Privacy Management and Accountability in Global Organisations
Conference paper
Abstract
Organisations that operate in a global environment can be subject to potentially diverse and complex regulatory requirements. This paper explains some of the key issues that corporate governance faces related to privacy and some mechanisms for addressing these.
Keywords
Accountability compliance data protection privacy risk security Download
to read the full conference paper text
References
- 1.Information Commissioner’s Office (ICO), The Privacy Dividend: The Business Case for Investing in Proactive Privacy Protection (March 2010), http://www.ico.org.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/PRIVACY_DIVIDEND.ashx
- 2.Tressell, R.: The Ragged Trousered Philanthropists. Wordsworth Classics (2012)Google Scholar
- 3.Bennett, C.J., Raab, C.D.: The Governance of Privacy: Policy Instruments in Global Perspective. MIT Press, Cambridge (2006)Google Scholar
- 4.Warren, S., Brandeis, L.: The Right to Privacy. 4 Harvard Law Review 193 (1890)Google Scholar
- 5.Westin, A.: Privacy and Freedom, New York, US, Atheneum (1967)Google Scholar
- 6.American Institute of Certified Public Accountants (AICPA) and CICA: Generally Accepted Privacy Principles (August 2009)Google Scholar
- 7.Solove, D.J.: A Taxonomy of Privacy. University of Pennyslavania Law Review 154(3), 477 (2006)CrossRefGoogle Scholar
- 8.Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review, 101–139 (2004)Google Scholar
- 9.Swire, P., Bermann, S.: Information Privacy. Official Reference for the Certified Information Privacy Professional, CIPP (2007)Google Scholar
- 10.European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)Google Scholar
- 11.Privacy Protection Study Commission: Personal Privacy in an Information Society, United Statues Privacy Protection Study Commission Fair Information Practices (1977)Google Scholar
- 12.Organisation for Economic Co-operation and Development (OECD): Guidelines for the Protection of Personal Data and Transborder Data Flows (1980)Google Scholar
- 13.OECD: Guidelines Concerning the Protection of Privacy and Transborder Flows of Personal Data (2013), http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf
- 14.European Commission, Unleashing the Potential of Cloud Computing in Europe (2012), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF
- 15.European Commission, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (2013), http://ec.europa.eu/information_society/newsroom/cf//document.cfm?doc_id=1667
- 16.European Commission, Directive on Network and Information Security (2013), http://ec.europa.eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedom-and-opportunity-cyber-security
- 17.Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks, pp. 3–42. Springer (2012)Google Scholar
- 18.The Guardian: NSA Prism program taps in to user data of Apple, Google and others (June 7, 2013), http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
- 19.Barabási, A.-L.: Scientists must spearhead ethical use of big data (2013), http://www.politico.com/story/2013/09/scientists-must-spearhead-ethical-use-of-big-data-97578.html
- 20.Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (April 2012)Google Scholar
- 21.Cavoukian, A.: Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era. In: Yee, G. (ed.) Privacy Protection Measures and Technologies in Business Organisations: Aspects and Standards, pp. 170–208. IGI Global (2012)Google Scholar
- 22.Information Commissioners Office (ICO): Privacy by Design. Report (2008), www.ico.gov.uk
- 23.Privacy Enhancing Technologies: A Review. HPL-2011-113, http://www.hpl.hp.com/techreports/2011/HPL-2011-113.html
- 24.Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services, Version 2.1a (2007)Google Scholar
- 25.European Commission: Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012)Google Scholar
- 26.Federal Trade Commission (FTC): Protecting Consumer Privacy in an Age of Rapid Change: Recommendations for Business and PolicyMakers. FTC Report (March 2012)Google Scholar
- 27.Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Transactions on Software Engineering, 1–42 (2008)Google Scholar
- 28.European DG of Justice: Article 29 Working Party. ‘Opinion 3/2010 on the principle of accountability (WP 173)’ (July 2010)Google Scholar
- 29.Felici, Pearson: MS:C-2.2, Internal Project Report, A4Cloud project (March 2013)Google Scholar
- 30.Information Commissioner’s Office (ICO): Binding Corporate Rules., http://www.ico.gov.uk/for_organisations/data_protection/overseas/binding_corporate_rules.aspx
- 31.Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Communications of ACM 51(6), 87 (2008)CrossRefGoogle Scholar
- 32.Center for Information Policy Leadership (CIPL): Data protection accountability: the essential elements (2009), http://www.huntonfiles.com/files/webupload/CIPL_Galway_Accountability_Paper.pdf
- 33.Bennett, C.J.: The Accountability Approach to Privacy and Data Protection: Assumptions and Caveats. In: Guagnin, D., et al. (eds.) Managing Privacy through Accountability, pp. 33–48. MacMillan (2012)Google Scholar
- 34.Catteddu, D., et al.: Towards a Model of Accountability for Cloud Computing Services. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (May 2013)Google Scholar
- 35.Trilateral Research and Consulting, Privacy Impact Assessment and Risk Management, ICO report (May 2013), http://www.ico.org.uk/~/media/documents/library/Corporate/Research_and_reports/pia-and-risk-management-full-report-for-the-ico.pdf
- 36.Information Commissioner’s Office UK (ICO): Data protection guidance note: Privacy enhancing technologies (2007)Google Scholar
- 37.Pearson, S., Sander, T.: A Decision Support System for Privacy Compliance. In: Gupta, M., Walp, J., Sharman, R. (eds.) Threats, Countermeasures, and Advances in Applied Information Security. Information Science Reference, pp. 158–180. IGI Global, New York (2012)CrossRefGoogle Scholar
- 38.EU Cloud Accountability project, http://www.a4cloud.eu
- 39.Mowbray, M., Pearson, S.: Protecting Personal Information in Cloud Computing. In: Meersman, R., Panetto, H., Dillon, T., Rinderle-Ma, S., Dadam, P., Zhou, X., Pearson, S., Ferscha, A., Bergamaschi, S., Cruz, I.F. (eds.) OTM 2012, Part II. LNCS, vol. 7566, pp. 475–491. Springer, Heidelberg (2012)CrossRefGoogle Scholar
Copyright information
© IFIP International Federation for Information Processing 2014