scholarly journals Contact Tracing: Ensuring Privacy and Security

2021 ◽  
Vol 11 (21) ◽  
pp. 9977
Author(s):  
Daan Storm van Leeuwen ◽  
Ali Ahmed ◽  
Craig Watterson ◽  
Nilufar Baghaei
Keyword(s):  
Mobile Phones ◽  
Data Protection ◽  
Healthcare Systems ◽  
International Travel ◽  
Contact Tracing ◽  
Privacy And Security ◽  
General Data Protection Regulation ◽  
General Data ◽  
Privacy Legislation ◽  
Decentralised System

Faced with the biggest virus outbreak in a century, world governments at the start of 2020 took unprecedented measures to protect their healthcare systems from being overwhelmed in the light of the COVID-19 pandemic. International travel was halted and lockdowns were imposed. Many nations adopted measures to stop the transmission of the virus, such as imposing the wearing of face masks, social distancing, and limits on social gatherings. Technology was quickly developed for mobile phones, allowing governments to track people’s movements concerning locations of the virus (both people and places). These are called contact tracing applications. Contact tracing applications raise serious privacy and security concerns. Within Europe, two systems evolved: a centralised system, which calculates risk on a central server, and a decentralised system, which calculates risk on the users’ handset. This study examined both systems from a threat perspective to design a framework that enables privacy and security for contact tracing applications. Such a framework is helpful for App developers. The study found that even though both systems comply with the General Data Protection Regulation (GDPR), Europe’s privacy legislation, the centralised system suffers from severe risks against the threats identified. Experiments, research, and reviews tested the decentralised system in various settings but found that it performs better but still suffers from inherent shortcomings. User tracking and re-identification are possible, especially when users report themselves as infected. Based on these data, the study identified and validated a framework that enables privacy and security. The study also found that the current implementations using the decentralised Google/Apple API do not comply with the framework.

scholarly journals Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Information ◽  
2020 ◽  
Vol 11 (12) ◽  
pp. 586
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Healthcare System ◽  
Data Protection ◽  
Security Policy ◽  
Personal Data ◽  
Legal Framework ◽  
Healthcare Systems ◽  
Security And Privacy ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

scholarly journals Ética archivística, privacidad y protección de datos personales

2021 ◽  
Author(s):  
Daniel Martínez-Ávila
Keyword(s):  
Data Protection ◽  
Code Of Ethics ◽  
Codes Of Ethics ◽  
International Council ◽  
General Data Protection Regulation ◽  
Joint Statement ◽  
General Data ◽  
Privacy Legislation

It analyzes the main codes of ethics for archivists and their principles on privacy and access. It discusses the Code of Ethics and related documents published by the International Council on Archives, the 2020 ICA-IFLA joint statement on Privacy Legislation and Archiving, the Code of Ethics of Catalan Archivists, several Canadian codes of ethics, and several documents by the Society of American Archivists, including the joint statements with the ALA and the ACRL/RBMS. Finally, it presents the European General Data Protection Regulation and the guidance for archives of the European Archives Group. Resumen Se analizan los principales códigos de ética internacionales para archiveros y sus recomendaciones sobre privacidad y acceso. Se discuten los códigos de ética y documentos del Consejo Internacional de Archivos, la declaración conjunta con la Federación Internacional de Asociaciones de Bibliotecarios y Bibliotecas de 2020, el código deontológico de los archiveros catalanes, varios códigos de Canadá y los documentos relacionados de la Sociedad de Archiveros Americanos, incluyendo aquellos presentados de forma conjunta con la ALA y la ACRL/RBMS. Para finalizar se presenta el reglamento general de protección de datos de la Unión Europea y las directrices para archivos del European Archives Group.

An analysis of a General Data Protection Regulation impact on fuel and energy companies

2020 ◽  
Vol 5 ◽  
pp. 55-63
Author(s):  
Kirill Bryukhovetsky ◽  
Ilya Livshitz
Keyword(s):  
Risk Assessment ◽  
European Union ◽  
Data Protection ◽  
Power Engineering ◽  
The European Union ◽  
Privacy And Security ◽  
Customer Data ◽  
General Data Protection Regulation ◽  
General Data ◽  
Energy Companies

General Data Protection Regulation has been adopted in 2018 and establishes privacy and security protection for data gathered on anyone in the European Union. Russian power engineering companies have to potentially comply with GDPR in regards of processing and storing customer data. This paper contains an analysis of certain GDPR requirements and their meaning for power engineering companies and their departments for the purpose of compliance risk assessment. The results can help make decisions on compliance risk assessment initiatives to diminish data protection risks for international businesses, including power engineering companies.

Sign in / Sign up

Export Citation Format

Share Document