An approach for distinct information privacy risk assessment
Laakkonen, Jussi (2017-11-18)
Väitöskirja
Laakkonen, Jussi
18.11.2017
Lappeenranta University of Technology
Acta Universitatis Lappeenrantaensis
Julkaisun pysyvä osoite on
https://urn.fi/URN:ISBN:978-952-335-150-9
https://urn.fi/URN:ISBN:978-952-335-150-9
Tiivistelmä
Privacy is a a basic human right and a foundational issue of the digital world but also a complex concept to comprehend; the term is commonly misunderstood through secrecy. The struggle with privacy has been, and will be between liberty and control. An equal balance between the two is difficult to achieve, hence the different motivators and agendas of the involved parties. New definitions of different aspects of privacy, such as PII 2.0 and legislative regulations can help in moving towards a suitable compromise. However, before a new definition is devised, the systems withholding private information must be protected to ensure privacy of individuals. The first step in protecting the systems is assessing information privacy risks, to which the contribution of this thesis is an answer to.
In information privacy identifiability of information is the key issue. In legislation private information is the data that can identify an individual or that can be linked to an individual. In order to maintain information privacy it is required to guarantee the individual autonomy of an individual by encompassing both integrity and confidentiality of the identified or identifiable information. This thesis begins with a survey of privacy state of art that is derived from existing research on, models and approaches of, and legal definitions on privacy.
Contribution of this thesis is an approach for assessing information privacy risk in ecosystems collecting information about individuals. The approach is a mid-level tool for assessing information privacy risk that operates between abstract and concrete methods to offer indicative results about the ecosystem under study. The approach is intended to be used as a tool in detecting the areas of the ecosystem where more protection is needed. Based on the results resources can be then allocated and prioritized to problematic areas of the ecosystem. The approach operates on abstract task, functional and component levels and consists of two contributions: (1) an abstraction method and iterative framework and (2) an assessment model. Contribution 1 offers details about information flows between the tasks and functions of the ecosystem components. Contribution 2 establishes a qualitative information privacy risk value on component basis utilizing both qualitative and quantitative attributes of information privacy.
In information privacy identifiability of information is the key issue. In legislation private information is the data that can identify an individual or that can be linked to an individual. In order to maintain information privacy it is required to guarantee the individual autonomy of an individual by encompassing both integrity and confidentiality of the identified or identifiable information. This thesis begins with a survey of privacy state of art that is derived from existing research on, models and approaches of, and legal definitions on privacy.
Contribution of this thesis is an approach for assessing information privacy risk in ecosystems collecting information about individuals. The approach is a mid-level tool for assessing information privacy risk that operates between abstract and concrete methods to offer indicative results about the ecosystem under study. The approach is intended to be used as a tool in detecting the areas of the ecosystem where more protection is needed. Based on the results resources can be then allocated and prioritized to problematic areas of the ecosystem. The approach operates on abstract task, functional and component levels and consists of two contributions: (1) an abstraction method and iterative framework and (2) an assessment model. Contribution 1 offers details about information flows between the tasks and functions of the ecosystem components. Contribution 2 establishes a qualitative information privacy risk value on component basis utilizing both qualitative and quantitative attributes of information privacy.
Kokoelmat
- Väitöskirjat [1037]