Conceptual framework and architecture for privacy audit

Ksenya Kveler, Kirsten Bock, Pietro Colombo, Tamar Domany, Elena Ferrari, Alan Hartman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Many ICT applications involve the collection of personal information or information on the behaviour of customers, users, employees, citizens, or patients. The organisations that collect this data need to manage the privacy of these individuals. In many organisations there are insufficient data protection measures and a low level of trust among those whose data are concerned. It is often difficult and burdensome for organisations to prove privacy compliance and accountability especially in situations that cross national boundaries and involve a number of different legal systems governing privacy. In response to these obstacles, we describe instruments facilitating accountability, audit, and meaningful certification. These instruments are based on a set of fundamental data protection goals (DPG): availability, integrity, confidentiality, transparency, intervenability, and unlinkability. By using the data protection goals instead of focusing on fragmented national privacy regulations, a well defined set of privacy metrics can be identified recognising privacy by design requirements and widely accepted certification criteria. We also describe a novel conceptual framework and architecture for defining comprehensive privacy compliance metrics and providing assessment tools for ICT applications and services using as much automation as possible. The proposed metrics and tools will identify gaps, provide clear suggestions and will assist audit and certification to support informed decisions on the trustworthiness of ICT for citizens and businesses.

Original languageEnglish
Title of host publicationPrivacy Technologies and Policy - 1st Annual Privacy Forum, APF 2012, Revised Selected Papers
EditorsBart Preneel, Demosthenes Ikonomou
PublisherSpringer Verlag
Pages17-40
Number of pages24
ISBN (Electronic)9783642540684
StatePublished - 2014
Externally publishedYes
Event1st Annual Privacy Forum, APF 2012 - Limassol, Cyprus
Duration: 10 Oct 201211 Oct 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8319
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st Annual Privacy Forum, APF 2012
Country/TerritoryCyprus
CityLimassol
Period10/10/1211/10/12

Bibliographical note

Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2014.

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Conceptual framework and architecture for privacy audit'. Together they form a unique fingerprint.

Cite this