacy and neurotechnology.......An introduction is presented in which editor discusses various articles within the issue on topics including ethical challenges with importance of privacy for well-being, impact of brain-reading on mind privacy and neurotechnology....
-
Context-Aware Generative Adversarial Privacy
Directory of Open Access Journals (Sweden)
Chong Huang
2017-12-01
Full Text Available Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. On the one hand, context-free privacy solutions, such as differential privacy, provide strong privacy guarantees, but often lead to a significant reduction in utility. On the other hand, context-aware privacy solutions, such as information theoretic privacy, achieve an improved privacy-utility tradeoff, but assume that the data holder has access to dataset statistics. We circumvent these limitations by introducing a novel context-aware privacy framework called generative adversarial privacy (GAP. GAP leverages recent advancements in generative adversarial networks (GANs to allow the data holder to learn privatization schemes from the dataset itself. Under GAP, learning the privacy mechanism is formulated as a constrained minimax game between two players: a privatizer that sanitizes the dataset in a way that limits the risk of inference attacks on the individuals’ private variables, and an adversary that tries to infer the private variables from the sanitized dataset. To evaluate GAP’s performance, we investigate two simple (yet canonical statistical dataset models: (a the binary data model; and (b the binary Gaussian mixture model. For both models, we derive game-theoretically optimal minimax privacy mechanisms, and show that the privacy mechanisms learned from data (in a generative adversarial fashion match the theoretically optimal ones. This demonstrates that our framework can be easily applied in practice, even in the absence of dataset statistics.
-
Context-Aware Generative Adversarial Privacy
Huang, Chong; Kairouz, Peter; Chen, Xiao; Sankar, Lalitha; Rajagopal, Ram
2017-12-01
Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. On the one hand, context-free privacy solutions, such as differential privacy, provide strong privacy guarantees, but often lead to a significant reduction in utility. On the other hand, context-aware privacy solutions, such as information theoretic privacy, achieve an improved privacy-utility tradeoff, but assume that the data holder has access to dataset statistics. We circumvent these limitations by introducing a novel context-aware privacy framework called generative adversarial privacy (GAP). GAP leverages recent advancements in generative adversarial networks (GANs) to allow the data holder to learn privatization schemes from the dataset itself. Under GAP, learning the privacy mechanism is formulated as a constrained minimax game between two players: a privatizer that sanitizes the dataset in a way that limits the risk of inference attacks on the individuals' private variables, and an adversary that tries to infer the private variables from the sanitized dataset. To evaluate GAP's performance, we investigate two simple (yet canonical) statistical dataset models: (a) the binary data model, and (b) the binary Gaussian mixture model. For both models, we derive game-theoretically optimal minimax privacy mechanisms, and show that the privacy mechanisms learned from data (in a generative adversarial fashion) match the theoretically optimal ones. This demonstrates that our framework can be easily applied in practice, even in the absence of dataset statistics.
-
Privacy vs. Reward in Indoor Location-Based Services
Directory of Open Access Journals (Sweden)
Fawaz Kassem
2016-10-01
Full Text Available With the advance of indoor localization technology, indoor location-based services (ILBS are gaining popularity. They, however, accompany privacy concerns. ILBS providers track the users’ mobility to learn more about their behavior, and then provide them with improved and personalized services. Our survey of 200 individuals highlighted their concerns about this tracking for potential leakage of their personal/private traits, but also showed their willingness to accept reduced tracking for improved service. In this paper, we propose PR-LBS (Privacy vs. Reward for Location-Based Service, a system that addresses these seemingly conflicting requirements by balancing the users’ privacy concerns and the benefits of sharing location information in indoor location tracking environments. PR-LBS relies on a novel location-privacy criterion to quantify the privacy risks pertaining to sharing indoor location information. It also employs a repeated play model to ensure that the received service is proportionate to the privacy risk. We implement and evaluate PR-LBS extensively with various real-world user mobility traces. Results show that PR-LBS has low overhead, protects the users’ privacy, and makes a good tradeoff between the quality of service for the users and the utility of shared location data for service providers.
-
A model-driven privacy compliance decision support for medical data sharing in Europe.
Boussi Rahmouni, H; Solomonides, T; Casassa Mont, M; Shiu, S; Rahmouni, M
2011-01-01
Clinical practitioners and medical researchers often have to share health data with other colleagues across Europe. Privacy compliance in this context is very important but challenging. Automated privacy guidelines are a practical way of increasing users' awareness of privacy obligations and help eliminating unintentional breaches of privacy. In this paper we present an ontology-plus-rules based approach to privacy decision support for the sharing of patient data across European platforms. We use ontologies to model the required domain and context information about data sharing and privacy requirements. In addition, we use a set of Semantic Web Rule Language rules to reason about legal privacy requirements that are applicable to a specific context of data disclosure. We make the complete set invocable through the use of a semantic web application acting as an interactive privacy guideline system can then invoke the full model in order to provide decision support. When asked, the system will generate privacy reports applicable to a specific case of data disclosure described by the user. Also reports showing guidelines per Member State may be obtained. The advantage of this approach lies in the expressiveness and extensibility of the modelling and inference languages adopted and the ability they confer to reason with complex requirements interpreted from high level regulations. However, the system cannot at this stage fully simulate the role of an ethics committee or review board.
-
Roche, P A; Annas, G J
2001-05-01
This article outlines the arguments for and against new rules to protect genetic privacy. We explain why genetic information is different to other sensitive medical information, why researchers and biotechnology companies have opposed new rules to protect genetic privacy (and favour anti-discrimination laws instead), and discuss what can be done to protect privacy in relation to genetic-sequence information and to DNA samples themselves.
-
Disentangling privacy from property: toward a deeper understanding of genetic privacy.
Suter, Sonia M
2004-04-01
With the mapping of the human genome, genetic privacy has become a concern to many. People care about genetic privacy because genes play an important role in shaping us--our genetic information is about us, and it is deeply connected to our sense of ourselves. In addition, unwanted disclosure of our genetic information, like a great deal of other personal information, makes us vulnerable to unwanted exposure, stigmatization, and discrimination. One recent approach to protecting genetic privacy is to create property rights in genetic information. This Article argues against that approach. Privacy and property are fundamentally different concepts. At heart, the term "property" connotes control within the marketplace and over something that is disaggregated or alienable from the self. "Privacy," in contrast, connotes control over access to the self as well as things close to, intimately connected to, and about the self. Given these different meanings, a regime of property rights in genetic information would impoverish our understanding of that information, ourselves, and the relationships we hope will be built around and through its disclosure. This Article explores our interests in genetic information in order to deepen our understanding of the ongoing discourse about the distinction between property and privacy. It develops a conception of genetic privacy with a strong relational component. We ordinarily share genetic information in the context of relationships in which disclosure is important to the relationship--family, intimate, doctor-patient, researcher-participant, employer-employee, and insurer-insured relationships. Such disclosure makes us vulnerable to and dependent on the person to whom we disclose it. As a result, trust is essential to the integrity of these relationships and our sharing of genetic information. Genetic privacy can protect our vulnerability in these relationships and enhance the trust we hope to have in them. Property, in contrast, by
-
Regulation of Unmanned Aerial Systems and Related Privacy Issues in Lithuania
Directory of Open Access Journals (Sweden)
Pūraitė Aurelija
2017-12-01
Full Text Available In the past few years the use of unmanned aerial vehicles in Lithuania has significantly increased. However, enjoying the advantages of this technology, which improves society’s socio-economical safety (public safety in a broad sense, raises some privacy concerns. This article analyses European Union and national legal regulations regarding the use of unmanned aerial vehicles as well as legal tools for defence of the right to privacy or prevention from its breaches in the Republic of Lithuania. Unmanned aerial vehicles have become popular only recently; thus, legislation regarding their use has not yet become a common topic among lawyers. Furthermore, case law of the Republic of Lithuania is silent about it. Thus, the authors model a situation of breach of privacy using an unmanned aerial vehicle and analyse possible defence mechanisms.
-
Privacy enhanced group communication in clinical environment
Li, Mingyan; Narayanan, Sreeram; Poovendran, Radha
2005-04-01
Privacy protection of medical records has always been an important issue and is mandated by the recent Health Insurance Portability and Accountability Act (HIPAA) standards. In this paper, we propose security architectures for a tele-referring system that allows electronic group communication among professionals for better quality treatments, while protecting patient privacy against unauthorized access. Although DICOM defines the much-needed guidelines for confidentiality of medical data during transmission, there is no provision in the existing medical security systems to guarantee patient privacy once the data has been received. In our design, we address this issue by enabling tracing back to the recipient whose received data is disclosed to outsiders, using watermarking technique. We present security architecture design of a tele-referring system using a distributed approach and a centralized web-based approach. The resulting tele-referring system (i) provides confidentiality during the transmission and ensures integrity and authenticity of the received data, (ii) allows tracing of the recipient who has either distributed the data to outsiders or whose system has been compromised, (iii) provides proof of receipt or origin, and (iv) can be easy to use and low-cost to employ in clinical environment.
-
Reward-based spatial crowdsourcing with differential privacy preservation
Xiong, Ping; Zhang, Lefeng; Zhu, Tianqing
2017-11-01
In recent years, the popularity of mobile devices has transformed spatial crowdsourcing (SC) into a novel mode for performing complicated projects. Workers can perform tasks at specified locations in return for rewards offered by employers. Existing methods ensure the efficiency of their systems by submitting the workers' exact locations to a centralised server for task assignment, which can lead to privacy violations. Thus, implementing crowsourcing applications while preserving the privacy of workers' location is a key issue that needs to be tackled. We propose a reward-based SC method that achieves acceptable utility as measured by task assignment success rates, while efficiently preserving privacy. A differential privacy model ensures rigorous privacy guarantee, and Laplace noise is introduced to protect workers' exact locations. We then present a reward allocation mechanism that adjusts each piece of the reward for a task using the distribution of the workers' locations. Through experimental results, we demonstrate that this optimised-reward method is efficient for SC applications.
-
Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees.
Ren, Hao; Li, Hongwei; Liang, Xiaohui; He, Shibo; Dai, Yuanshun; Zhao, Lian
2016-09-10
With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one.
-
78 FR 32256 - Privacy Act of 1974; Report of an Altered CMS System of Records Notice
2013-05-29
... 1974; Report of an Altered CMS System of Records Notice AGENCY: Centers for Medicare & Medicaid Services (CMS), Department of Health and Human Services (HHS). ACTION: Altered System of Records Notice (SORN). SUMMARY: In accordance with the requirements of the Privacy Act of 1974 (5 USC 552a), CMS...
-
A home healthcare system in the cloud - Addressing security and privacy challenges
Deng M.; Petkovic M.; Nalin M.; Baroni I.
2011-01-01
Cloud computing is an emerging technology that is expected to support Internet scale critical applications which could be essential to the healthcare sector. Its scalability, resilience, adaptability, connectivity, cost reduction, and high performance features have high potential to lift the efficiency and quality of healthcare. However,it is also important to understand specific risks related to security and privacy that this technology brings. This paper focuses on a home healthcare system ...
-
77 FR 64962 - Privacy Act of 1974, as Amended
2012-10-24
... social media, and recipients of other public relations materials issued by the CFPB about CFPB sponsored... THE BUREAU OF CONSUMER FINANCIAL PROTECTION Privacy Act of 1974, as Amended AGENCY: Bureau of Consumer Financial Protection. ACTION: Notice of Proposed Privacy Act System of Records. SUMMARY: In...
-
Identity management and privacy languages technologies: Improving user control of data privacy
García, José Enrique López; García, Carlos Alberto Gil; Pacheco, Álvaro Armenteros; Organero, Pedro Luis Muñoz
The identity management solutions have the capability to bring confidence to internet services, but this confidence could be improved if user has more control over the privacy policy of its attributes. Privacy languages could help to this task due to its capability to define privacy policies for data in a very flexible way. So, an integration problem arises: making work together both identity management and privacy languages. Despite several proposals for accomplishing this have already been defined, this paper suggests some topics and improvements that could be considered.
-
Privacy-preserving screen capture: towards closing the loop for health IT usability.
Cooley, Joseph; Smith, Sean
2013-08-01
As information technology permeates healthcare (particularly provider-facing systems), maximizing system effectiveness requires the ability to document and analyze tricky or troublesome usage scenarios. However, real-world health IT systems are typically replete with privacy-sensitive data regarding patients, diagnoses, clinicians, and EMR user interface details; instrumentation for screen capture (capturing and recording the scenario depicted on the screen) needs to respect these privacy constraints. Furthermore, real-world health IT systems are typically composed of modules from many sources, mission-critical and often closed-source; any instrumentation for screen capture can rely neither on access to structured output nor access to software internals. In this paper, we present a tool to help solve this problem: a system that combines keyboard video mouse (KVM) capture with automatic text redaction (and interactively selectable unredaction) to produce precise technical content that can enrich stakeholder communications and improve end-user influence on system evolution. KVM-based capture makes our system both application-independent and OS-independent because it eliminates software-interface dependencies on capture targets. Using a corpus of EMR screenshots, we present empirical measurements of redaction effectiveness and processing latency to demonstrate system performances. We discuss how these techniques can translate into instrumentation systems that improve real-world health IT deployments. Copyright © 2013 Elsevier Inc. All rights reserved.
-
Forensic DNA phenotyping: Developing a model privacy impact assessment.
Scudder, Nathan; McNevin, Dennis; Kelty, Sally F; Walsh, Simon J; Robertson, James
2018-05-01
Forensic scientists around the world are adopting new technology platforms capable of efficiently analysing a larger proportion of the human genome. Undertaking this analysis could provide significant operational benefits, particularly in giving investigators more information about the donor of genetic material, a particularly useful investigative lead. Such information could include predicting externally visible characteristics such as eye and hair colour, as well as biogeographical ancestry. This article looks at the adoption of this new technology from a privacy perspective, using this to inform and critique the application of a Privacy Impact Assessment to this emerging technology. Noting the benefits and limitations, the article develops a number of themes that would influence a model Privacy Impact Assessment as a contextual framework for forensic laboratories and law enforcement agencies considering implementing forensic DNA phenotyping for operational use. Copyright © 2018 Elsevier B.V. All rights reserved.
-
Samec, Marek
2010-01-01
This thesis is focused on internet services user privacy. Goal of this thesis is to determine level of user awareness of how is their privacy approached while using internet services. Then suggest procedure to improve this awareness, or that will lead to better control of individual privacy. In theoretical part I analyze general and legislative approach to privacy, followed by analysis of behaviour of internet service users and providers. Part of this analysis deals with usage of web cookies ...
-
Gender and online privacy among teens: risk perception, privacy concerns, and protection behaviors.
Youn, Seounmi; Hall, Kimberly
2008-12-01
Survey data from 395 high school students revealed that girls perceive more privacy risks and have a higher level of privacy concerns than boys. Regarding privacy protection behaviors, boys tended to read unsolicited e-mail and register for Web sites while directly sending complaints in response to unsolicited e-mail. This study found girls to provide inaccurate information as their privacy concerns increased. Boys, however, refrained from registering to Web sites as their concerns increased.
-
Privacy, Liveliness and Fairness for Reputation
Schiffner, Stefan; Clauß, Sebastian; Steinbrecher, Sandra
In various Internet applications, reputation systems are typical means to collect experiences users make with each other. We present a reputation system that balances the security and privacy requirements of all users involed. Our system provides privacy in the form of information theoretic relationship anonymity w.r.t. users and the reputation provider. Furthermore, it preserves liveliness, i.e., all past ratings can influence the current reputation profile of a user. In addition, mutual ratings are forced to be simultaneous and self rating is prevented, which enforces fairness. What is more, without performing mock interactions - even if all users are colluding - users cannot forge ratings. As far as we know, this is the first protocol proposed that fulfills all these properties simultaneously.
-
Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees
Ren, Hao; Li, Hongwei; Liang, Xiaohui; He, Shibo; Dai, Yuanshun; Zhao, Lian
2016-01-01
With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one. PMID:27626417
-
A Survey Paper on Privacy Issue in Cloud Computing
Yousra Abdul Alsahib S. Aldeen; Mazleena Salleh; Mohammad Abdur Razzaque
2015-01-01
In past few years, cloud computing is one of the popular paradigm to host and deliver services over Internet. It is having popularity by offering multiple computing services as cloud storage, cloud hosting and cloud servers etc., for various types of businesses as well as in academics. Though there are several benefits of cloud computing, it suffers from security and privacy challenges. Privacy of cloud system is a serious concern for the customers. Considering the privacy within the cloud th...
-
Privacy in domestic environments
Radics, Peter J; Gracanin, Denis
2011-01-01
non-peer-reviewed While there is a growing body of research on privacy,most of the work puts the focus on information privacy. Physical and psychological privacy issues receive little to no attention. However, the introduction of technology into our lives can cause problems with regard to these aspects of privacy. This is especially true when it comes to our homes, both as nodes of our social life and places for relaxation. This paper presents the results of a study intended to captu...
-
Privacy is an essentially contested concept: a multi-dimensional analytic for mapping privacy
Koopman, Colin; Doty, Nick
2016-01-01
The meaning of privacy has been much disputed throughout its history in response to wave after wave of new technological capabilities and social configurations. The current round of disputes over privacy fuelled by data science has been a cause of despair for many commentators and a death knell for privacy itself for others. We argue that privacy’s disputes are neither an accidental feature of the concept nor a lamentable condition of its applicability. Privacy is essentially contested. Because it is, privacy is transformable according to changing technological and social conditions. To make productive use of privacy’s essential contestability, we argue for a new approach to privacy research and practical design, focused on the development of conceptual analytics that facilitate dissecting privacy’s multiple uses across multiple contexts. This article is part of the themed issue ‘The ethical impact of data science’. PMID:28336797
-
2011-04-18
... Homeland Security, Washington, DC 20520. For privacy issues please contact: Mary Ellen Callahan (703-235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0013] Privacy Act of... Immunization Records System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of...
-
Practical Secure Transaction for Privacy-Preserving Ride-Hailing Services
Directory of Open Access Journals (Sweden)
Chenglong Cao
2018-01-01
Full Text Available Ride-hailing service solves the issue of taking a taxi difficultly in rush hours. It is changing the way people travel and has had a rapid development in recent years. Since the service is offered over the Internet, there is a great deal of uncertainty about security and privacy. Focusing on the issue, we changed payment pattern of existing systems and designed a privacy protection ride-hailing scheme. E-cash was generated by a new partially blind signature protocol that achieves e-cash unforgeability and passenger privacy. Particularly, in the face of a service platform and a payment platform, a passenger is still anonymous. Additionally, a lightweight hash chain was constructed to keep e-cash divisible and reusable, which increases practicability of transaction systems. The analysis shows that the scheme has small communication and computation costs, and it can be effectively applied in the ride-hailing service with privacy protection.
-
Reservation system with graphical user interface
Mohamed, Mahmoud A. Abdelhamid
2012-01-05
Techniques for providing a reservation system are provided. The techniques include displaying a scalable visualization object, wherein the scalable visualization object comprises an expanded view element of the reservation system depicting information in connection with a selected interval of time and a compressed view element of the reservation system depicting information in connection with one or more additional intervals of time, maintaining a visual context between the expanded view and the compressed view within the visualization object, and enabling a user to switch between the expanded view and the compressed view to facilitate use of the reservation system.
-
Efficient and privacy-preserving biometric identification in cloud
Directory of Open Access Journals (Sweden)
Changhee Hahn
2016-09-01
Full Text Available With the rapid growth in the development of smart devices equipped with biometric sensors, client identification system using biometric traits are widely adopted across various applications. Among many biometric traits, fingerprint-based identification systems have been extensively studied and deployed. However, to adopt biometric identification systems in practical applications, two main obstacles in terms of efficiency and client privacy must be resolved simultaneously. That is, identification should be performed at an acceptable time, and only a client should have access to his/her biometric traits, which are not revocable if leaked. Until now, multiple studies have demonstrated successful protection of client biometric data; however, such systems lack efficiency that leads to excessive time utilization for identification. The most recently researched scheme shows efficiency improvements but reveals client biometric traits to other entities such as biometric database server. This violates client privacy. In this paper, we propose an efficient and privacy-preserving fingerprint identification scheme by using cloud systems. The proposed scheme extensively exploits the computation power of a cloud so that most of the laborious computations are performed by the cloud service provider. According to our experimental results on an Amazon EC2 cloud, the proposed scheme is faster than the existing schemes and guarantees client privacy by exploiting symmetric homomorphic encryption. Our security analysis shows that during identification, the client fingerprint data is not disclosed to the cloud service provider or fingerprint database server.
-
Towards Territorial Privacy in Smart Environments
Könings, Bastian; Schaub, Florian; Weber, M.; Kargl, Frank
Territorial privacy is an old concept for privacy of the personal space dating back to the 19th century. Despite its former relevance, territorial privacy has been neglected in recent years, while privacy research and legislation mainly focused on the issue of information privacy. However, with the
-
Bowers, Stacey L.
2006-01-01
This paper summarizes the history of privacy as it relates to library records. It commences with a discussion of how the concept of privacy first originated through case law and follows the concept of privacy as it has affected library records through current day and the "USA PATRIOT Act."
-
2011-08-10
... 7101 Washington, DC 20593. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0053] Privacy Act of... Treatment Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of...
-
Data privacy for the smart grid
Herold, Rebecca
2015-01-01
The Smart Grid and PrivacyWhat Is the Smart Grid? Changes from Traditional Energy Delivery Smart Grid Possibilities Business Model Transformations Emerging Privacy Risks The Need for Privacy PoliciesPrivacy Laws, Regulations, and Standards Privacy-Enhancing Technologies New Privacy Challenges IOT Big Data What Is the Smart Grid?Market and Regulatory OverviewTraditional Electricity Business SectorThe Electricity Open Market Classifications of Utilities Rate-Making ProcessesElectricity Consumer
-
78 FR 54454 - Open Meeting of the Information Security and Privacy Advisory Board
2013-09-04
... security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...
-
78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board
2013-12-02
... NIST on information security and privacy issues pertaining to federal computer systems. Details... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...
-
Enabling secure and privacy preserving communications in smart grids
Li, Hongwei
2014-01-01
This brief focuses on the current research on security and privacy preservation in smart grids. Along with a review of the existing works, this brief includes fundamental system models, possible frameworks, useful performance, and future research directions. It explores privacy preservation demand response with adaptive key evolution, secure and efficient Merkle tree based authentication, and fine-grained keywords comparison in the smart grid auction market. By examining the current and potential security and privacy threats, the author equips readers to understand the developing issues in sma
-
2013-11-21
... Emergency Management Agency, 500 C Street SW., Washington, DC 20475. For privacy issues please contact... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0077] Privacy Act of..., Privacy Office. ACTION: Notice of Privacy Act System of Records. SUMMARY: In accordance with the Privacy...
-
Rest, J.H.C. van; Boonstra, D.; Everts, M.H.; Rijn, M. van; Paassen, R.J.G. van
2014-01-01
The proposal for a new privacy regulation d.d. January 25th 2012 introduces sanctions of up to 2% of the annual turnover of enterprises. This elevates the importance of mitigation of privacy risks. This paper makes Privacy by Design more concrete, and positions it as the mechanism to mitigate these
-
2011-04-06
... issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer, Privacy Office...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal Emergency Management Agency DHS/FEMA-011 Training and Exercise Program Records System of Records AGENCY: Privacy Office...
-
75 FR 82061 - Notice To Amend an Existing System of Records; Privacy Act of 1974; as Amended
2010-12-29
... or aliens lawfully admitted for permanent residence) are subject to the Privacy Act. This system... requesting notification of the existence of records on himself or herself should send or provide a signed...
-
21 CFR 21.71 - Disclosure of records in Privacy Act Record Systems; accounting required.
2010-04-01
... accounting shall be made, in accordance with paragraph (e) of this section, of any disclosure under paragraph (a) of this section of a record that is not a disclosure under § 21.70. (e) Where an accounting is... of the disclosure. The accounting shall not be considered a Privacy Act Record System. (2) Retain the...
-
2013-07-12
... DEPARTMENT OF EDUCATION Privacy Act of 1974; System of Records--Impact Evaluation of Math... ``Impact Evaluation of Math Professional Development'' (18-13-35). The National Center for Education...-focused math professional development (PD) program on teacher knowledge, teacher practices, and student...
-
Advanced research in data privacy
Torra, Vicenç
2015-01-01
This book provides an overview of the research work on data privacy and privacy enhancing technologies carried by the participants of the ARES project. ARES (Advanced Research in Privacy an Security, CSD2007-00004) has been one of the most important research projects funded by the Spanish Government in the fields of computer security and privacy. It is part of the now extinct CONSOLIDER INGENIO 2010 program, a highly competitive program which aimed to advance knowledge and open new research lines among top Spanish research groups. The project started in 2007 and will finish this 2014. Composed by 6 research groups from 6 different institutions, it has gathered an important number of researchers during its lifetime. Among the work produced by the ARES project, one specific work package has been related to privacy. This books gathers works produced by members of the project related to data privacy and privacy enhancing technologies. The presented works not only summarize important research carried in the proje...
-
2010-11-15
... 20528. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... Secretary 6 CFR Part 5 [Docket No. DHS-2010-0085] Privacy Act of 1974: Implementation of Exemptions... Coordinating Center Records System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed...
-
A privacy protection model to support personal privacy in relational databases.
2008-01-01
The individual of today incessantly insists on more protection of his/her personal privacy than a few years ago. During the last few years, rapid technological advances, especially in the field of information technology, directed most attention and energy to the privacy protection of the Internet user. Research was done and is still being done covering a vast area to protect the privacy of transactions performed on the Internet. However, it was established that almost no research has been don...
-
Internet privacy options for adequate realisation
2013-01-01
A thorough multidisciplinary analysis of various perspectives on internet privacy was published as the first volume of a study, revealing the results of the achatech project "Internet Privacy - A Culture of Privacy and Trust on the Internet." The second publication from this project presents integrated, interdisciplinary options for improving privacy on the Internet utilising a normative, value-oriented approach. The ways in which privacy promotes and preconditions fundamental societal values and how privacy violations endanger the flourishing of said values are exemplified. The conditions which must be fulfilled in order to achieve a culture of privacy and trust on the internet are illuminated. This volume presents options for policy-makers, educators, businesses and technology experts how to facilitate solutions for more privacy on the Internet and identifies further research requirements in this area.
-
Hawk, Skyler T; Keijsers, Loes; Hale, William W; Meeus, Wim
2009-08-01
Privacy coordination between adolescents and their parents is difficult, as adolescents' changing roles require adjustments to expectations about family boundaries. Adolescents' perceptions of privacy invasion likely provoke conflicts with parents, but higher levels of conflict may also foster invasion perceptions. This longitudinal study assessed relations between privacy invasion and conflict frequency among adolescents, mothers, and fathers (N = 309). Bidirectional relations were present; all reports showed that invasion provoked conflict in later adolescence, but the timing and direction of conflict-to-invasion relations differed between respondents and measurement waves. The findings suggest a functional role for conflict in adolescent-parent privacy negotiations, in that it both draws attention to discrepant expectations and provides youths with a means of directly managing perceived boundary violations. (PsycINFO Database Record (c) 2009 APA, all rights reserved).
-
Model-driven Privacy Assessment in the Smart Grid
Energy Technology Data Exchange (ETDEWEB)
Knirsch, Fabian [Salzburg Univ. (Austria); Engel, Dominik [Salzburg Univ. (Austria); Neureiter, Christian [Salzburg Univ. (Austria); Frincu, Marc [Univ. of Southern California, Los Angeles, CA (United States); Prasanna, Viktor [Univ. of Southern California, Los Angeles, CA (United States)
2015-02-09
In a smart grid, data and information are transported, transmitted, stored, and processed with various stakeholders having to cooperate effectively. Furthermore, personal data is the key to many smart grid applications and therefore privacy impacts have to be taken into account. For an effective smart grid, well integrated solutions are crucial and for achieving a high degree of customer acceptance, privacy should already be considered at design time of the system. To assist system engineers in early design phase, frameworks for the automated privacy evaluation of use cases are important. For evaluation, use cases for services and software architectures need to be formally captured in a standardized and commonly understood manner. In order to ensure this common understanding for all kinds of stakeholders, reference models have recently been developed. In this paper we present a model-driven approach for the automated assessment of such services and software architectures in the smart grid that builds on the standardized reference models. The focus of qualitative and quantitative evaluation is on privacy. For evaluation, the framework draws on use cases from the University of Southern California microgrid.
-
75 FR 33608 - Privacy Act of 1974; System of Records
2010-06-14
...In accordance with the Privacy Act of 1974, as amended (Privacy Act), the Department of Education (Department) publishes this notice proposing to revise the system of records notice for the Investigative Files of the Inspector General (18-10-01), 68 FR 38154 (June 26, 2003). The Department proposes to amend this system of records notice by: (1) Adding a new routine use to allow reporting on the activities of the Inspector General regarding American Recovery and Reinvestment Act funds to the Recovery Accountability and Transparency Board (RATB) as established by the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5); (2) adding a new routine use to allow for disclosure of information in connection with response and remedial efforts in the event of a data breach in accordance with Office of Management and Budget (OMB) requirements in M-07-16 (May 22, 2007); (3) revising routine uses ``(12) Disclosure to the President's Council on Integrity and Efficiency'' and ``(13) Disclosure for Qualitative Assessment Reviews'' to allow reporting on the activities of the Inspector General to the Council of Inspectors General on Integrity and Efficiency (formerly the President's Council on Integrity and Efficiency) as established by the Inspector General Reform Act of 2008 (Pub. L. 110-409); (4) revising the routine use ``(4) Disclosure to Public and Private Sources in Connection with the Higher Education Act of 1965, as Amended (HEA)'' to allow the disclosure of information to an educational institution or a school that is or was a party to an agreement with the Secretary of Education pursuant to the HEA; and (5) updating the system location addresses. This system of records provides essential support for investigative activities of the Office of Inspector General (OIG) relating to the Department's programs and operations, enabling the OIG to secure and maintain the necessary information and to coordinate with other law enforcement agencies as appropriate.
-
Cognitive Privacy for Personal Clouds
Directory of Open Access Journals (Sweden)
Milena Radenkovic
2016-01-01
Full Text Available This paper proposes a novel Cognitive Privacy (CogPriv framework that improves privacy of data sharing between Personal Clouds for different application types and across heterogeneous networks. Depending on the behaviour of neighbouring network nodes, their estimated privacy levels, resource availability, and social network connectivity, each Personal Cloud may decide to use different transmission network for different types of data and privacy requirements. CogPriv is fully distributed, uses complex graph contacts analytics and multiple implicit novel heuristics, and combines these with smart probing to identify presence and behaviour of privacy compromising nodes in the network. Based on sensed local context and through cooperation with remote nodes in the network, CogPriv is able to transparently and on-the-fly change the network in order to avoid transmissions when privacy may be compromised. We show that CogPriv achieves higher end-to-end privacy levels compared to both noncognitive cellular network communication and state-of-the-art strategies based on privacy-aware adaptive social mobile networks routing for a range of experiment scenarios based on real-world user and network traces. CogPriv is able to adapt to varying network connectivity and maintain high quality of service while managing to keep low data exposure for a wide range of privacy leakage levels in the infrastructure.
-
2012-08-15
... DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT [Docket No. FR-5613-N-06-A] Privacy Act of 1974; New System of Records, Office of General Counsel E-Discovery Management System--Change in Final Effective... the OGC E-Discovery Management System until after the opportunity for further comment is provided to...
-
Security and privacy of EHR systems--ethical, social and legal requirements.
Kluge, Eike-Henner W
2003-01-01
This paper addresses social, ethical and legal concerns about security and privacy that arise in the development of international interoperable health information systems. The paper deals with these concerns under four rubrics: the ethical status of electronic health records, the social and legal embedding of interoperable health information systems, the overall information-requirements healthcare as such, and the role of health information professionals as facilitators. It argues that the concerns that arise can be met if the development of interoperability protocols is guided by the seven basic principles of information ethics that have been enunciated in the IMIA Code of Ethics for Health Information Professionals and that are central to the ethical treatment of electronic health records.
-
A PhD abstract presentation on Personal Information Privacy System based on Proactive Design
DEFF Research Database (Denmark)
Dhotre, Prashant Shantaram; Olesen, Henning
2014-01-01
providers and websites collects and make an extensive use of personal information. Using different Big Data methods and techniques the knowledge and patterns are generated or extracted from the data. This will lead to a serious problem to privacy breach. Hence, there is a need of embedding privacy...... in the design phase will be the basic principle on which the data security can be provided, and the privacy will be protected. This will give more control and power to user over personal information....
-
DEFF Research Database (Denmark)
he huge potential in future connected services has as a precondition that privacy and security needs are dealt with in order for new services to be accepted. This issue is increasingly on the agenda both at the company and at individual level. Cybersecurity and Privacy – bridging the gap addresses...... two very complex fields of the digital world, i.e., Cybersecurity and Privacy. These multifaceted, multidisciplinary and complex issues are usually understood and valued differently by different individuals, data holders and legal bodies. But a change in one field immediately affects the others....... Policies, frameworks, strategies, laws, tools, techniques, and technologies – all of these are tightly interwoven when it comes to security and privacy. This book is another attempt to bridge the gap between the industry and academia. The book addresses the views from academia and industry on the subject...
-
DEFF Research Database (Denmark)
Sørensen, Lene Tolstrup; Sørensen, Jannick Kirk; Khajuria, Samant
Data brokers have become central players in the collection online of private user data. Data brokers’ activities are however not very transparent or even known by users. Many users regard privacy a central element when they use online services. Based on 12 short interviews with users, this paper...... analyses how users perceive the concept of online privacy in respect to data brokers col- lection of private data, and particularly novel services that offer users the possi- bility to sell their private data. Two groups of users are identified: Those who are considering selling their data under specific...... conditions, and those who reject the idea completely. Based on the literature we identify two positions to privacy either as an instrumental good, or as an intrinsic good. The paper positions vari- ous user perceptions on privacy that are relevant for future service develop- ment....
-
A framework to preserve the privacy of electronic health data streams.
Kim, Soohyung; Sung, Min Kyoung; Chung, Yon Dohn
2014-08-01
The anonymization of health data streams is important to protect these data against potential privacy breaches. A large number of research studies aiming at offering privacy in the context of data streams has been recently conducted. However, the techniques that have been proposed in these studies generate a significant delay during the anonymization process, since they concentrate on applying existing privacy models (e.g., k-anonymity and l-diversity) to batches of data extracted from data streams in a period of time. In this paper, we present delay-free anonymization, a framework for preserving the privacy of electronic health data streams. Unlike existing works, our method does not generate an accumulation delay, since input streams are anonymized immediately with counterfeit values. We further devise late validation for increasing the data utility of the anonymization results and managing the counterfeit values. Through experiments, we show the efficiency and effectiveness of the proposed method for the real-time release of data streams. Copyright © 2014 Elsevier Inc. All rights reserved.
-
Privacy versus care--The shifting balance in mental health.
Mork, Mary Jean; Price, Steven; Best, Kathryn
2016-03-01
Mental health professionals are now debating client confidentiality and its relationship to care coordination. History tells us there is a need to protect the privacy of people who are diagnosed with mental health issues in a world filled with stigma and misperceptions. People with mental illness and substance use problems may be legitimately concerned that employers, insurance companies, financial institutions, medical practices, and educational institutions could use their health information to discriminate against them, often without their knowledge. The protection of jobs and health information is a real, justifiable benefit of privacy legislation. However, there are also a host of negative consequences, including fragmented health care, lack of prevention, uninformed families, and even early death, because of a lack of coordination with medical treatment. The legal situation can be very confusing, but the upshot is that we are shifting from an environment of strict confidentiality to one of better care coordination. In short, we are moving toward a system that allows for better coordination because it improves the quality of care for our clients. At the policy level, we must lead the change process and actively support the revision and reinterpretation of existing laws and regulations. These changes will require earning the trust of the people being served. Many are wary, and some even scared, of their perceived loss of privacy. Health-care professionals must commit to the concept of coordinating care, making communication about shared care plans a priority. (PsycINFO Database Record (c) 2016 APA, all rights reserved).
-
Reservation system with graphical user interface
Mohamed, Mahmoud A. Abdelhamid; Jamjoom, Hani T.; Podlaseck, Mark E.; Qu, Huiming; Shae, Zon-Yin; Sheopuri, Anshul
2012-01-01
Techniques for providing a reservation system are provided. The techniques include displaying a scalable visualization object, wherein the scalable visualization object comprises an expanded view element of the reservation system depicting
-
δ-dependency for privacy-preserving XML data publishing.
Landberg, Anders H; Nguyen, Kinh; Pardede, Eric; Rahayu, J Wenny
2014-08-01
An ever increasing amount of medical data such as electronic health records, is being collected, stored, shared and managed in large online health information systems and electronic medical record systems (EMR) (Williams et al., 2001; Virtanen, 2009; Huang and Liou, 2007) [1-3]. From such rich collections, data is often published in the form of census and statistical data sets for the purpose of knowledge sharing and enabling medical research. This brings with it an increasing need for protecting individual people privacy, and it becomes an issue of great importance especially when information about patients is exposed to the public. While the concept of data privacy has been comprehensively studied for relational data, models and algorithms addressing the distinct differences and complex structure of XML data are yet to be explored. Currently, the common compromise method is to convert private XML data into relational data for publication. This ad hoc approach results in significant loss of useful semantic information previously carried in the private XML data. Health data often has very complex structure, which is best expressed in XML. In fact, XML is the standard format for exchanging (e.g. HL7 version 3(1)) and publishing health information. Lack of means to deal directly with data in XML format is inevitably a serious drawback. In this paper we propose a novel privacy protection model for XML, and an algorithm for implementing this model. We provide general rules, both for transforming a private XML schema into a published XML schema, and for mapping private XML data to the new privacy-protected published XML data. In addition, we propose a new privacy property, δ-dependency, which can be applied to both relational and XML data, and that takes into consideration the hierarchical nature of sensitive data (as opposed to "quasi-identifiers"). Lastly, we provide an implementation of our model, algorithm and privacy property, and perform an experimental analysis
-
2010-02-23
... privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The History of the Department of Homeland Security System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...
-
Model-based Assessment for Balancing Privacy Requirements and Operational Capabilities
Energy Technology Data Exchange (ETDEWEB)
Knirsch, Fabian [Salzburg Univ. (Austria); Engel, Dominik [Salzburg Univ. (Austria); Frincu, Marc [Univ. of Southern California, Los Angeles, CA (United States); Prasanna, Viktor [Univ. of Southern California, Los Angeles, CA (United States)
2015-02-17
The smart grid changes the way energy is produced and distributed. In addition both, energy and information is exchanged bidirectionally among participating parties. Therefore heterogeneous systems have to cooperate effectively in order to achieve a common high-level use case, such as smart metering for billing or demand response for load curtailment. Furthermore, a substantial amount of personal data is often needed for achieving that goal. Capturing and processing personal data in the smart grid increases customer concerns about privacy and in addition, certain statutory and operational requirements regarding privacy aware data processing and storage have to be met. An increase of privacy constraints, however, often limits the operational capabilities of the system. In this paper, we present an approach that automates the process of finding an optimal balance between privacy requirements and operational requirements in a smart grid use case and application scenario. This is achieved by formally describing use cases in an abstract model and by finding an algorithm that determines the optimum balance by forward mapping privacy and operational impacts. For this optimal balancing algorithm both, a numeric approximation and – if feasible – an analytic assessment are presented and investigated. The system is evaluated by applying the tool to a real-world use case from the University of Southern California (USC) microgrid.
-
2010-03-10
... 20472. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management Agency System of Records AGENCY: Privacy Office...
-
Privacy Enforcement in a Cost-Effective Smart Grid
DEFF Research Database (Denmark)
Mikkelsen, Søren Aagaard
In this technical report we present the current state of the research conducted during the first part of the PhD period. The PhD thesis “Privacy Enforcement in a Cost-Effective Smart Grid” focuses on ensuring privacy when generating market for energy service providers that develop web services...... for the residential domain in the envisaged smart grid. The PhD project is funded and associated to the EU project “Energy Demand Aware Open Services for Smart Grid Intelligent Automation” (Smart HG) and therefore introduces the project on a system-level. Based on this, we present some of the integration, security...... and privacy challenges that emerge when designing a system architecture and infrastructure. The resulting architecture is a consumer-centric and agent-based design and uses open Internet-based communication protocols for enabling interoperability while being cost-effective. Finally, the PhD report present...
-
Privacy and Data-Based Research
Ori Heffetz; Katrina Ligett
2013-01-01
What can we, as users of microdata, formally guarantee to the individuals (or firms) in our dataset, regarding their privacy? We retell a few stories, well-known in data-privacy circles, of failed anonymization attempts in publicly released datasets. We then provide a mostly informal introduction to several ideas from the literature on differential privacy, an active literature in computer science that studies formal approaches to preserving the privacy of individuals in statistical databases...
-
2011-09-23
... CENTRAL INTELLIGENCE AGENCY 32 CFR Part 1901 Privacy Act AGENCY: Central Intelligence Agency. ACTION: Proposed rule. SUMMARY: Consistent with the Privacy Act (PA), the Central Intelligence Agency...-1379. SUPPLEMENTARY INFORMATION: Consistent with the Privacy Act (PA), the CIA has undertaken and...
-
76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board
2011-06-14
... Commerce and the Director of NIST on security and privacy issues pertaining to federal computer systems... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Department of Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...
-
A secure data privacy preservation for on-demand
Directory of Open Access Journals (Sweden)
Dhasarathan Chandramohan
2017-04-01
Full Text Available This paper spotlights privacy and its obfuscation issues of intellectual, confidential information owned by insurance and finance sectors. Privacy risk in business era if authoritarians misuse secret information. Software interruptions in steeling digital data in the name of third party services. Liability in digital secrecy for the business continuity isolation, mishandling causing privacy breaching the vicinity and its preventive phenomenon is scrupulous in the cloud, where a huge amount of data is stored and maintained enormously. In this developing IT-world toward cloud, users privacy protection is becoming a big question , albeit cloud computing made changes in the computing field by increasing its effectiveness, efficiency and optimization of the service environment etc, cloud users data and their identity, reliability, maintainability and privacy may vary for different CPs (cloud providers. CP ensures that the user’s proprietary information is maintained more secretly with current technologies. More remarkable occurrence is even the cloud provider does not have suggestions regarding the information and the digital data stored and maintained globally anywhere in the cloud. The proposed system is one of the obligatory research issues in cloud computing. We came forward by proposing the Privacy Preserving Model to Prevent Digital Data Loss in the Cloud (PPM–DDLC. This proposal helps the CR (cloud requester/users to trust their proprietary information and data stored in the cloud.
-
Internet of Cloud: Security and Privacy issues
Cook, Allan; Robinson, Michael; Ferrag, Mohamed Amine; Maglaras, Leandros A.; He, Ying; Jones, Kevin; Janicke, Helge
2017-01-01
The synergy between the cloud and the IoT has emerged largely due to the cloud having attributes which directly benefit the IoT and enable its continued growth. IoT adopting Cloud services has brought new security challenges. In this book chapter, we pursue two main goals: 1) to analyse the different components of Cloud computing and the IoT and 2) to present security and privacy problems that these systems face. We thoroughly investigate current security and privacy preservation solutions th...
-
2010-02-23
... Policy, U.S. Department of Homeland Security, Washington, DC 20528. For privacy issues please contact... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0040] Privacy Act of... System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY...
-
Beckstrom, Matthew
2015-01-01
In a world where almost anyone with computer savvy can hack, track, and record the online activities of others, your library can serve as a protected haven for your visitors who rely on the Internet to conduct research-if you take the necessary steps to safeguard their privacy. This book shows you how to protect patrons' privacy while using the technology that your library provides, including public computers, Internet access, wireless networks, and other devices. Logically organized into two major sections, the first part of the book discusses why the privacy of your users is of paramount
-
Bridging the transatlantic divide in privacy
Directory of Open Access Journals (Sweden)
Paula Kift
2013-08-01
Full Text Available In the context of the US National Security Agency surveillance scandal, the transatlantic privacy divide has come back to the fore. In the United States, the right to privacy is primarily understood as a right to physical privacy, thus the protection from unwarranted government searches and seizures. In Germany on the other hand, it is also understood as a right to spiritual privacy, thus the right of citizens to develop into autonomous moral agents. The following article will discuss the different constitutional assumptions that underlie American and German attitudes towards privacy, namely privacy as an aspect of liberty or as an aspect of dignity. As data flows defy jurisdictional boundaries, however, policymakers across the Atlantic are faced with a conundrum: how can German and American privacy cultures be reconciled?
-
Shen, Qinghua; Liang, Xiaohui; Shen, Xuemin; Lin, Xiaodong; Luo, Henry Y
2014-03-01
In this paper, we propose an e-health monitoring system with minimum service delay and privacy preservation by exploiting geo-distributed clouds. In the system, the resource allocation scheme enables the distributed cloud servers to cooperatively assign the servers to the requested users under the load balance condition. Thus, the service delay for users is minimized. In addition, a traffic-shaping algorithm is proposed. The traffic-shaping algorithm converts the user health data traffic to the nonhealth data traffic such that the capability of traffic analysis attacks is largely reduced. Through the numerical analysis, we show the efficiency of the proposed traffic-shaping algorithm in terms of service delay and privacy preservation. Furthermore, through the simulations, we demonstrate that the proposed resource allocation scheme significantly reduces the service delay compared to two other alternatives using jointly the short queue and distributed control law.
-
Privacy-Preserving Electrocardiogram Monitoring for Intelligent Arrhythmia Detection.
Son, Junggab; Park, Juyoung; Oh, Heekuck; Bhuiyan, Md Zakirul Alam; Hur, Junbeom; Kang, Kyungtae
2017-06-12
Long-term electrocardiogram (ECG) monitoring, as a representative application of cyber-physical systems, facilitates the early detection of arrhythmia. A considerable number of previous studies has explored monitoring techniques and the automated analysis of sensing data. However, ensuring patient privacy or confidentiality has not been a primary concern in ECG monitoring. First, we propose an intelligent heart monitoring system, which involves a patient-worn ECG sensor (e.g., a smartphone) and a remote monitoring station, as well as a decision support server that interconnects these components. The decision support server analyzes the heart activity, using the Pan-Tompkins algorithm to detect heartbeats and a decision tree to classify them. Our system protects sensing data and user privacy, which is an essential attribute of dependability, by adopting signal scrambling and anonymous identity schemes. We also employ a public key cryptosystem to enable secure communication between the entities. Simulations using data from the MIT-BIH arrhythmia database demonstrate that our system achieves a 95.74% success rate in heartbeat detection and almost a 96.63% accuracy in heartbeat classification, while successfully preserving privacy and securing communications among the involved entities.
-
2011-03-08
... 20528. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0055] Privacy Act of... Operations Center Tracker and Senior Watch Officer Logs System of Records AGENCY: Privacy Office, DHS. ACTION...
-
2011-03-08
... 20528. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer... Secretary 6 CFR Part 5 [Docket No. DHS-2010-0051] Privacy Act of 1974: Implementation of Exemptions... Center Tracker and Senior Watch Officer Logs System of Records AGENCY: Privacy Office, DHS. ACTION...
-
2010-08-18
... INFORMATION CONTACT: For general questions and privacy issues please contact: Mary Ellen Callahan (703-235...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--001 Freedom of Information Act and Privacy Act Records System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule...
-
Adding query privacy to robust DHTs
DEFF Research Database (Denmark)
Backes, Michael; Goldberg, Ian; Kate, Aniket
2012-01-01
intermediate peers that (help to) route the queries towards their destinations. In this paper, we satisfy this requirement by presenting an approach for providing privacy for the keys in DHT queries. We use the concept of oblivious transfer (OT) in communication over DHTs to preserve query privacy without...... privacy over robust DHTs. Finally, we compare the performance of our privacy-preserving protocols with their more privacy-invasive counterparts. We observe that there is no increase in the message complexity...
-
Dekker, M.A.C.; Etalle, Sandro; den Hartog, Jeremy
Privacy is a prime concern in today's information society. To protect the privacy of individuals, enterprises must follow certain privacy practices, while collecting or processing personal data. In this chapter we look at the setting where an enterprise collects private data on its website,
-
Lavagnino, Merri Beth
2013-01-01
Why is Information Privacy the focus of the January-February 2013 issue of "EDUCAUSE Review" and "EDUCAUSE Review Online"? Results from the 2012 annual survey of the International Association of Privacy Professionals (IAPP) indicate that "meeting regulatory compliance requirements continues to be the top perceived driver…
-
2011-11-02
... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0102] Privacy Act of... Data System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to...
-
Efficient task assignment in spatial crowdsourcing with worker and task privacy protection
Liu, An
2017-08-01
Spatial crowdsourcing (SC) outsources tasks to a set of workers who are required to physically move to specified locations and accomplish tasks. Recently, it is emerging as a promising tool for emergency management, as it enables efficient and cost-effective collection of critical information in emergency such as earthquakes, when search and rescue survivors in potential ares are required. However in current SC systems, task locations and worker locations are all exposed in public without any privacy protection. SC systems if attacked thus have penitential risk of privacy leakage. In this paper, we propose a protocol for protecting the privacy for both workers and task requesters while maintaining the functionality of SC systems. The proposed protocol is built on partially homomorphic encryption schemes, and can efficiently realize complex operations required during task assignment over encrypted data through a well-designed computation strategy. We prove that the proposed protocol is privacy-preserving against semi-honest adversaries. Simulation on two real-world datasets shows that the proposed protocol is more effective than existing solutions and can achieve mutual privacy-preserving with acceptable computation and communication cost.
-
A Survey of Privacy on Data Integration
Do Son, Thanh
2015-01-01
This survey is an integrated view of other surveys on privacy preserving for data integration. First, we review the database context and challenges and research questions. Second, we formulate the privacy problems for schema matching and data matching. Next, we introduce the elements of privacy models. Then, we summarize the existing privacy techniques and the analysis (proofs) of privacy guarantees. Finally, we describe the privacy frameworks and their applications.
-
Ensuring the security and privacy of information in mobile health-care communication systems
Adesina, Ademola O.; Agbele, Kehinde K.; Februarie, Ronald; Abidoye, Ademola P.; Nyongesa, Henry O.
2011-01-01
The sensitivity of health-care information and its accessibility via the Internet and mobile technology systems is a cause for concern in these modern times. The privacy, integrity and confidentiality of a patient’s data are key factors to be considered in the transmission of medical information for use by authorised health-care personnel. Mobile communication has enabled medical consultancy, treatment, drug administration and the provision of laboratory results to take place outside the hosp...
-
Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan.
Sahi, Aqeel; Lai, David; Li, Yan
2016-11-01
Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. Copyright © 2016 Elsevier Ltd. All rights reserved.
-
Privacy in social networking sites
Λεονάρδος, Γεώργιος; Leonardos, Giorgos
2016-01-01
The purpose of this study is to explore the aspects of privacy over the use of social networks web sites. More specific, we will show the types of social networks, their privacy mechanisms that are different in each social network site, their privacy options that are offered to users. We will report some serious privacy violations incidents of the most popular social networks sites such as Facebook, Twitter, LinkedIn. Also, we will report some important surveys about social networks and pr...
-
Location-Related Privacy in Geo-Social Networks
DEFF Research Database (Denmark)
Ruiz Vicente, Carmen; Freni, Dario; Bettini, Claudio
2011-01-01
-ins." However, this ability to reveal users' locations causes new privacy threats, which in turn call for new privacy-protection methods. The authors study four privacy aspects central to these social networks - location, absence, co-location, and identity privacy - and describe possible means of protecting...... privacy in these circumstances....
-
2013-04-01
... reported under that notice. FOR FURTHER INFORMATION CONTACT: The Chief Privacy Officer, 451 Seventh Street...). (This is not a toll-free number.) A telecommunication device for hearing- and speech-impaired... of General Routine Uses inadvertently reported repeated information that HUD proposes to exclude from...
-
PRIVACY AS A CULTURAL PHENOMENON
Directory of Open Access Journals (Sweden)
Garfield Benjamin
2017-07-01
Full Text Available Privacy remains both contentious and ever more pertinent in contemporary society. Yet it persists as an ill-defined term, not only within specific fields but in its various uses and implications between and across technical, legal and political contexts. This article offers a new critical review of the history of privacy in terms of two dominant strands of thinking: freedom and property. These two conceptions of privacy can be seen as successive historical epochs brought together under digital technologies, yielding increasingly complex socio-technical dilemmas. By simplifying the taxonomy to its socio-cultural function, the article provides a generalisable, interdisciplinary approach to privacy. Drawing on new technologies, historical trends, sociological studies and political philosophy, the article presents a discussion of the value of privacy as a term, before proposing a defense of the term cyber security as a mode of scalable cognitive privacy that integrates the relative needs of individuals, governments and corporations.
-
Privacy-preserving smart meter control strategy including energy storage losses
Avula, Chinni Venkata Ramana R.; Oechtering, Tobias J.; Månsson, Daniel
2018-01-01
Privacy-preserving smart meter control strategies proposed in the literature so far make some ideal assumptions such as instantaneous control without delay, lossless energy storage systems etc. In this paper, we present a one-step-ahead predictive control strategy using Bayesian risk to measure and control privacy leakage with an energy storage system. The controller estimates energy state using a three-circuit energy storage model to account for steady-state energy losses. With numerical exp...
-
An Effective Grouping Method for Privacy-Preserving Bike Sharing Data Publishing
Directory of Open Access Journals (Sweden)
A S M Touhidul Hasan
2017-10-01
Full Text Available Bike sharing programs are eco-friendly transportation systems that are widespread in smart city environments. In this paper, we study the problem of privacy-preserving bike sharing microdata publishing. Bike sharing systems collect visiting information along with user identity and make it public by removing the user identity. Even after excluding user identification, the published bike sharing dataset will not be protected against privacy disclosure risks. An adversary may arrange published datasets based on bike’s visiting information to breach a user’s privacy. In this paper, we propose a grouping based anonymization method to protect published bike sharing dataset from linking attacks. The proposed Grouping method ensures that the published bike sharing microdata will be protected from disclosure risks. Experimental results show that our approach can protect user privacy in the released datasets from disclosure risks and can keep more data utility compared with existing methods.
-
Security and privacy in cyber-physical systems foundations, principles, and applications
Song, Houbing; Jeschke, Sabina
2017-01-01
Written by a team of experts at the forefront of the cyber-physical systems (CPS) revolution, this book provides an in-depth look at security and privacy, two of the most critical challenges facing both the CPS research and development community and ICT professionals. It explores, in depth, the key technical, social, and legal issues at stake, and it provides readers with the information they need to advance research and development in this exciting area. Cyber-physical systems (CPS) are engineered systems that are built from, and depend upon the seamless integration of computational algorithms and physical components. Advances in CPS will enable capability, adaptability, scalability, resiliency, safety, security, and usability far in excess of what today's simple embedded systems can provide. Just as the Internet revolutionized the way we interact with information, CPS technology has already begun to transform the way people interact with engineered systems. In the years ahead, smart CPS will drive innovat...
-
77 FR 31371 - Public Workshop: Privacy Compliance Workshop
2012-05-25
... presentations, including the privacy compliance fundamentals, privacy and data security, and the privacy... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Public Workshop: Privacy Compliance... Homeland Security Privacy Office will host a public workshop, ``Privacy Compliance Workshop.'' DATES: The...
-
Publishing data from electronic health records while preserving privacy: a survey of algorithms.
Gkoulalas-Divanis, Aris; Loukides, Grigorios; Sun, Jimeng
2014-08-01
The dissemination of Electronic Health Records (EHRs) can be highly beneficial for a range of medical studies, spanning from clinical trials to epidemic control studies, but it must be performed in a way that preserves patients' privacy. This is not straightforward, because the disseminated data need to be protected against several privacy threats, while remaining useful for subsequent analysis tasks. In this work, we present a survey of algorithms that have been proposed for publishing structured patient data, in a privacy-preserving way. We review more than 45 algorithms, derive insights on their operation, and highlight their advantages and disadvantages. We also provide a discussion of some promising directions for future research in this area. Copyright © 2014 Elsevier Inc. All rights reserved.
-
McCreary, Lew
2008-10-01
Why is that question in the past tense? Because individuals can no longer feel confident that the details of their lives--from identifying numbers to cultural preferences--will be treated with discretion rather than exploited. Even as Facebook users happily share the names of their favorite books, movies, songs, and brands, they often regard marketers' use of that information as an invasion of privacy. In this wide-ranging essay, McCreary, a senior editor at HBR, examines numerous facets of the privacy issue, from Google searches, public shaming on the internet, and cell phone etiquette to passenger screening devices, public surveillance cameras, and corporate chief privacy officers. He notes that IBM has been a leader on privacy; its policy forswearing the use of employees' genetic information in hiring and benefits decisions predated the federal Genetic Information Nondiscrimination Act by three years. Now IBM is involved in an open-source project known as Higgins to provide users with transportable, potentially anonymous online presences. Craigslist, whose CEO calls it "as close to 100% user driven as you can get," has taken an extremely conservative position on privacy--perhaps easier for a company with a declared lack of interest in maximizing revenue. But TJX and other corporate victims of security breaches have discovered that retaining consumers' transaction information can be both costly and risky. Companies that underestimate the importance of privacy to their customers or fail to protect it may eventually face harsh regulation, reputational damage, or both. The best thing they can do, says the author, is negotiate directly with those customers over where to draw the line.
-
Privacy Expectations in Online Contexts
Pure, Rebekah Abigail
2013-01-01
Advances in digital networked communication technology over the last two decades have brought the issue of personal privacy into sharper focus within contemporary public discourse. In this dissertation, I explain the Fourth Amendment and the role that privacy expectations play in the constitutional protection of personal privacy generally, and…
-
Online Tracking Technologies and Web Privacy:Technologieën voor Online volgen en Web Privacy
Acar, Mustafa Gunes Can
2017-01-01
In my PhD thesis, I would like to study the problem of online privacy with a focus on Web and mobile applications. Key research questions to be addressed by my study are the following: How can we formalize and quantify web tracking? What are the threats presented against privacy by different tracking techniques such as browser fingerprinting and cookie based tracking? What kind of privacy enhancing technologies (PET) can be used to ensure privacy without degrading service quality? The stud...
-
75 FR 5604 - Privacy Act of 1974; Report of an Altered System of Records
2010-02-03
... DEPARTMENT OF HEALTH AND HUMAN SERVICES Health Resources and Services Administration Privacy Act...). SUMMARY: In accordance with the requirements of the Privacy Act of 1974, the Health Resources and Services... to include breach notification language required by Memoranda (M) 07-16, Safeguarding Against and...
-
78 FR 23811 - Privacy Act of 1974; Proposed New Routine Uses and System of Records Alterations
2013-04-22
... Commissioner of Social Security, and, (c) Investigating issues of fraud or violations of civil rights by... property interests, risk of identity theft or fraud, or harm to the security or integrity of this system or... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2013-0015] Privacy Act of 1974; Proposed New...
-
Is Electronic Privacy Achievable?
National Research Council Canada - National Science Library
Irvine, Cynthia E; Levin, Timothy E
2000-01-01
... individuals. The purpose of this panel was to focus on how new technologies are affecting privacy. Technologies that might adversely affect privacy were identified by Rein Turn at previous symposia...
-
2012-11-27
... 20598-6036; email: [email protected] . For privacy issues please contact: Jonathan Cantor, (202-343... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...
-
2012-11-27
..., VA 20598-6036; email: [email protected] . For privacy issues please contact: Jonathan R. Cantor... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...
-
77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board
2012-09-25
... privacy issues pertaining to federal computer systems. Details regarding the ISPAB's activities are... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...
-
78 FR 25254 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board
2013-04-30
... information security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...
-
Scalable privacy-preserving data sharing methodology for genome-wide association studies.
Yu, Fei; Fienberg, Stephen E; Slavković, Aleksandra B; Uhler, Caroline
2014-08-01
The protection of privacy of individual-level information in genome-wide association study (GWAS) databases has been a major concern of researchers following the publication of "an attack" on GWAS data by Homer et al. (2008). Traditional statistical methods for confidentiality and privacy protection of statistical databases do not scale well to deal with GWAS data, especially in terms of guarantees regarding protection from linkage to external information. The more recent concept of differential privacy, introduced by the cryptographic community, is an approach that provides a rigorous definition of privacy with meaningful privacy guarantees in the presence of arbitrary external information, although the guarantees may come at a serious price in terms of data utility. Building on such notions, Uhler et al. (2013) proposed new methods to release aggregate GWAS data without compromising an individual's privacy. We extend the methods developed in Uhler et al. (2013) for releasing differentially-private χ(2)-statistics by allowing for arbitrary number of cases and controls, and for releasing differentially-private allelic test statistics. We also provide a new interpretation by assuming the controls' data are known, which is a realistic assumption because some GWAS use publicly available data as controls. We assess the performance of the proposed methods through a risk-utility analysis on a real data set consisting of DNA samples collected by the Wellcome Trust Case Control Consortium and compare the methods with the differentially-private release mechanism proposed by Johnson and Shmatikov (2013). Copyright © 2014 Elsevier Inc. All rights reserved.
-
Privacy-preserving record linkage on large real world datasets.
Randall, Sean M; Ferrante, Anna M; Boyd, James H; Bauer, Jacqueline K; Semmens, James B
2014-08-01
Record linkage typically involves the use of dedicated linkage units who are supplied with personally identifying information to determine individuals from within and across datasets. The personally identifying information supplied to linkage units is separated from clinical information prior to release by data custodians. While this substantially reduces the risk of disclosure of sensitive information, some residual risks still exist and remain a concern for some custodians. In this paper we trial a method of record linkage which reduces privacy risk still further on large real world administrative data. The method uses encrypted personal identifying information (bloom filters) in a probability-based linkage framework. The privacy preserving linkage method was tested on ten years of New South Wales (NSW) and Western Australian (WA) hospital admissions data, comprising in total over 26 million records. No difference in linkage quality was found when the results were compared to traditional probabilistic methods using full unencrypted personal identifiers. This presents as a possible means of reducing privacy risks related to record linkage in population level research studies. It is hoped that through adaptations of this method or similar privacy preserving methods, risks related to information disclosure can be reduced so that the benefits of linked research taking place can be fully realised. Copyright © 2013 Elsevier Inc. All rights reserved.
-
Control use of data to protect privacy.
Landau, Susan
2015-01-30
Massive data collection by businesses and governments calls into question traditional methods for protecting privacy, underpinned by two core principles: (i) notice, that there should be no data collection system whose existence is secret, and (ii) consent, that data collected for one purpose not be used for another without user permission. But notice, designated as a fundamental privacy principle in a different era, makes little sense in situations where collection consists of lots and lots of small amounts of information, whereas consent is no longer realistic, given the complexity and number of decisions that must be made. Thus, efforts to protect privacy by controlling use of data are gaining more attention. I discuss relevant technology, policy, and law, as well as some examples that can illuminate the way. Copyright © 2015, American Association for the Advancement of Science.
-
75 FR 65007 - Privacy Act of 1974; System of Records
2010-10-21
... Officer, P.O. Box 2218, Waldorf, MD 20604-2218. Individuals should complete AFOSI's Certification of... of Information/Privacy Act Officer, P.O. Box 2218, Waldorf, MD 20604-2218. Individuals should...
-
Privacy driven internet ecosystem
Trinh, Tuan Anh; Gyarmati, Laszlo
2012-01-01
The dominant business model of today's Internet is built upon advertisements; users can access Internet services while the providers show ads to them. Although significant efforts have been made to model and analyze the economic aspects of this ecosystem, the heart of the current status quo, namely privacy, has not received the attention of the research community yet. Accordingly, we propose an economic model of the privacy driven Internet ecosystem where privacy is handled as an asset that c...
-
Adding Query Privacy to Robust DHTs
DEFF Research Database (Denmark)
Backes, Michael; Goldberg, Ian; Kate, Aniket
2011-01-01
intermediate peers that (help to) route the queries towards their destinations. In this paper, we satisfy this requirement by presenting an approach for providing privacy for the keys in DHT queries. We use the concept of oblivious transfer (OT) in communication over DHTs to preserve query privacy without...... of obtaining query privacy over robust DHTs. Finally, we compare the performance of our privacy-preserving protocols with their more privacy-invasive counterparts. We observe that there is no increase in the message complexity and only a small overhead in the computational complexity....
-
Health information: reconciling personal privacy with the public good of human health.
Gostin, L O
2001-01-01
The success of the health care system depends on the accuracy, correctness and trustworthiness of the information, and the privacy rights of individuals to control the disclosure of personal information. A national policy on health informational privacy should be guided by ethical principles that respect individual autonomy while recognizing the important collective interests in the use of health information. At present there are no adequate laws or constitutional principles to help guide a rational privacy policy. The laws are scattered and fragmented across the states. Constitutional law is highly general, without important specific safeguards. Finally, a case study is provided showing the important trade-offs that exist between public health and privacy. For a model public health law, see www.critpath.org/msphpa/privacy.
-
Data security breaches and privacy in Europe
Wong, Rebecca
2013-01-01
Data Security Breaches and Privacy in Europe aims to consider data protection and cybersecurity issues; more specifically, it aims to provide a fruitful discussion on data security breaches. A detailed analysis of the European Data Protection framework will be examined. In particular, the Data Protection Directive 95/45/EC, the Directive on Privacy and Electronic Communications and the proposed changes under the Data Protection Regulation (data breach notifications) and its implications are considered. This is followed by an examination of the Directive on Attacks against information systems a
-
78 FR 23938 - Privacy Act of 1974; Report of a New Routine Use for Selected CMS Systems of Records
2013-04-23
... & Medicaid Services (CMS), Department of Health and Human Services (HHS). ACTION: Altered Systems Notice... the systems of records being modified; the new routine use is compatible with the health care purposes... DEPARTMENT OF HEALTH AND HUMAN SERVICES Centers for Medicare & Medicaid Services Privacy Act of...
-
Privacy and Security: A Bibliography.
Computer and Business Equipment Manufacturers Association, Washington, DC.
Compiled at random from many sources, this bibliography attempts to cite as many publications concerning privacy and security as are available. The entries are organized under seven headings: (1) systems security, technical security, clearance of personnel, (2) corporate physical security, (3) administrative security, (4) miscellaneous--privacy…
-
Leveraging Social Links for Trust and Privacy in Networks
Cutillo, Leucio Antonio; Molva, Refik; Strufe, Thorsten
Existing on-line social networks (OSN) such as Facebook suffer from several weaknesses regarding privacy and security due to their inherent handling of personal data. As pointed out in [4], a preliminary analysis of existing OSNs shows that they are subject to a number of vulnerabilities, ranging from cloning legitimate users to sybil attacks through privacy violations. Starting from these OSN vulnerabilities as the first step of a broader research activity, we came up with a new approach that is very promising in re-visiting security and privacy problems in distributed systems and networks. We suggest a solution that both aims at avoiding any centralized control and leverages on the real life trust between users, that is part of the social network application itself. An anonymization technique based on multi-hop routing among trusted nodes guarantees privacy in data access and, generally speaking, in all the OSN operations.
-
Noora Sami Al-Saqer; Mohamed E. Seliaman
2016-01-01
This research paper investigates Saudi users’ awareness levels about privacy policies in Social Networking Sites (SNSs), their privacy concerns and their privacy protection measures. For this purpose, a research model that consists of five main constructs namely information privacy concern, awareness level of privacy policies of social networking sites, perceived vulnerability to privacy risks, perceived response efficacy, and privacy protecting behavior was developed. An online survey questi...
-
Regulating Online Data Privacy
Paul Reid
2004-01-01
With existing data protection laws proving inadequate in the fight to protect online data privacy and with the offline law of privacy in a state of change and uncertainty, the search for an alternative solution to the important problem of online data privacy should commence. With the inherent problem of jurisdiction that the Internet presents, such a solution is best coming from a multi-national body with the power to approximate laws in as many jurisdictions as possible, with a recognised au...
-
Public privacy: Reciprocity and Silence
Directory of Open Access Journals (Sweden)
Jenny Kennedy
2014-10-01
Full Text Available In his 1958 poem 'Dedication to my Wife' TS Eliot proclaims "these are private words addressed to you in public". Simultaneously written for his wife, Valerie Fletcher, and to the implied you of a discourse network, Eliot's poem helps to illustrate the narrative voices and silences that are constitutive of an intimate public sphere. This paper situates reciprocity as a condition of possibility for public privacy. It shows how reciprocity is enabled by systems of code operating through material and symbolic registers. Code promises to control communication, to produce neutral, systemic forms of meaning. Yet such automation is challenged by uneven and fragmented patterns of reciprocity. Moreover, examining the media of public privacy reveals historical trajectories important for understanding contemporary sociotechnical platforms of reciprocity. To explore the implicit requirement of reciprocity in publicly private practices, three sites of communication are investigated framed by a media archaeology perspective: postal networks, the mailart project PostSecret and the anonymous zine 'You'.
-
Patients want granular privacy control over health information in electronic medical records.
Caine, Kelly; Hanania, Rima
2013-01-01
To assess patients' desire for granular level privacy control over which personal health information should be shared, with whom, and for what purpose; and whether these preferences vary based on sensitivity of health information. A card task for matching health information with providers, questionnaire, and interview with 30 patients whose health information is stored in an electronic medical record system. Most patients' records contained sensitive health information. No patients reported that they would prefer to share all information stored in an electronic medical record (EMR) with all potential recipients. Sharing preferences varied by type of information (EMR data element) and recipient (eg, primary care provider), and overall sharing preferences varied by participant. Patients with and without sensitive records preferred less sharing of sensitive versus less-sensitive information. Patients expressed sharing preferences consistent with a desire for granular privacy control over which health information should be shared with whom and expressed differences in sharing preferences for sensitive versus less-sensitive EMR data. The pattern of results may be used by designers to generate privacy-preserving EMR systems including interfaces for patients to express privacy and sharing preferences. To maintain the level of privacy afforded by medical records and to achieve alignment with patients' preferences, patients should have granular privacy control over information contained in their EMR.
-
Customer privacy on UK healthcare websites.
Mundy, Darren P
2006-09-01
Privacy has been and continues to be one of the key challenges of an age devoted to the accumulation, processing, and mining of electronic information. In particular, privacy of healthcare-related information is seen as a key issue as health organizations move towards the electronic provision of services. The aim of the research detailed in this paper has been to analyse privacy policies on popular UK healthcare-related websites to determine the extent to which consumer privacy is protected. The author has combined approaches (such as approaches focused on usability, policy content, and policy quality) used in studies by other researchers on e-commerce and US healthcare websites to provide a comprehensive analysis of UK healthcare privacy policies. The author identifies a wide range of issues related to the protection of consumer privacy through his research analysis using quantitative results. The main outcomes from the author's research are that only 61% of healthcare-related websites in their sample group posted privacy policies. In addition, most of the posted privacy policies had poor readability standards and included a variety of privacy vulnerability statements. Overall, the author's findings represent significant current issues in relation to healthcare information protection on the Internet. The hope is that raising awareness of these results will drive forward changes in the industry, similar to those experienced with information quality.
-
A Model for Calculated Privacy and Trust in pHealth Ecosystems.
Ruotsalainen, Pekka; Blobel, Bernd
2018-01-01
A pHealth ecosystem is a community of service users and providers. It is also a dynamic socio-technical system. One of its main goals is to help users to maintain their personal health status. Another goal is to give economic benefit to stakeholders which use personal health information existing in the ecosystem. In pHealth ecosystems, a huge amount of health related data is collected and used by service providers such as data extracted from the regulated health record and information related to personal characteristics, genetics, lifestyle and environment. In pHealth ecosystems, there are different kinds of service providers such as regulated health care service providers, unregulated health service providers, ICT service providers, researchers and industrial organizations. This fact together with the multidimensional personal health data used raises serious privacy concerns. Privacy is a necessary enabler for successful pHealth, but it is also an elastic concept without any universally agreed definition. Regardless of what kind of privacy model is used in dynamic socio-technical systems, it is difficult for a service user to know the privacy level of services in real life situations. As privacy and trust are interrelated concepts, the authors have developed a hybrid solution where knowledge got from regulatory privacy requirements and publicly available privacy related documents is used for calculation of service providers' specific initial privacy value. This value is then used as an estimate for the initial trust score. In this solution, total trust score is a combination of recommended trust, proposed trust and initial trust. Initial privacy level is a weighted arithmetic mean of knowledge and user selected weights. The total trust score for any service provider in the ecosystem can be calculated deploying either a beta trust model or the Fuzzy trust calculation method. The prosed solution is easy to use and to understand, and it can be also automated. It is
-
Video Surveillance: Privacy Issues and Legal Compliance
DEFF Research Database (Denmark)
Mahmood Rajpoot, Qasim; Jensen, Christian D.
2015-01-01
Pervasive usage of video surveillance is rapidly increasing in developed countries. Continuous security threats to public safety demand use of such systems. Contemporary video surveillance systems offer advanced functionalities which threaten the privacy of those recorded in the video. There is a...
-
Hybrid information privacy system: integration of chaotic neural network and RSA coding
Hsu, Ming-Kai; Willey, Jeff; Lee, Ting N.; Szu, Harold H.
2005-03-01
Electronic mails are adopted worldwide; most are easily hacked by hackers. In this paper, we purposed a free, fast and convenient hybrid privacy system to protect email communication. The privacy system is implemented by combining private security RSA algorithm with specific chaos neural network encryption process. The receiver can decrypt received email as long as it can reproduce the specified chaos neural network series, so called spatial-temporal keys. The chaotic typing and initial seed value of chaos neural network series, encrypted by the RSA algorithm, can reproduce spatial-temporal keys. The encrypted chaotic typing and initial seed value are hidden in watermark mixed nonlinearly with message media, wrapped with convolution error correction codes for wireless 3rd generation cellular phones. The message media can be an arbitrary image. The pattern noise has to be considered during transmission and it could affect/change the spatial-temporal keys. Since any change/modification on chaotic typing or initial seed value of chaos neural network series is not acceptable, the RSA codec system must be robust and fault-tolerant via wireless channel. The robust and fault-tolerant properties of chaos neural networks (CNN) were proved by a field theory of Associative Memory by Szu in 1997. The 1-D chaos generating nodes from the logistic map having arbitrarily negative slope a = p/q generating the N-shaped sigmoid was given first by Szu in 1992. In this paper, we simulated the robust and fault-tolerance properties of CNN under additive noise and pattern noise. We also implement a private version of RSA coding and chaos encryption process on messages.
-
2013-09-25
..., [email protected] . For privacy issues please contact: Claire W. Barrett, Departmental Chief... DEPARTMENT OF TRANSPORTATION Office of the Secretary [Docket No. FMCSA-2013-0306] Privacy Act of... Administration (FMCSA), DOT. ACTION: Notice to amend a system of records. SUMMARY: In accordance with the Privacy...
-
Advertising and Invasion of Privacy.
Rohrer, Daniel Morgan
The right of privacy as it relates to advertising and the use of a person's name or likeness is discussed in this paper. After an introduction that traces some of the history of invasion of privacy in court decisions, the paper examines cases involving issues such as public figures and newsworthy items, right of privacy waived, right of privacy…
-
78 FR 65620 - Privacy Act of 1974; System of Records
2013-11-01
..., as required by 5 U.S.C. 552a(r) of the Privacy Act of 1974, as amended, was submitted on March 18... support officer assignment, planning, programming, accounting, promotions, career development, and...
-
Operationalizing privacy by design: the Ontario smart grid case study
Energy Technology Data Exchange (ETDEWEB)
NONE
2011-02-15
The electrical industry is under perpetual evolution and the changes are becoming more and more complex. The current evolution of the Smart Grid in Ontario, Canada, will modify the entire utility infrastructure and it is therefore critical that the proposed solution also meets customer needs. The aim of this paper is to determine how best practices can be operationalized into smart grid systems. This study showed that the easiest, fastest and best way to implement privacy is in the earliest design stage. This study demonstrated the strategy of dealing with privacy after the fact makes it more difficult to satisfy privacy considerations.
-
75 FR 30411 - Privacy Act of 1974; Report of a Modified or Altered System of Records
2010-06-01
... Privacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse... Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability... systems and data files necessary for compliance with Title XI, Part C of the Social Security Act because...
-
Dilauro, Marc; Thornhill, Rebecca; Fasih, Najla
2016-11-01
Preservation of patient privacy and dignity are basic requirements for all patients visiting a hospital. The purpose of this study was to perform an audit of patients' satisfaction with privacy whilst in the Department of Medical Imaging (MI) at the Civic Campus of the Ottawa Hospital. Outpatients who underwent magnetic resonance imaging (MRI), computed tomography (CT), ultrasonography (US), and plain film (XR) examinations were provided with a survey on patient privacy. The survey asked participants to rank (on a 6-point scale ranging from 6 = excellent to 1 = no privacy) whether their privacy was respected in 5 key locations within the Department of MI. The survey was conducted over a consecutive 5-day period. A total of 502 surveys were completed. The survey response rate for each imaging modality was: 55% MRI, 42% CT, 45% US, and 47% XR. For each imaging modality, the total percentage of privacy scores greater than or equal to 5 were: 98% MRI, 96% CT, 94% US, and 92% XR. Privacy ratings for the MRI reception and waiting room areas were significantly higher in comparison to the other imaging modalities (P = .0025 and P = .0227, respectively). Overall, patient privacy was well respected within the Department of MI. Copyright © 2016 Canadian Association of Radiologists. Published by Elsevier Inc. All rights reserved.
-
75 FR 19377 - Privacy Act of 1974; Systems of Records
2010-04-14
.... 552a(r), of the Privacy Act of 1974, as amended, were submitted on March 31, 2010, to the House..., forced password-change protocols or also equipped with ``Smart Card'' technology that requires the...
-
Enhancing Privacy for Biometric Identification Cards
Directory of Open Access Journals (Sweden)
2009-01-01
Full Text Available Most developed countries have started the implementation of biometric electronic identification cards, especially passports. The European Union and the United States of America struggle to introduce and standardize these electronic documents. Due to the personal nature of the biometric elements used for the generation of these cards, privacy issues were raised on both sides of the Atlantic Ocean, leading to civilian protests and concerns. The lack of transparency from the public authorities responsible with the implementation of such identification systems, and the poor technological approaches chosen by these authorities, are the main reasons for the negative popularity of the new identification methods. The following article shows an approach that provides all the benefits of modern technological advances in the fields of biometrics and cryptography, without sacrificing the privacy of those that will be the beneficiaries of the new system
-
Directory of Open Access Journals (Sweden)
Hong Zhong
2016-01-01
Full Text Available With the rapid development of the Internet, electronic commerce has become more and more popular. As an important element of e-commerce, many Internet companies such as Yahoo! and eBay have launched electronic auction systems. However, like most electronic commerce products, safety is an important issue that should be addressed. Many researchers have proposed secure electronic auction mechanisms, but we found that some of them do not exhibit the property of unlinkability, which leads to the leakage of users’ privacy. Considering the importance of privacy preservation, we have designed a new auction mechanism. Through symmetrical key establishment in the registration phase, all messages transmitted over the Internet would be protected and, meanwhile, achieve the property of unlinkability. The security analysis and performance analysis show that our protocol fulfills more security properties and is more efficient for implementation compared with recent works.
-
Fast implementation of length-adaptive privacy amplification in quantum key distribution
International Nuclear Information System (INIS)
Zhang Chun-Mei; Li Mo; Huang Jing-Zheng; Li Hong-Wei; Li Fang-Yi; Wang Chuan; Yin Zhen-Qiang; Chen Wei; Han Zhen-Fu; Treeviriyanupab Patcharapong; Sripimanwat Keattisak
2014-01-01
Post-processing is indispensable in quantum key distribution (QKD), which is aimed at sharing secret keys between two distant parties. It mainly consists of key reconciliation and privacy amplification, which is used for sharing the same keys and for distilling unconditional secret keys. In this paper, we focus on speeding up the privacy amplification process by choosing a simple multiplicative universal class of hash functions. By constructing an optimal multiplication algorithm based on four basic multiplication algorithms, we give a fast software implementation of length-adaptive privacy amplification. “Length-adaptive” indicates that the implementation of privacy amplification automatically adapts to different lengths of input blocks. When the lengths of the input blocks are 1 Mbit and 10 Mbit, the speed of privacy amplification can be as fast as 14.86 Mbps and 10.88 Mbps, respectively. Thus, it is practical for GHz or even higher repetition frequency QKD systems. (general)
-
Privacy-preserving data cube for electronic medical records: An experimental evaluation.
Kim, Soohyung; Lee, Hyukki; Chung, Yon Dohn
2017-01-01
The aim of this study is to evaluate the effectiveness and efficiency of privacy-preserving data cubes of electronic medical records (EMRs). An EMR data cube is a complex of EMR statistics that are summarized or aggregated by all possible combinations of attributes. Data cubes are widely utilized for efficient big data analysis and also have great potential for EMR analysis. For safe data analysis without privacy breaches, we must consider the privacy preservation characteristics of the EMR data cube. In this paper, we introduce a design for a privacy-preserving EMR data cube and the anonymization methods needed to achieve data privacy. We further focus on changes in efficiency and effectiveness that are caused by the anonymization process for privacy preservation. Thus, we experimentally evaluate various types of privacy-preserving EMR data cubes using several practical metrics and discuss the applicability of each anonymization method with consideration for the EMR analysis environment. We construct privacy-preserving EMR data cubes from anonymized EMR datasets. A real EMR dataset and demographic dataset are used for the evaluation. There are a large number of anonymization methods to preserve EMR privacy, and the methods are classified into three categories (i.e., global generalization, local generalization, and bucketization) by anonymization rules. According to this classification, three types of privacy-preserving EMR data cubes were constructed for the evaluation. We perform a comparative analysis by measuring the data size, cell overlap, and information loss of the EMR data cubes. Global generalization considerably reduced the size of the EMR data cube and did not cause the data cube cells to overlap, but incurred a large amount of information loss. Local generalization maintained the data size and generated only moderate information loss, but there were cell overlaps that could decrease the search performance. Bucketization did not cause cells to overlap
-
Role- and Relationship-Based Identity Management for Privacy-Enhanced E-Learning
Anwar, Mohd; Greer, Jim
2012-01-01
An e-learning discussion forum, an essential component of today's e-learning systems, offers a platform for social learning activities. However, as learners participate in the discussion forum, privacy emerges as a major concern. Privacy concerns in social learning activities originate from one learner's inability to convey a desired presentation…
-
Privacy-Preserving Electrocardiogram Monitoring for Intelligent Arrhythmia Detection †
Son, Junggab; Park, Juyoung; Oh, Heekuck; Bhuiyan, Md Zakirul Alam; Hur, Junbeom; Kang, Kyungtae
2017-01-01
Long-term electrocardiogram (ECG) monitoring, as a representative application of cyber-physical systems, facilitates the early detection of arrhythmia. A considerable number of previous studies has explored monitoring techniques and the automated analysis of sensing data. However, ensuring patient privacy or confidentiality has not been a primary concern in ECG monitoring. First, we propose an intelligent heart monitoring system, which involves a patient-worn ECG sensor (e.g., a smartphone) and a remote monitoring station, as well as a decision support server that interconnects these components. The decision support server analyzes the heart activity, using the Pan–Tompkins algorithm to detect heartbeats and a decision tree to classify them. Our system protects sensing data and user privacy, which is an essential attribute of dependability, by adopting signal scrambling and anonymous identity schemes. We also employ a public key cryptosystem to enable secure communication between the entities. Simulations using data from the MIT-BIH arrhythmia database demonstrate that our system achieves a 95.74% success rate in heartbeat detection and almost a 96.63% accuracy in heartbeat classification, while successfully preserving privacy and securing communications among the involved entities. PMID:28604628
-
Information privacy fundamentals for librarians and information professionals
Givens, Cherie L
2014-01-01
This book introduces library and information professionals to information privacy, provides an overview of information privacy in the library and information science context, U.S. privacy laws by sector, information privacy policy, and key considerations when planning and creating a privacy program.
-
Privacy-invading technologies : safeguarding privacy, liberty & security in the 21st century
Klitou, Demetrius
2012-01-01
With a focus on the growing development and deployment of the latest technologies that threaten privacy, the PhD dissertation argues that the US and UK legal frameworks, in their present form, are inadequate to defend privacy and other civil liberties against the intrusive capabilities of body
-
Zheleva, Elena
2012-01-01
This synthesis lecture provides a survey of work on privacy in online social networks (OSNs). This work encompasses concerns of users as well as service providers and third parties. Our goal is to approach such concerns from a computer-science perspective, and building upon existing work on privacy, security, statistical modeling and databases to provide an overview of the technical and algorithmic issues related to privacy in OSNs. We start our survey by introducing a simple OSN data model and describe common statistical-inference techniques that can be used to infer potentially sensitive inf
-
SIED, a Data Privacy Engineering Framework
Mivule, Kato
2013-01-01
While a number of data privacy techniques have been proposed in the recent years, a few frameworks have been suggested for the implementation of the data privacy process. Most of the proposed approaches are tailored towards implementing a specific data privacy algorithm but not the overall data privacy engineering and design process. Therefore, as a contribution, this study proposes SIED (Specification, Implementation, Evaluation, and Dissemination), a conceptual framework that takes a holist...
-
2010-02-23
... Security Administration, 601 South 12th Street, Arlington, VA 20598-6036. For privacy issues please contact... Secretary 6 CFR Part 5 [Docket No. DHS-2009-0137] Privacy Act of 1974: Implementation of Exemptions... Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The...
-
Singelée, Dave; Seys, Stefaan
Wireless RFID networks are getting deployed at a rapid pace and have already entered the public space on a massive scale: public transport cards, the biometric passport, office ID tokens, customer loyalty cards, etc. Although RFID technology offers interesting services to customers and retailers, it could also endanger the privacy of the end-users. The lack of protection mechanisms being deployed could potentially result in a privacy leakage of personal data. Furthermore, there is the emerging threat of location privacy. In this paper, we will show some practical attack scenarios and illustrates some of them with cases that have received press coverage. We will present the main challenges of enhancing privacy in RFID networks and evaluate some solutions proposed in literature. The main advantages and shortcomings will be briefly discussed. Finally, we will give an overview of some academic and industrial research initiatives on RFID privacy.
-
Yoon, Heakyung C.; Loftness, Vivian
2002-05-01
Lack of speech privacy has been reported to be the main dissatisfaction among occupants in open workplaces, according to workplace surveys. Two speech privacy measurements, Articulation Index (AI), standardized by the American National Standards Institute in 1969, and Speech Privacy Noise Isolation Class (NIC', Noise Isolation Class Prime), adapted from Noise Isolation Class (NIC) by U. S. General Services Administration (GSA) in 1979, have been claimed as objective tools to measure speech privacy in open offices. To evaluate which of them, normal privacy for AI or satisfied privacy for NIC', is a better tool in terms of speech privacy in a dynamic open office environment, measurements were taken in the field. AIs and NIC's in the different partition heights and workplace configurations have been measured following ASTM E1130 (Standard Test Method for Objective Measurement of Speech Privacy in Open Offices Using Articulation Index) and GSA test PBS-C.1 (Method for the Direct Measurement of Speech-Privacy Potential (SPP) Based on Subjective Judgments) and PBS-C.2 (Public Building Service Standard Method of Test Method for the Sufficient Verification of Speech-Privacy Potential (SPP) Based on Objective Measurements Including Methods for the Rating of Functional Interzone Attenuation and NC-Background), respectively.
-
78 FR 22854 - Privacy Act of 1974; System of Records
2013-04-17
... U.S.C. 552a(r) of the Privacy Act of 1974, as amended, was submitted on April 1, 2013, to the House... administrative procedures. Computers are equipped with ``Smart Card'' technology that requires the insertion of...
-
76 FR 53421 - Privacy Act of 1974; System of Records
2011-08-26
..., Air Force Privacy Act Office, Office of Warfighting Integration and Chief Information Officer, ATTN...: Name, signatures, personal contact information, individual's employer and institutional, organizational..., Historical Products, Services, and Requirements; Air Force Instruction 84-105, Organizational Lineage, Honors...
-
An Alternative View of Privacy on Facebook
Directory of Open Access Journals (Sweden)
Christian Fuchs
2011-02-01
Full Text Available The predominant analysis of privacy on Facebook focuses on personal information revelation. This paper is critical of this kind of research and introduces an alternative analytical framework for studying privacy on Facebook, social networking sites and web 2.0. This framework is connecting the phenomenon of online privacy to the political economy of capitalism—a focus that has thus far been rather neglected in research literature about Internet and web 2.0 privacy. Liberal privacy philosophy tends to ignore the political economy of privacy in capitalism that can mask socio-economic inequality and protect capital and the rich from public accountability. Facebook is in this paper analyzed with the help of an approach, in which privacy for dominant groups, in regard to the ability of keeping wealth and power secret from the public, is seen as problematic, whereas privacy at the bottom of the power pyramid for consumers and normal citizens is seen as a protection from dominant interests. Facebook’s privacy concept is based on an understanding that stresses self-regulation and on an individualistic understanding of privacy. The theoretical analysis of the political economy of privacy on Facebook in this paper is based on the political theories of Karl Marx, Hannah Arendt and Jürgen Habermas. Based on the political economist Dallas Smythe’s concept of audience commodification, the process of prosumer commodification on Facebook is analyzed. The political economy of privacy on Facebook is analyzed with the help of a theory of drives that is grounded in Herbert Marcuse’s interpretation of Sigmund Freud, which allows to analyze Facebook based on the concept of play labor (= the convergence of play and labor.
-
Privacy-preserving techniques of genomic data-a survey.
Aziz, Md Momin Al; Sadat, Md Nazmus; Alhadidi, Dima; Wang, Shuang; Jiang, Xiaoqian; Brown, Cheryl L; Mohammed, Noman
2017-11-07
Genomic data hold salient information about the characteristics of a living organism. Throughout the past decade, pinnacle developments have given us more accurate and inexpensive methods to retrieve genome sequences of humans. However, with the advancement of genomic research, there is a growing privacy concern regarding the collection, storage and analysis of such sensitive human data. Recent results show that given some background information, it is possible for an adversary to reidentify an individual from a specific genomic data set. This can reveal the current association or future susceptibility of some diseases for that individual (and sometimes the kinship between individuals) resulting in a privacy violation. Regardless of these risks, our genomic data hold much importance in analyzing the well-being of us and the future generation. Thus, in this article, we discuss the different privacy and security-related problems revolving around human genomic data. In addition, we will explore some of the cardinal cryptographic concepts, which can bring efficacy in secure and private genomic data computation. This article will relate the gaps between these two research areas-Cryptography and Genomics. © The Author 2017. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com.
-
An Alternative View of Privacy on Facebook
Christian Fuchs
2011-01-01
The predominant analysis of privacy on Facebook focuses on personal information revelation. This paper is critical of this kind of research and introduces an alternative analytical framework for studying privacy on Facebook, social networking sites and web 2.0. This framework is connecting the phenomenon of online privacy to the political economy of capitalism—a focus that has thus far been rather neglected in research literature about Internet and web 2.0 privacy. Liberal privacy philosophy ...
-
Effective online privacy mechanisms with persuasive communication
Coopamootoo, P L
2016-01-01
This thesis contributes to research by taking a social psychological perspective to managing privacy online. The thesis proposes to support the effort to form a mental model that is required to evaluate a context with regards to privacy attitudes or to ease the effort by biasing activation of privacy attitudes. Privacy being a behavioural concept, the human-computer interaction design plays a major role in supporting and contributing to end users’ ability to manage their privacy online. Howev...
-
Trust and Privacy Solutions Based on Holistic Service Requirements
Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio
2015-01-01
The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752
-
Trust and Privacy Solutions Based on Holistic Service Requirements
Directory of Open Access Journals (Sweden)
José Antonio Sánchez Alcón
2015-12-01
Full Text Available The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.