Skip to main content
SpringerLink
Log in

A Privacy Impact Assessment Tool for Cloud Computing

  • Chapter
  • First Online:
Privacy and Security for Cloud Computing

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

In this chapter, we consider requirements for Privacy Impact Assessments (PIAs) carried out within a cloud computing environment and explain how a PIA support tool may be constructed. Privacy is an important consideration in cloud computing, as actual or perceived privacy weaknesses will impact legal compliance, data security, and user trust. A PIA is a systematic process for evaluating the possible future effects that a particular activity or proposal may have on an individual’s privacy. It focuses on understanding the system, initiative, or scheme; identifying and mitigating adverse privacy impacts; and informing decision-makers who must decide whether the project should proceed and in what form (Stewart B, Privacy impact assessments. PLPR 3(7):61–64, 1996. http://www.austrii.edu/au/journals/PLPR.html. Accessed 30 October 2011).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Stewart, B.: Privacy impact assessments. PLPR 3(7), 61–64 (1996). http://www.austrii.edu/au/journals/PLPR.html. Accessed 30 Oct 2011

  2. Warren, A., Bayley, R., Bennett, C., Charlesworth, A., Clarke, R., Oppenheim, C.: Privacy impact assessments: international experience as a basis for UK guidance. Comput. Law Secur. Rep. 24(3), 233–242 (2008). doi:10.1016/j.clsr.2008.03.003

    Article  Google Scholar 

  3. Tancock, D., Pearson, S., Charlesworth, A.: Analysis of privacy impact assessments within major jurisdictions. In: Privacy Security and Trust (PST), 2010 Eighth Annual International Conference, Ottawa, Ontario, Canada, 17–19 Aug 2010, pp. 118–125 (2010). doi: 10.1109/PST.2010.5593260

  4. Tancock, D., Pearson, S., Charlesworth, A.: The emergence of privacy impact assessments. http://www.hpl.hp.com/techreports/2010/HPL-2010–63.pdf (2010). Accessed 30 Oct 2011

    Google Scholar 

  5. Cavoukian, A.: Privacy by design: the 7 foundational principles. http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf (2009). Accessed 30 Oct 2011

  6. Charlesworth, A.: Jurisdictional report for Canada: privacy impact assessments. International Study of Their Application and Effects (Appendix C). http://www.ico.gov.uk/upload/documents/library/corporate/research_and_reports/lbrouni_piastudy_appc_can_2910071.pdf (2007). Accessed 26 Oct 2011

  7. eHealth Ontario: Privacy impact assessment policy version 2. http://www.ehealthontario.on.ca/pdfs/Privacy/PrivacyImpactAssessmentPolicy.pdf (2008). Accessed 27 Oct 2011

  8. Cavoukian, A.: Privacy impact assessment guidelines for the Ontario Personal Health Information Protection Act. http://www.ipc.on.ca/images/Resources/up-phipa_pia_e.pdf (2005). Accessed 23 Oct 2011

  9. UK Cabinet Office: Data Handling Procedures in Government: Final Report. http://www.cabinetoffice.gov.uk/sites/default/files/resources/final-report.pdf (2008). Accessed 21 Nov 2011

  10. Treasury Board Secretariat Canada: Info source bulletin number 33B: statistical reporting. http://www.infosource.gc.ca/bulletin/2010/b/bulletin33b/bulletin33b03-eng.asp (2010). Accessed 15 Nov 2011

  11. Information Commissioners Office: Information Commissioners annual report 2009/10. http://www.ico.gov.uk/upload/documents/library/corporate/detailed_specialist_guides/annual_report_2010.pdf (2010). Accessed 14 Nov 2011

  12. 80/20 Thinking Ltd: Privacy impact assessments for Phorm Inc. http://www.8020thinking.com/news/9.html?task=view (2008). Accessed 26 Oct 2011

  13. The Office of the Privacy Commissioner of New Zealand: Privacy impact assessment handbook. http://privacy.org.nz/assets/Files/Brochures-and-pamphlets-and-pubs/48638065.pdf (2009). Accessed 27 Oct 2011

  14. Information Commissioners Office: Privacy impact assessment handbook. http://www.ico.gov.uk/handbook/June.2009 (2009). Accessed 30 Oct 2011

  15. Department of Homeland Security: Privacy Threshold Analysis (PTA). http://www.dhs.gov/xlibrary/assets/privacy/DHS_PTA_Template.pdf (2007). Accessed 30 Oct 2011

  16. Australian Government: Office of the Privacy Commissioner: Privacy Impact Assessment Guide. http://www.privacy.gov.au/index.php?option=com_icedoc&view=types&element=guidelines&fullsummary=6590&Itemid=1021 (2010). Accessed 29 Oct 2011

    Google Scholar 

  17. Treasury Board Secretariat Canada: Welcome to the PIA e-learning tool. http://www.tbs-sct.gc.ca/pgol-pged/piatp-pfefvp/index-c-eng.asp (2003). Accessed 13 Nov 2011

  18. United States Department of Homeland Security: Privacy threshold analysis (PTA). http://www.dhs.gov/xlibrary/assets/privacy/DHS_PTA_Template.pdf (2007). Accessed 15 Nov 2011

  19. Vallini, M.: Software as a Service (SaaS) Ethical Issues. http://www.marcovallini.com/documentazione/saas_ethical_issues.pdf (2009). Accessed 24 Oct 2011

  20. Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Cloud Computing Technology and Science (CloudCom), 2010 Second Annual International Conference, 30 Nov –3 Dec, pp. 693–702 (2010). doi: 10.1109/CloudCom.2010.66

  21. Giarratano, J.: Expert Systems: Principles and Programming. Thomson Learning, Boston, Massachusetts, Canada (2005)

    Google Scholar 

  22. J Boss Community: Drools: Business logic integration/platform. http://www.jboss.org/drools (2011). Accessed 22 Nov 2011

  23. Logic Programming Associates Ltd: LPA VisiRule 1.5. http://www.lpa.co.uk/vsr.htm (2011). Accessed 20 Nov 2011

  24. Corvid ExSys: Overview of Corvid Knowledge Automation Expert System Software. http://www.exsys.com/pdf/AboutCORVID.pdf (2008). Accessed 18 Oct 2011

  25. Corvid ExSys: Java-based Expert System Knowledge Automation Development and Deployment Technologies White-Paper. http://www.exsys.com/pdf/ExsysCORVIDWhitePaper.pdf (2009). Accessed 20 Oct 2011

  26. Mell, P., Grance, T.: The National Institute of Standards and Technology (NIST) Definition of Cloud Computing Version 15. http://www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf (2009). Accessed 19 Nov 2011

  27. Corvid ExSys: ExSys Corvid Manual Version 5.2.1. http://www.exsys.com/PDF/CorvidManual.pdf (2009). Accessed 16 Oct 2011

  28. Microsoft: What is the Windows Azure Platform? http://www.microsoft.com/windowsazure/ (2011). Accessed 21 Nov 2011.

  29. Sitaram, D., Manjunath, G.: Moving to the Cloud. Elsevier, Waltham (2012)

    Google Scholar 

  30. Sosinsky, B.: Cloud Computing Bible. Wiley, Indianapolis (2011)

    Google Scholar 

  31. Rhoton, J.: Cloud Computing Explained, 2nd edn. Recursive Press, London (2010)

    Google Scholar 

  32. Trusted Computing Group: TCG Architecture Overview Version 1.4. http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14 (2010). Accessed 12 Nov 2011

  33. European Network and Information Security Agency: Cloud Computing: Benefits, Risks and Recommendations for Information Security. http://www.enisa.europa.cu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport.pdf (2009). Accessed 17 Nov 2011

  34. Solove, D.J.: Understanding Privacy. Harvard University Press, Cambridge (2008)

    Google Scholar 

  35. Organization for Economic Co-operation and Development (OECD): Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data. OECD, Geneva (1980)

    Google Scholar 

  36. Karol, T.: A guide to cross-border privacy impact assessments. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/A-Guide-To-Cross-Border-Privacy-Impact-Assessments.aspx (2009). Accessed 30 Oct 2011

  37. Nasuni: http://www.nasuni.com/ (2011). Accessed 30 Oct 2011

  38. Bethencourt, S., Chan, J., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: IEEE Symposium on Security and Privacy. [City Not Specified] http://www.cs.berkeley.edu/∼bethenco/oakland07rangequery.pdf (2007). Accessed 19 Feb 2012

    Google Scholar 

  39. Yao, A.C.: How to generate and exchange secrets. In: 27th Symposium on Foundation of Computer Science (FoCS), 27–29 Oct 1986, pp. 162–167 (1986). doi: 10.1109/SFCS.1986.25

  40. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: 41st ACM Symposium on Theory of Computing (STOC), [Date not specified] June 2009, pp. 169–178 (2009). doi: 10.1145/1536414.1536440

  41. Export.gov: Welcome to the U.S.-E.U. & U.S.-Swiss Safe Harbor Frameworks. 26 October 2011. http://export.gov/safeharbor/ (2011)

  42. RapidRedact: Welcome to Redacta. 21 Feb 2012. http://www.redacta.co.uk/ (2012)

  43. DSDM Consortium: Handbook Version 2.1. http://www.dsdm.org/atern-handbook/flash.html#/1/ (2011). Accessed 30 Oct 2011

  44. Shull, F., Singer, J., Sjoberg, D.: Guide to Advanced Empirical Software Engineering. Springer, London (2010)

    Google Scholar 

  45. Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Jaatun, M., Zhao, G., Rong, C. (eds.) Cloud Computing, vol. 5931, pp. 131–144. LNCS. Springer, Berlin/Heidelberg (2009). doi:10.1007/978–3–642–10665–1_12

    Google Scholar 

  46. Pearson, S., Shen, Y., Mowbray, M.: A privacy manager for cloud computing. In: Jaatun, M., Zhao, G., Rong, C. (eds.) Cloud Computing, vol. 5931, pp. 90–106. LNCS. Springer, Berlin/Heidelberg (2009). doi: 10.1007/978–3–642

    Google Scholar 

  47. Preimesberger, C.: IBM, Aetna Join for New Cloud-Based Health Care Support System. http://www.eweek.com/c/a/Health-Care-IT/IBM-Aetna-Join-for-New-CloudBased-Health-Care-Support-System-667092/ (2010). Accessed 30 Oct 2011

  48. CambridgeSoft: ChemBioOffice Cloud – An Integrated Decision Support System for CHDI. http://chembionews.cambridgesoft.com/WhitePapers/Default.aspx?whitePaperID=43 (2010). Accessed 30 Oct 2011

  49. Harbird, R., Ahmed, M., Finkelstein, A., McKinney, E., Burroughs, A.: Privacy Impact Assessment with PRAIS. http://www.cs.ucl.ac.uk/staff/A.Finkelstein/papers/hotpets.pdf (2007). Accessed 30 Oct 2011

  50. Liberty Alliance Project: ID governance – identify privacy and access policy, marketing requirements document. http://www.projectliberty.org/ (2007). Accessed 30 Oct 2011

  51. Pearson, S., Sander, T., Sharma, R.: Privacy management for global organizations. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) Data Privacy Management and Autonomous Spontaneous Security, vol. 5939, pp. 9–17. LNCS. Springer, Berlin/Heidelberg. doi:10.1007/978–3–642–11207–2_2

    Google Scholar 

  52. Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, accountable privacy management for large organizations. INSPEC 2009: 2nd International Workshop on Security and Privacy Distributed Computing, Enterprise Distributed Object Conference Workshops (EDOCW 2009), IEEE, Auckland, New Zealand, 1–4 Sept 2009, pp. 168–175

    Google Scholar 

  53. Office of the Privacy Commissioner of Canada: Securing Personal Information: A self Assessment Tool for Organisations. http://www.priv.gc.ca/resource/tool-outil/security-securite/english/AssessRisks.asp?x=1 (2011). Accessed 26 Oct 2011

  54. Microsoft: Microsoft Security Assessment Tool Version 4.0. http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=12273 (2009). Accessed 27 Oct 2011

    Google Scholar 

  55. Sander, T., Pearson, S.: Decision support for selection of cloud service providers. Int. J. Comput. GTSF. 1(1) (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Clifton, Bristol, BS8 1UB, UK

    David Tancock

  2. Cloud and Security Lab, HP Labs, Long Down Avenue, Bristol, BS34 8QZ, UK

    Siani Pearson

  3. Centre for IT and Law, University of Bristol, Queens Road, Bristol, BS8 1RJ, UK

    Andrew Charlesworth

Authors
  1. David Tancock
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Siani Pearson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andrew Charlesworth
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to David Tancock .

Editor information

Editors and Affiliations

  1. Cloud and Security Laboratory HP Labs, Filton, Bristol, UK

    Siani Pearson

  2. Department of Systems and Computer Engineering, Carleton University, Ottawa, ON, Canada

    George Yee

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag London

About this chapter

Cite this chapter

Tancock, D., Pearson, S., Charlesworth, A. (2013). A Privacy Impact Assessment Tool for Cloud Computing. In: Pearson, S., Yee, G. (eds) Privacy and Security for Cloud Computing. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-4189-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-4189-1_3

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-4188-4

  • Online ISBN: 978-1-4471-4189-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation