Privacy Management and Accountability in Global Organisations

  • Siani Pearson
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 421)

Abstract

Organisations that operate in a global environment can be subject to potentially diverse and complex regulatory requirements. This paper explains some of the key issues that corporate governance faces related to privacy and some mechanisms for addressing these.

Keywords

Accountability compliance data protection privacy risk security 
This is a preview of subscription content, log in to check access

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Information Commissioner’s Office (ICO), The Privacy Dividend: The Business Case for Investing in Proactive Privacy Protection (March 2010), http://www.ico.org.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/PRIVACY_DIVIDEND.ashx
  2. 2.
    Tressell, R.: The Ragged Trousered Philanthropists. Wordsworth Classics (2012)Google Scholar
  3. 3.
    Bennett, C.J., Raab, C.D.: The Governance of Privacy: Policy Instruments in Global Perspective. MIT Press, Cambridge (2006)Google Scholar
  4. 4.
    Warren, S., Brandeis, L.: The Right to Privacy. 4 Harvard Law Review 193 (1890)Google Scholar
  5. 5.
    Westin, A.: Privacy and Freedom, New York, US, Atheneum (1967)Google Scholar
  6. 6.
    American Institute of Certified Public Accountants (AICPA) and CICA: Generally Accepted Privacy Principles (August 2009)Google Scholar
  7. 7.
    Solove, D.J.: A Taxonomy of Privacy. University of Pennyslavania Law Review 154(3), 477 (2006)CrossRefGoogle Scholar
  8. 8.
    Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review, 101–139 (2004)Google Scholar
  9. 9.
    Swire, P., Bermann, S.: Information Privacy. Official Reference for the Certified Information Privacy Professional, CIPP (2007)Google Scholar
  10. 10.
    European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)Google Scholar
  11. 11.
    Privacy Protection Study Commission: Personal Privacy in an Information Society, United Statues Privacy Protection Study Commission Fair Information Practices (1977)Google Scholar
  12. 12.
    Organisation for Economic Co-operation and Development (OECD): Guidelines for the Protection of Personal Data and Transborder Data Flows (1980)Google Scholar
  13. 13.
    OECD: Guidelines Concerning the Protection of Privacy and Transborder Flows of Personal Data (2013), http://www.oecd.org/sti/ieconomy/2013-oecd-privacy-guidelines.pdf
  14. 14.
    European Commission, Unleashing the Potential of Cloud Computing in Europe (2012), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF
  15. 15.
    European Commission, Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (2013), http://ec.europa.eu/information_society/newsroom/cf//document.cfm?doc_id=1667
  16. 16.
  17. 17.
    Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks, pp. 3–42. Springer (2012)Google Scholar
  18. 18.
    The Guardian: NSA Prism program taps in to user data of Apple, Google and others (June 7, 2013), http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
  19. 19.
    Barabási, A.-L.: Scientists must spearhead ethical use of big data (2013), http://www.politico.com/story/2013/09/scientists-must-spearhead-ethical-use-of-big-data-97578.html
  20. 20.
    Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (April 2012)Google Scholar
  21. 21.
    Cavoukian, A.: Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era. In: Yee, G. (ed.) Privacy Protection Measures and Technologies in Business Organisations: Aspects and Standards, pp. 170–208. IGI Global (2012)Google Scholar
  22. 22.
    Information Commissioners Office (ICO): Privacy by Design. Report (2008), www.ico.gov.uk
  23. 23.
    Privacy Enhancing Technologies: A Review. HPL-2011-113, http://www.hpl.hp.com/techreports/2011/HPL-2011-113.html
  24. 24.
    Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services, Version 2.1a (2007)Google Scholar
  25. 25.
    European Commission: Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012)Google Scholar
  26. 26.
    Federal Trade Commission (FTC): Protecting Consumer Privacy in an Age of Rapid Change: Recommendations for Business and PolicyMakers. FTC Report (March 2012)Google Scholar
  27. 27.
    Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Transactions on Software Engineering, 1–42 (2008)Google Scholar
  28. 28.
    European DG of Justice: Article 29 Working Party. ‘Opinion 3/2010 on the principle of accountability (WP 173)’ (July 2010)Google Scholar
  29. 29.
    Felici, Pearson: MS:C-2.2, Internal Project Report, A4Cloud project (March 2013)Google Scholar
  30. 30.
    Information Commissioner’s Office (ICO): Binding Corporate Rules., http://www.ico.gov.uk/for_organisations/data_protection/overseas/binding_corporate_rules.aspx
  31. 31.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Communications of ACM 51(6), 87 (2008)CrossRefGoogle Scholar
  32. 32.
    Center for Information Policy Leadership (CIPL): Data protection accountability: the essential elements (2009), http://www.huntonfiles.com/files/webupload/CIPL_Galway_Accountability_Paper.pdf
  33. 33.
    Bennett, C.J.: The Accountability Approach to Privacy and Data Protection: Assumptions and Caveats. In: Guagnin, D., et al. (eds.) Managing Privacy through Accountability, pp. 33–48. MacMillan (2012)Google Scholar
  34. 34.
    Catteddu, D., et al.: Towards a Model of Accountability for Cloud Computing Services. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (May 2013)Google Scholar
  35. 35.
    Trilateral Research and Consulting, Privacy Impact Assessment and Risk Management, ICO report (May 2013), http://www.ico.org.uk/~/media/documents/library/Corporate/Research_and_reports/pia-and-risk-management-full-report-for-the-ico.pdf
  36. 36.
    Information Commissioner’s Office UK (ICO): Data protection guidance note: Privacy enhancing technologies (2007)Google Scholar
  37. 37.
    Pearson, S., Sander, T.: A Decision Support System for Privacy Compliance. In: Gupta, M., Walp, J., Sharman, R. (eds.) Threats, Countermeasures, and Advances in Applied Information Security. Information Science Reference, pp. 158–180. IGI Global, New York (2012)CrossRefGoogle Scholar
  38. 38.
    EU Cloud Accountability project, http://www.a4cloud.eu
  39. 39.
    Mowbray, M., Pearson, S.: Protecting Personal Information in Cloud Computing. In: Meersman, R., Panetto, H., Dillon, T., Rinderle-Ma, S., Dadam, P., Zhou, X., Pearson, S., Ferscha, A., Bergamaschi, S., Cruz, I.F. (eds.) OTM 2012, Part II. LNCS, vol. 7566, pp. 475–491. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Siani Pearson
    • 1
  1. 1.Security and Cloud LabHewlett-PackardBristolUK

Personalised recommendations