Abstract
Cloud computing holds the promise of democratizing access to many computer resources, such as software, by effectively outsourcing computing tasks. However, this raises a variety of security and privacy concerns. Researchers and professionals must maintain security and privacy protections when managing data and information in cloud environments. While several security-related strategies and protections have already been established, there is still no comprehensive set of controls or criteria that specifically addresses privacy protection in the cloud. In this paper, we propose an all-encompassing privacy framework for cloud computing: the Comprehensive Criteria for Privacy Protections (C2P2) framework. The C2P2 framework was developed through qualitative analysis and evaluation of ten major existing privacy-related documents. This paper aims to present our initial and novel synthesis of the C2P2 framework, for which we found 107 unique privacy criteria across thirteen categories. This is the first assessment of its kind for the current privacy-related frameworks and serves as the first step towards establishing a comprehensive set of privacy protection criteria in cloud computing. We believe this framework provides an essential roadmap towards an inclusive privacy standard that information researchers and professionals can use to build controls and certifications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Hartzog, W.: The inadequate, invaluable fair information practices. Maryland Law Rev. 952–983 (2017)
McCallister, E.: Guide to protecting the confidentiality of personally identifiable information, vol. 800, no. 122. Diane Publishing (2010)
Schwartz, P.M., Solove, D.J.: The PII problem: privacy and a new concept of personally identifiable information. New York Univ. Law Rev. 86, 1814–1894 (2011)
Kesan, J., Hayes, C., Bashir, M.: A comprehensive empirical study of data privacy, trust, and consumer autonomy. Indiana Law J. 91, 267–352 (2016)
Stiglitz, J. E:. Making globalisation work. Esri (2006)
Gunawan, J., Choffnes, D., Hartzog, W., Wilson, C.: The COVID-19 Pandemic and the Technology Trust Gap, Seton Hall Law Review, pp. 1505–1533 (2020)
Privacy Act of 1974. The United States Department of Justice. https://www.justice.gov/opcl/privacy-act-1974. Accessed 15 Jan 2020
Mell, P., Grance, T.: The NIST definition of cloud computing (2011)
Ellis, R., Mohan, V. (Eds.).: Rewired: cybersecurity governance. John Wiley & Sons (2019)
The New Brazilian General Data Protection Law – a detailed analysis. IAPP. https://iapp.org/news/a/the-new-brazilian-general-data-protection-law-a-detailed-analysis. Accessed 15 Aug 2018
Guilloteau, S., Venkatesen, M.: Privacy in cloud computing-itu-t technology watch report march 2012. In: International Telecommunication Union: Geneva, Switzerland (2013)
Nist Privacy Framework: A Tool For Improving Privacy Through Enterprise Risk Management. https://www.nist.gov/privacy-framework. Accessed 16 Jan 2020
Cloud Controls Matrix v3.0.1. Cloud Security Alliance. https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/. Accessed 3 August 2019
Reidenberg, J. R.: Resolving Conflicting International Data Privacy Rules in Cyberspace. Stanford Law Review, pp. 1315–1371 (2000)
General Data Protection Regulation. https://gdpr-info.eu/
Wang, F.Y.: Cooperative data privacy: the Japanese model of data privacy and the EU-Japan GDPR adequacy agreement. Harv. J. Law Technol. 33, 661–691 (2020)
African Union Convention on Cyber Security and Personal Data Protection. https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection. Accessed 27 June 2014
Greenleaf, G.: Five YEARS OF THE APEC privacy framework: failure or promise? Comput. Law Secur. Rev. 25(1), 28–43 (2009)
What is the Cross-Border Privacy Rules System? Asia-Pacific Economic Cooperation. https://www.apec.org/About-Us/About-APEC/Fact-Sheets/What-is-the-Cross-Border-Privacy-Rules-System. Accessed 15 Apr 2019
OECD Privacy Guidelines. OECD (2013). https://www.oecd.org/internet/ieconomy/privacy-guidelines.htm
Sharma, T., Wang, T., Di Giulio, C., Bashir, M.: Towards inclusive privacy protections in the cloud. In: Zhou, J., et al (eds.) ACNS 2020. LNCS, vol. 12418, pp. 337–359. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-61638-0_19
Acknowledgment
This work has been supported by Cisco. We want to acknowledge and thank all of those who have contributed to this work.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, T., Hayes, C.M., Bashir, M. (2022). Developing a Framework of Comprehensive Criteria for Privacy Protections. In: Arai, K. (eds) Advances in Information and Communication. FICC 2022. Lecture Notes in Networks and Systems, vol 439. Springer, Cham. https://doi.org/10.1007/978-3-030-98015-3_61
Download citation
DOI: https://doi.org/10.1007/978-3-030-98015-3_61
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98014-6
Online ISBN: 978-3-030-98015-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)