On the Relationship between the Different Methods to Address Privacy Issues in the Cloud

  • Siani Pearson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8185)

Abstract

In conjunction with regulation, information security technology is expected to play a critical role in enforcing the right for privacy and data protection. The role of security in privacy by design is discussed in this paper, as well as the relationship of these to accountability. The focus within these discussions is on technological methods to support privacy and data protection in cloud scenarios.

Keywords

Accountability Cloud Computing Design for Privacy Security 

References

  1. 1.
    European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995) Google Scholar
  2. 2.
    European Commission: Proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012) Google Scholar
  3. 3.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing. NIST Special Publication 800-145 (September 2011) Google Scholar
  4. 4.
    Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, Risks and Recommendations for Information Security. ENISA Report (November 2009)Google Scholar
  5. 5.
    Cloud Security Alliance (CSA): Security Guidance for Critical Area of Cloud Computing V3.0 (2011) Google Scholar
  6. 6.
    Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks. Springer (2012)Google Scholar
  7. 7.
    European DG of Justice: Article 29 Working Party, Opinion 05/12 on Cloud Computing (2012) Google Scholar
  8. 8.
    Baldwin, A., Pym, D., Shiu, S.: Enterprise Information Risk Management: Dealing with Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks. Springer (2012)Google Scholar
  9. 9.
    CSA: The Notorious Nine Cloud Computing Top Threats in 2013. Top Threats Working Group (2013) Google Scholar
  10. 10.
    Ko, R.K.L., Lee, S.S.G., Rajan, V.: Understanding Cloud Failures. IEEE Spectrum 49(12), 84 (2012)CrossRefGoogle Scholar
  11. 11.
    Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing, Special Publication 800-144, NIST (December 2011)Google Scholar
  12. 12.
    Liu, F., et al.: NIST Cloud Computing Reference Architecture. NIST Special Publication 500-292 (September 2011)Google Scholar
  13. 13.
    CSA: Cloud Controls Matrix, v1.4, https://cloudsecurityalliance.org/research/ccm/
  14. 14.
    Cloud Accountability Project (A4Cloud), www.a4cloud.eu
  15. 15.
    Warren, S., Brandeis, L.: The Right to Privacy. 4 Harvard Law Review 193 (1890)Google Scholar
  16. 16.
    Westin, A.: Privacy and Freedom. Atheneum, New York (1967)Google Scholar
  17. 17.
    American Institute of Certified Public Accountants (AICPA) and CICA: Generally Accepted Privacy Principles (August 2009)Google Scholar
  18. 18.
    Solove, D.J.: A Taxonomy of Privacy. University of Pennyslavania Law Review 154(3), 477 (2006)CrossRefGoogle Scholar
  19. 19.
    Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review, 101–139 (2004)Google Scholar
  20. 20.
    Privacy Protection Study Commission: Personal Privacy in an Information Society, United Statues Privacy Protection Study Commission Fair Information Practices (1977)Google Scholar
  21. 21.
    Organisation for Economic Co-operation and Development (OECD): Guidelines for the Protection of Personal Data and Transborder Data Flows (1980) Google Scholar
  22. 22.
    ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements (2005) Google Scholar
  23. 23.
    EDPS: Opinion of the European Data Protection Supervisor on the Commission’s Communication on “Unleashing the potential of Cloud Computing in Europe” (2012) Google Scholar
  24. 24.
    EDPS: Responsibility in the Cloud should not be up in the air”. Article EDPS/12/15 (2012), http://europa.eu/rapid/press-release_EDPS-12-15_en.htm
  25. 25.
    GSMA Mobile and Privacy: Accountability Framework for the implementation of the GSMA Privacy Design Guidelines for Mobile App Development (February 2012)Google Scholar
  26. 26.
    Cavoukian, A.: Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era. In: Yee, G. (ed.) Privacy Protection Measures andTechnologies in Business Organisations: Aspects and Standards, pp. 170–208. IGI Global (2012)Google Scholar
  27. 27.
    UK Information Commissioners Office (ICO): Privacy by Design. Report (2008)Google Scholar
  28. 28.
    Federal Trade Commission (FTC): Protecting Consumer Privacy in an Age of Rapid Change: Recommendations for Business and PolicyMakers. FTC Report (March 2012)Google Scholar
  29. 29.
    Microsoft Corporation: Privacy Guidelines for Developing Software Products and Services, Version 2.1a (2007) Google Scholar
  30. 30.
    Cannon, J.C.: Privacy: What Developers and IT Professionals Should Know. Addison Wesley (2004)Google Scholar
  31. 31.
    Spiekermann, S., Cranor, L.F.: Engineering Privacy. IEEE Transactions on Software Engineering 35(1), 67–82 (2009)CrossRefGoogle Scholar
  32. 32.
    Shen, Y., Pearson, S.: Privacy Enhancing Technologies: A Review. HP Labs External Technical Report, HPL-2011-113 (June 2011)Google Scholar
  33. 33.
    European DG of Justice: Article 29 Working Party. Opinion 3/2010 on the principle of accountability (WP 173) (July 2010) Google Scholar
  34. 34.
    ICDPP: 31st International Conference of Data Protection and Privacy ‘Data protection authorities from over 50 countries approve the “Madrid Resolution” on international privacy standards’ (2009), http://www.gov.im/lib/docs/odps//madridresolutionpressreleasenov0.pdf
  35. 35.
    ISO/IEC 29100: Information technology – Security techniques – Privacy framework. Technical report, ISO JTC 1/SC 27 Google Scholar
  36. 36.
    Papanikolaou, N., Pearson, S.: A Cross-Disciplinary Review of the Concept of Accountability. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (May 2013) Google Scholar
  37. 37.
    Pearson, S., Charlesworth, A.: Accountability as a Way Forward for Privacy Protection in the Cloud. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing. LNCS, vol. 5931, pp. 131–144. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  38. 38.
    Catteddu, D., et al.: Towards a Model of Accountability for Cloud Computing Services. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (May 2013)Google Scholar
  39. 39.
    Omand, D., Bartlett, J., Miller, C.: DEMOS Report (2012), http://www.demos.co.uk/files/_Intelligence_-_web.pdf?1335197327
  40. 40.
  41. 41.
    Castelluccia, C., Druschel, P., Hübner, S., et al.: Privacy, Accountability and Trust - Challenges and Opportunities. ENISA (2011)Google Scholar
  42. 42.
    Tancock, D., Pearson, S., Charlesworth, A.: Analysis of Privacy Impact Assessments within Major Jurisdictions. In: Proc. PST 2010, Ottawa, Canada. IEEE (August 2010)Google Scholar
  43. 43.
    Center for Information Policy Leadership (CIPL): Demonstrating and Measuring Accountability: A Discussion Document. Accountability Phase II –The Paris Project (2010) Google Scholar
  44. 44.
    Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (April 2012) Google Scholar
  45. 45.
    Bennett, C.J.: The Accountability Approach to Privacy and Data Protection: Assumptions and Caveats. In: Guagnin, D., et al. (eds.) Managing Privacy through Accountability, pp. 33–48. MacMillan (2012)Google Scholar
  46. 46.
    Cavoukian, A., Taylor, S., Abrams, M.: Privacy by Design: Essential for Organisational Accountability and Strong Business Practices. Identity in the Information Society 3(2), 405–413 (2010)CrossRefGoogle Scholar
  47. 47.
    Camenisch, J., Fischer-Hubner, S., Rannenberg, K. (eds.): Privacy and Identity Management for Life. Springer (2011)Google Scholar
  48. 48.
    Mowbray, M., Pearson, S.: Protecting Personal Information in Cloud Computing. In: Meersman, R., et al. (eds.) OTM 2012, Part II. LNCS, vol. 7566, pp. 475–491. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  49. 49.
    Information Commissioner’s Office (ICO): Guidance on the Use of Cloud Computing (2012)Google Scholar
  50. 50.
    Horwath, C.: Enterprise Risk Management for Cloud Computing, COSO (June 2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Siani Pearson
    • 1
  1. 1.Security and Cloud LabHP LabsBristolUK

Personalised recommendations