IMPROVING AN ALGORITHM FOR DETECTION OF URGENT THREATS TO SECURITY OF PERSONAL DATA WHEN THEY ARE PROCESSED IN INFORMATION SYSTEMS OF PERSONAL DATA

2012 ◽  
Vol 71 (5) ◽  
pp. 455-463
Author(s):  
Yu. K. Yazov ◽  
I. G. Nazarov ◽  
E. S. Ostroukhova
Keyword(s):  
Information Systems ◽  
Personal Data

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

2020 ◽  
Author(s):  
Cátia Santos-Pereira
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Personal Data ◽  
Public Hospitals ◽  
Hospital Environment ◽  
Security Measures ◽  
Eu Member States ◽  
Security Issues ◽  
Management Processes ◽  
Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

scholarly journals The use of digital technology in the public administration

2021 ◽  
Vol 21 (4) ◽  
pp. 419-428
Author(s):  
Sergey E. Channov ◽  
Keyword(s):  
Information Systems ◽  
Public Administration ◽  
Russian Federation ◽  
Public Information ◽  
Personal Data ◽  
Digital Technologies ◽  
Specific Area ◽  
Negative Consequences ◽  
The Public ◽  
The Russian Federation

Introduction. The article is devoted to the use of digital technologies in the field of public administration using the example of state and municipal information systems. Currently, two types of such systems can be distinguished in the Russian Federation: 1) allowing direct enforcement activities; 2) used to capture certain information. Theoretical analysis. Information systems of the first type acquire the properties of an object of complex legal relations, in which suppliers and consumers of information, government bodies, as well as other persons become participants. This entails the fact that in the implementation of public administration, the source of regulation of public relations to a certain extent becomes the program code of these information systems. Accordingly, any failures and errors in the public information system become facts of legal importance. Empirical analysis. The main risks of using information systems of the second type in public administration relate to the illegal access (or use) of information stored in their databases. The consolidation of databases containing different types of information is a serious threat. In this regard, the creation of the Unified Federal Information Register containing information about the population of the Russian Federation, provided for by the Federal Law No. 168-FZ of 08.06.2020, may lead to a large number of socially negative consequences and comes into obvious conflict with the legislation on personal data. Results. State and municipal information systems themselves can improve public administration, including reducing corruption in the country. At the same time, their reduced discretion in management decisions is not always appropriate. Accordingly, their implementation should be preceded by the analysis of the characteristics of a specific area of management, as well as the proposed use of digital technologies.

Medical Personal Data in Secure Information Systems

2009 ◽  
pp. 340-345
Author(s):  
Tatjana Welzer ◽  
Marko Hölbl ◽  
Marjan Družovec ◽  
Brane Klopčič ◽  
Boštjan Brumen ◽  
...  
Keyword(s):  
Information Systems ◽  
Personal Data ◽  
Secure Information

Maturity in Health Organization Information Systems

2019 ◽  
pp. 294-314
Author(s):  
Alberto Carneiro
Keyword(s):  
Information Systems ◽  
Personal Data ◽  
Security Assessment ◽  
Sensitive Data ◽  
Practical Utilization ◽  
Maturity Models ◽  
Systems Security ◽  
It Managers ◽  
Improvement Measures ◽  
Health Organization

Adapting maturity models to healthcare organization's needs is an issue that researchers and technicians should consider and a valuable instrument for IT managers because these models allow the assessment of a present situation as well as the identification of useful improvement measures. This paper discusses the practical utilization of maturity models, including different manners of exploring model's usefulness. For a more complete understanding of maturity models, the selection of criteria and processes of measurement, called metrics, is briefly reviewed in terms of indicators and daily procedures. Some issues of management information systems security are briefly addressed, along with a note on measuring security assessment. Finally some considerations are presented about the need for privacy of personal data to ensure the strategies to be pursued to sensitive data in order to establish a level of effective privacy which is included in the concerns of security of information systems.

scholarly journals GDPR: Is your consent valid?

2020 ◽  
Vol 37 (1) ◽  
pp. 19-24
Author(s):  
Stephen Breen ◽  
Karim Ouazzane ◽  
Preeti Patel
Keyword(s):  
Information Systems ◽  
Data Protection ◽  
Personal Data ◽  
Data Driven ◽  
Privacy Concerns ◽  
General Data Protection Regulation ◽  
Philosophical Background ◽  
General Data ◽  
Compliance With The Law ◽  
Point Of Departure

The General Data Protection Regulation (GDPR) 2018 imposes much greater demands on companies to address the rights of individuals who provide data, that is, Data Subjects. The new law requires a much more transparent approach to gaining consent to process personal data. However, few obvious changes to how consent is gained from Data Subjects to comply with this. Many companies are running the risk of non-compliance with the law if they fail to address how data are obtained and the lack of true consent which Data Subjects currently give to their data being processed. Consent is a complex philosophical principle which relies on the person giving the consent being in full possession of the facts, this article explores the philosophical background of consent and examines the circumstances which were the point of departure for the debate on consent and attempts to develop an understanding of it in the context of the growing influence of information systems and the data-driven economy. The GDPR has gone further than any other regulation or law to date in developing an understanding of consent to address personal data and privacy concerns.

scholarly journals Consultation of EU Immigration Databases for Law Enforcement Purposes: a Privacy and Data Protection Assessment

2020 ◽  
Vol 22 (2) ◽  
pp. 139-177
Author(s):  
Niovi Vavoula
Keyword(s):  
Information Systems ◽  
Law Enforcement ◽  
Data Protection ◽  
Personal Data ◽  
Private Life ◽  
The Past ◽  
European Court ◽  
The Eu ◽  
Third Country Nationals

Abstract Since the past three decades, an elaborate framework of EU-wide information systems processing the personal data of third-country nationals has emerged. The vast majority of these systems (VIS, Eurodac, EES, ETIAS) are conceptualised as multi-purpose tools, whereby their consultation for crime-related objectives is listed among their ancillary objectives. As a result, immigration records may be accessed by national law enforcement authorities and Europol for the purposes of fighting terrorism and other serious crimes under specified and limited conditions. Drawing from the relevant jurisprudence of the European Court, this article evaluates whether the EU rules on law enforcement access to EU immigration databases comply with the rights to respect for private life and protection of personal data, as enshrined in Article 7 and 8 of the EU Charter respectively. In addition, challenges posed by the forthcoming interoperability between databases are also examined.

Combating Crime in the Digital Age: a Critical Review of EU Information Systems in the Area of Freedom, Security and Justice in the Post-Interoperability Era

2020 ◽  
Vol 2 (4) ◽  
pp. 1-97
Author(s):  
Athina Giannakoula ◽  
Dafni Lima ◽  
Maria Kaiafa-Gbandi
Keyword(s):  
Information Systems ◽  
Criminal Law ◽  
Personal Data ◽  
Essential Elements ◽  
Legal Principles ◽  
Personal Data Protection ◽  
Criminal Procedure Law ◽  
Critical Account ◽  
High Level ◽  
The Eu

Abstract This article provides a systematic and critical account of EU information systems in the area of freedom, security and justice, with the aim of establishing the contemporary links between information sharing and criminal law in the EU and of evaluating its impact on individuals. To this end, Part 1 offers a systemisation and critical assessment of the essential elements of the pertinent systems (ECRIS, ECRIS-TCN, Prüm, PNR, Europol, SIS, Eurodac, VIS, EES, ETIAS) and of the new interoperability regime under Regulation (EU) 2019/818, from the perspective of their objective to prevent and combat serious crime and to ensure a high level of security in the EU. In Part 2 the article explores personal data protection law, police law and criminal procedure law, in order to propose safeguards and limitations for effectively regulating this rapidly evolving framework and addressing the growing challenges for fundamental legal principles and individual rights. In this respect, the authors put forward concrete views and ideas, on the basis of their central suggestion that the issue discussed falls within the context of an emerging precognitive paradigm of criminal law.

scholarly journals ORGANIZATIONAL AND TACTICAL FEATURES OF CERTAIN SECRET INVESTIGATIVE (INVESTIGATIVE) ACTIVITIES IN THE INVESTIGATION OF FRAUD IN THE SPHERAGER IN THE SPHERE

2020 ◽  
Vol 2 (4(106)) ◽  
pp. 200-205
Author(s):  
Г. В. Захарова
Keyword(s):  
Information Systems ◽  
Tax Evasion ◽  
Personal Data ◽  
Legal Regulation ◽  
Bank Loans ◽  
Travel Agency ◽  
Electronic Information ◽  
Procedural Law ◽  
State Of Affairs ◽  
Tax Reporting

The relevance of the article is that the issue of organization and tactics of covert investigative actions in the theory of criminology is a fairly new concept, because this kind of investigative (investigative) actions in the CPC of Ukraine appeared only after reforming procedural legislation in 2012. Prior to this period, such covert means were not under the legal regulation of criminal procedural law, and their tactical principles were studied mainly in the theory of operational and investigative activities. After these novelties of the CPC of Ukraine, among scientists of the theory of criminology there was a task to develop new tactical recommendations on the tactical features of covert investigative actions. The article examines the organization and tactics of certain covert investigative actions in the investigation of fraud in the field of tourism, committed by an organized group, including seizure of correspondence, knowledge of transport telecommunications networks, removal of information from electronic information systems. Based on the study of different points of view of scientists, the author concluded that the tactics of covert (investigative) actions have their own characteristics and differ from the tactics of investigative actions, in particular because of their secret nature. The author highlights situations in which conducting covert investigative actions in the investigation of fraud in the field of tourism, committed by an organized group, is appropriate. The main tactical features of the seizure of correspondence, removal of information from transport telecommunications systems, removal of information from electronic information systems are outlined. When investigating fraud in the field of tourism, committed by an organized group during these covert investigative (search) actions, the following information relevant to the investigation may be established: 1) on the use of sightseeing and tourist tours for illegal employment, emigration from the country; 2) about travel companies - one-day; 3) on the real state of affairs in the travel agency and on possible tax evasion, inaccurate tax reporting; 4) evasion of insurance payments or non-existent insurance payments; 5) on possible illegal use of personal data, illegal payment transactions, including with bank loans, etc.

Sign in / Sign up

Export Citation Format

Share Document