Abstract
Development of Information Systems that ensure privacy is a challenging task that spans various fields such as technology, law and policy. Reports of recent privacy infringements indicate that we are far from not only achieving privacy but also from applying Privacy by Design principles. This is due to lack of holistic methods and tools which should enable to understand privacy issues, incorporate appropriate privacy controls during design-time and create and enforce a privacy policy during run-time. To address these issues, we present VisiOn Privacy Platform which provides holistic privacy management throughout the whole information system lifecycle. It contains a privacy aware process that is supported by a software platform and enables Data Controllers to ensure privacy and Data Subjects to gain control of their data, by participating in the privacy policy formulation. A case study from the healthcare domain is used to demonstrate the platform’s benefits.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
This questionnaire is not part of VPP and has been created only for the purposes of the trials and the evaluation of the platform.
- 9.
References
European commission: Directive 95/46/ec of the european parliament and of the council. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:31995L0046. Accessed 14 Jun 2017
European commission: Directive 2002/58/ec of the European parliament and of the council, July 2002. http://ec.europa.eu/justice/data-protection/law/files/recast_20091219_en.pdf. Accessed 14 Jun 2017
European commission: Proposal for a regulation of the european parliament and of the council, January 2012. http://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX:52012PC0011. Accessed 14 Jun 2017
European commission: Eurobarometer 431 - data protection report. Technical report (2015)
European parliament: Regulation (eu) 2016/679 of the european parliament and of the coucil of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/ec (general data protection regulation) (2016). http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=en. Accessed 14 Jun 2017
Forum-pa - osservatori digital innovation del politecnico di milano: Che cos’è il fascicolo sanitario elettronico e come utilizzarlo, December 2016
Colombo, P., Ferrari, E.: Towards a modeling and analysis framework for privacy-aware systems. In: 2012 International Conference on Privacy, Security, Risk and Trust (PASSAT), and 2012 International Conference on Social Computing (SocialCom), pp. 81–90. IEEE (2012)
CSA: Privacy level agreement outline for the sale of cloud services in the European Union. Technical report, Cloud Security Alliance, Privacy Level Agreement Working Group, February 2013
DErrico, M., Pearson, S.: Towards a formalised representation for the technical enforcement of privacy level agreements. In: 2015 IEEE International Conference on Cloud Engineering (IC2E), pp. 422–427. IEEE (2015)
Drogkaris, P., Gritzalis, S., Lambrinoudakis, C.: Employing privacy policies and preferences in modern e-government environments. Int. J. Electr. Governance 6(2), 101–116 (2013)
Earp, J., Anton, A., Jarvinen, O.: A social, technical, and legal framework for privacy management and policies. In: AMCIS 2002 Proceedings, p. 89 (2002)
Ebrahim, Z., Irani, Z.: e-Government adoption: architecture and barriers. Bus. Process Manage. J. 11(5), 589–611 (2005)
Farzandipour, M., Sadoughi, F., Ahmadi, M., Karimi, I.: Security requirements and solutions in electronic health records: lessons learned from a comparative study. J. Med. Syst. 34(4), 629–642 (2010)
Fernández-Alemán, J.L., Señor, I.C., Lozoya, P.Á.O., Toval, A.: Security and privacy in electronic health records: a systematic literature review. J. Biomed. Inform. 46(3), 541–562 (2013)
Greenhalgh, T., Hinder, S., Stramer, K., Bratan, T., Russell, J.: Adoption, non-adoption, and abandonment of a personal electronic health record: case study of healthspace. BMJ 341, c5814 (2010)
ISO/IEC: 27000:2016 information technology - security techniques - information security management systems - overview and vocabulary. Technical report (2016)
Jürjens, J.: Secure information flow for concurrent processes. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 395–409. Springer, Heidelberg (2000). doi:10.1007/3-540-44618-4_29
Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in system design: the PriS method. Requirements Eng. 13(3), 241–255 (2008)
Li, J.S., Zhou, T.S., Chu, J., Araki, K., Yoshihara, H.: Design and development of an international clinical data exchange system: the international layer function of the dolphin project. J. Am. Med. Inform. Assoc. 18(5), 683–689 (2011)
Mahfuth, A., Dhillon, J.S., Drus, S.M.: A systematic review on data security and patient privacy issues in electronic medical records. J. Theoret. Appl. Inform. Technol. 90(2), 106 (2016)
Otto, B., Auer, S., Cirullies, J., Jürjens, J., Menz, N., Schon, J., Wenzel, S.: Industrial data space: digital souvereignity over data. Technical report, Technical Report, Fraunhofer-Gesellschaft (2016)
Rezaeibagha, F., Win, K.T., Susilo, W.: A systematic literature review on security and privacy of electronic health record systems: technical perspectives. Health Inform. Manage. J. 44(3), 23–38 (2015)
Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Trans. Software Eng. 35(1), 67–82 (2009)
(W3C), W.W.W.C.: Platform for privacy preferences (p3p) project (2016). https://www.w3.org/TR/P3P11/. Accessed 14 Jun 2017
Acknowledgement
This research was supported by the Visual Privacy Management in User Centric Open Environments (VisiOn) project, supported by the EU Horizon 2020 programme, Grant Agreement No. 653642.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Diamantopoulou, V. et al. (2017). Privacy Data Management and Awareness for Public Administrations: A Case Study from the Healthcare Domain. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2017. Lecture Notes in Computer Science(), vol 10518. Springer, Cham. https://doi.org/10.1007/978-3-319-67280-9_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-67280-9_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67279-3
Online ISBN: 978-3-319-67280-9
eBook Packages: Computer ScienceComputer Science (R0)