Abstract
In this chapter, we consider requirements for Privacy Impact Assessments (PIAs) carried out within a cloud computing environment and explain how a PIA support tool may be constructed. Privacy is an important consideration in cloud computing, as actual or perceived privacy weaknesses will impact legal compliance, data security, and user trust. A PIA is a systematic process for evaluating the possible future effects that a particular activity or proposal may have on an individual’s privacy. It focuses on understanding the system, initiative, or scheme; identifying and mitigating adverse privacy impacts; and informing decision-makers who must decide whether the project should proceed and in what form (Stewart B, Privacy impact assessments. PLPR 3(7):61–64, 1996. http://www.austrii.edu/au/journals/PLPR.html. Accessed 30 October 2011).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Stewart, B.: Privacy impact assessments. PLPR 3(7), 61–64 (1996). http://www.austrii.edu/au/journals/PLPR.html. Accessed 30 Oct 2011
Warren, A., Bayley, R., Bennett, C., Charlesworth, A., Clarke, R., Oppenheim, C.: Privacy impact assessments: international experience as a basis for UK guidance. Comput. Law Secur. Rep. 24(3), 233–242 (2008). doi:10.1016/j.clsr.2008.03.003
Tancock, D., Pearson, S., Charlesworth, A.: Analysis of privacy impact assessments within major jurisdictions. In: Privacy Security and Trust (PST), 2010 Eighth Annual International Conference, Ottawa, Ontario, Canada, 17–19 Aug 2010, pp. 118–125 (2010). doi: 10.1109/PST.2010.5593260
Tancock, D., Pearson, S., Charlesworth, A.: The emergence of privacy impact assessments. http://www.hpl.hp.com/techreports/2010/HPL-2010–63.pdf (2010). Accessed 30 Oct 2011
Cavoukian, A.: Privacy by design: the 7 foundational principles. http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf (2009). Accessed 30 Oct 2011
Charlesworth, A.: Jurisdictional report for Canada: privacy impact assessments. International Study of Their Application and Effects (Appendix C). http://www.ico.gov.uk/upload/documents/library/corporate/research_and_reports/lbrouni_piastudy_appc_can_2910071.pdf (2007). Accessed 26 Oct 2011
eHealth Ontario: Privacy impact assessment policy version 2. http://www.ehealthontario.on.ca/pdfs/Privacy/PrivacyImpactAssessmentPolicy.pdf (2008). Accessed 27 Oct 2011
Cavoukian, A.: Privacy impact assessment guidelines for the Ontario Personal Health Information Protection Act. http://www.ipc.on.ca/images/Resources/up-phipa_pia_e.pdf (2005). Accessed 23 Oct 2011
UK Cabinet Office: Data Handling Procedures in Government: Final Report. http://www.cabinetoffice.gov.uk/sites/default/files/resources/final-report.pdf (2008). Accessed 21 Nov 2011
Treasury Board Secretariat Canada: Info source bulletin number 33B: statistical reporting. http://www.infosource.gc.ca/bulletin/2010/b/bulletin33b/bulletin33b03-eng.asp (2010). Accessed 15 Nov 2011
Information Commissioners Office: Information Commissioners annual report 2009/10. http://www.ico.gov.uk/upload/documents/library/corporate/detailed_specialist_guides/annual_report_2010.pdf (2010). Accessed 14 Nov 2011
80/20 Thinking Ltd: Privacy impact assessments for Phorm Inc. http://www.8020thinking.com/news/9.html?task=view (2008). Accessed 26 Oct 2011
The Office of the Privacy Commissioner of New Zealand: Privacy impact assessment handbook. http://privacy.org.nz/assets/Files/Brochures-and-pamphlets-and-pubs/48638065.pdf (2009). Accessed 27 Oct 2011
Information Commissioners Office: Privacy impact assessment handbook. http://www.ico.gov.uk/handbook/June.2009 (2009). Accessed 30 Oct 2011
Department of Homeland Security: Privacy Threshold Analysis (PTA). http://www.dhs.gov/xlibrary/assets/privacy/DHS_PTA_Template.pdf (2007). Accessed 30 Oct 2011
Australian Government: Office of the Privacy Commissioner: Privacy Impact Assessment Guide. http://www.privacy.gov.au/index.php?option=com_icedoc&view=types&element=guidelines&fullsummary=6590&Itemid=1021 (2010). Accessed 29 Oct 2011
Treasury Board Secretariat Canada: Welcome to the PIA e-learning tool. http://www.tbs-sct.gc.ca/pgol-pged/piatp-pfefvp/index-c-eng.asp (2003). Accessed 13 Nov 2011
United States Department of Homeland Security: Privacy threshold analysis (PTA). http://www.dhs.gov/xlibrary/assets/privacy/DHS_PTA_Template.pdf (2007). Accessed 15 Nov 2011
Vallini, M.: Software as a Service (SaaS) Ethical Issues. http://www.marcovallini.com/documentazione/saas_ethical_issues.pdf (2009). Accessed 24 Oct 2011
Pearson, S., Benameur, A.: Privacy, security and trust issues arising from cloud computing. In: Cloud Computing Technology and Science (CloudCom), 2010 Second Annual International Conference, 30 Nov –3 Dec, pp. 693–702 (2010). doi: 10.1109/CloudCom.2010.66
Giarratano, J.: Expert Systems: Principles and Programming. Thomson Learning, Boston, Massachusetts, Canada (2005)
J Boss Community: Drools: Business logic integration/platform. http://www.jboss.org/drools (2011). Accessed 22 Nov 2011
Logic Programming Associates Ltd: LPA VisiRule 1.5. http://www.lpa.co.uk/vsr.htm (2011). Accessed 20 Nov 2011
Corvid ExSys: Overview of Corvid Knowledge Automation Expert System Software. http://www.exsys.com/pdf/AboutCORVID.pdf (2008). Accessed 18 Oct 2011
Corvid ExSys: Java-based Expert System Knowledge Automation Development and Deployment Technologies White-Paper. http://www.exsys.com/pdf/ExsysCORVIDWhitePaper.pdf (2009). Accessed 20 Oct 2011
Mell, P., Grance, T.: The National Institute of Standards and Technology (NIST) Definition of Cloud Computing Version 15. http://www.nist.gov/itl/cloud/upload/cloud-def-v15.pdf (2009). Accessed 19 Nov 2011
Corvid ExSys: ExSys Corvid Manual Version 5.2.1. http://www.exsys.com/PDF/CorvidManual.pdf (2009). Accessed 16 Oct 2011
Microsoft: What is the Windows Azure Platform? http://www.microsoft.com/windowsazure/ (2011). Accessed 21 Nov 2011.
Sitaram, D., Manjunath, G.: Moving to the Cloud. Elsevier, Waltham (2012)
Sosinsky, B.: Cloud Computing Bible. Wiley, Indianapolis (2011)
Rhoton, J.: Cloud Computing Explained, 2nd edn. Recursive Press, London (2010)
Trusted Computing Group: TCG Architecture Overview Version 1.4. http://www.trustedcomputinggroup.org/resources/tcg_architecture_overview_version_14 (2010). Accessed 12 Nov 2011
European Network and Information Security Agency: Cloud Computing: Benefits, Risks and Recommendations for Information Security. http://www.enisa.europa.cu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport.pdf (2009). Accessed 17 Nov 2011
Solove, D.J.: Understanding Privacy. Harvard University Press, Cambridge (2008)
Organization for Economic Co-operation and Development (OECD): Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data. OECD, Geneva (1980)
Karol, T.: A guide to cross-border privacy impact assessments. http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/A-Guide-To-Cross-Border-Privacy-Impact-Assessments.aspx (2009). Accessed 30 Oct 2011
Nasuni: http://www.nasuni.com/ (2011). Accessed 30 Oct 2011
Bethencourt, S., Chan, J., Song, D., Perrig, A.: Multi-dimensional range query over encrypted data. In: IEEE Symposium on Security and Privacy. [City Not Specified] http://www.cs.berkeley.edu/∼bethenco/oakland07rangequery.pdf (2007). Accessed 19 Feb 2012
Yao, A.C.: How to generate and exchange secrets. In: 27th Symposium on Foundation of Computer Science (FoCS), 27–29 Oct 1986, pp. 162–167 (1986). doi: 10.1109/SFCS.1986.25
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: 41st ACM Symposium on Theory of Computing (STOC), [Date not specified] June 2009, pp. 169–178 (2009). doi: 10.1145/1536414.1536440
Export.gov: Welcome to the U.S.-E.U. & U.S.-Swiss Safe Harbor Frameworks. 26 October 2011. http://export.gov/safeharbor/ (2011)
RapidRedact: Welcome to Redacta. 21 Feb 2012. http://www.redacta.co.uk/ (2012)
DSDM Consortium: Handbook Version 2.1. http://www.dsdm.org/atern-handbook/flash.html#/1/ (2011). Accessed 30 Oct 2011
Shull, F., Singer, J., Sjoberg, D.: Guide to Advanced Empirical Software Engineering. Springer, London (2010)
Pearson, S., Charlesworth, A.: Accountability as a way forward for privacy protection in the cloud. In: Jaatun, M., Zhao, G., Rong, C. (eds.) Cloud Computing, vol. 5931, pp. 131–144. LNCS. Springer, Berlin/Heidelberg (2009). doi:10.1007/978–3–642–10665–1_12
Pearson, S., Shen, Y., Mowbray, M.: A privacy manager for cloud computing. In: Jaatun, M., Zhao, G., Rong, C. (eds.) Cloud Computing, vol. 5931, pp. 90–106. LNCS. Springer, Berlin/Heidelberg (2009). doi: 10.1007/978–3–642
Preimesberger, C.: IBM, Aetna Join for New Cloud-Based Health Care Support System. http://www.eweek.com/c/a/Health-Care-IT/IBM-Aetna-Join-for-New-CloudBased-Health-Care-Support-System-667092/ (2010). Accessed 30 Oct 2011
CambridgeSoft: ChemBioOffice Cloud – An Integrated Decision Support System for CHDI. http://chembionews.cambridgesoft.com/WhitePapers/Default.aspx?whitePaperID=43 (2010). Accessed 30 Oct 2011
Harbird, R., Ahmed, M., Finkelstein, A., McKinney, E., Burroughs, A.: Privacy Impact Assessment with PRAIS. http://www.cs.ucl.ac.uk/staff/A.Finkelstein/papers/hotpets.pdf (2007). Accessed 30 Oct 2011
Liberty Alliance Project: ID governance – identify privacy and access policy, marketing requirements document. http://www.projectliberty.org/ (2007). Accessed 30 Oct 2011
Pearson, S., Sander, T., Sharma, R.: Privacy management for global organizations. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) Data Privacy Management and Autonomous Spontaneous Security, vol. 5939, pp. 9–17. LNCS. Springer, Berlin/Heidelberg. doi:10.1007/978–3–642–11207–2_2
Pearson, S., Rao, P., Sander, T., Parry, A., Paull, A., Patruni, S., Dandamudi-Ratnakar, V., Sharma, P.: Scalable, accountable privacy management for large organizations. INSPEC 2009: 2nd International Workshop on Security and Privacy Distributed Computing, Enterprise Distributed Object Conference Workshops (EDOCW 2009), IEEE, Auckland, New Zealand, 1–4 Sept 2009, pp. 168–175
Office of the Privacy Commissioner of Canada: Securing Personal Information: A self Assessment Tool for Organisations. http://www.priv.gc.ca/resource/tool-outil/security-securite/english/AssessRisks.asp?x=1 (2011). Accessed 26 Oct 2011
Microsoft: Microsoft Security Assessment Tool Version 4.0. http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=12273 (2009). Accessed 27 Oct 2011
Sander, T., Pearson, S.: Decision support for selection of cloud service providers. Int. J. Comput. GTSF. 1(1) (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag London
About this chapter
Cite this chapter
Tancock, D., Pearson, S., Charlesworth, A. (2013). A Privacy Impact Assessment Tool for Cloud Computing. In: Pearson, S., Yee, G. (eds) Privacy and Security for Cloud Computing. Computer Communications and Networks. Springer, London. https://doi.org/10.1007/978-1-4471-4189-1_3
Download citation
DOI: https://doi.org/10.1007/978-1-4471-4189-1_3
Published:
Publisher Name: Springer, London
Print ISBN: 978-1-4471-4188-4
Online ISBN: 978-1-4471-4189-1
eBook Packages: Computer ScienceComputer Science (R0)