Data Privacy vs. Data Security

2014 ◽  
pp. 215-234
Author(s):  
Sue Milton
Keyword(s):  
Data Security ◽  
Data Privacy ◽  
Identity Management ◽  
Data Access ◽  
Privacy And Security ◽  
Access Policy ◽  
Data Usage ◽  
And Performance ◽  
The Relationship ◽  
Privacy Issues

This chapter assumes data is a key asset that, if lost or damaged, severely disrupts business capability and reputation. The chapter has one core purpose, to provide leaders with sufficient understanding of two data management fundamentals, data privacy and data security. Without that understanding, Information Technology (IT) security will always be seen as a cost on, not an investment towards, quality and performance. The chapter reviews the relationship between data privacy and data security. It argues that data security cannot be achieved until data privacy issues have been addressed. Simply put, data privacy is fundamental to any data usage policy and data security to the data access policy. The topic is then discussed in broader terms, in the context of data and information management, covering various themes such as cyber-crime, governance, and innovations in identity management. The chapter's intended outcome is to clarify the relationship between data privacy and security and how this understanding helps reduce data abuse. The link between privacy and security will also demystify the reason for high costs in implementing and maintaining security policies and explain why leaders need to provide stronger IT strategic leadership to ensure IT investment is defined and implemented wisely.

Data Privacy vs. Data Security

2021 ◽  
pp. 209-235
Author(s):  
Sue Milton
Keyword(s):  
Cyber Security ◽  
Data Security ◽  
Data Privacy ◽  
Personal Data ◽  
Data Access ◽  
Data Governance ◽  
Privacy And Security ◽  
Data Usage ◽  
High Resource ◽  
Nation States

The proliferation of data exposure via social media implies privacy and security are a lost cause. Regulation counters this through personal data usage compliance. Organizations must also keep non-personal data safe from competitors, criminals, and nation states. The chapter introduces leaders to the two data governance fundamentals: data privacy and data security. The chapter argues that data security cannot be achieved until data privacy issues have been addressed. Simply put, data privacy is fundamental to any data usage policy and data security to the data access policy. The fundamentals are then discussed more broadly, covering data and information management, cyber security, governance, and innovations in IT service provisioning. The chapter clarifies the complementary fundamentals and how they reduce data abuse. The link between privacy and security also demystifies the high resource costs in implementing and maintaining security practices and explains why leaders must provide strong IT leadership to ensure IT investment is defined and implemented wisely.

scholarly journals Qualitative content analysis for international comparison of data usage agreements

2017 ◽  
Vol 1 (1) ◽  
Author(s):  
Christian Haux ◽  
Frank Gabel ◽  
Anna-Lena Trescher ◽  
Helen Whelton ◽  
Geert Van der Heijden ◽  
...  
Keyword(s):  
Content Analysis ◽  
Data Integration ◽  
Data Privacy ◽  
Qualitative Content Analysis ◽  
Data Access ◽  
Added Value ◽  
Security Requirements ◽  
Coding System ◽  
Privacy And Security ◽  
Data Usage

ABSTRACT ObjectivesThe multi-country-EU project ADVOCATE (Added Value for Oral Care) involves the analysis of routinely collected oral health care records from health insurance systems in six European countries, including NHS England and NHS Scotland. The data will be stored in a in a central repository using AnalytiXagility which adheres to strict privacy and security standards. Therefore, data usage agreements must be consented with all partners and being subjected to specific regulations in the respective nation. This will result in different aggregation levels for data integration, e. g. one of the partners does not allow the transfer of data that contain a personal identifier. To understand the variety of requirements and limitations in different countries, we performed a qualitative content analysis of the agreements. ApproachA categorisation system for privacy and data protection aspects was developed. The aspects are based on privacy conditions mentioned in guidance documents, the agreements themselves and the project’s proposal. The agreements were examined for textual elements and systematically coded by three reviewers. Compliance between privacy conditions and the agreements was estimated using a nominal scale, whether the context was available in the agreement or not. The software MAXQDA was used for tagging relevant text passages. ResultsThe initial coding scheme contains eight categories on top-level. They include, inter alia, aspects on data access, -preparation, -transmission, and -usage. The top-levels divide in up to four different levels of detail. The coding system was continuously adapted during full-text analysis. Initially, the agreements from the partners of Denmark and Germany were used. Characteristics in the agreements require a fine granularity of sub-categories. The German agreement, for example, names the whole institution as partner, whereas the Danish agreement differentiates in personal roles, each with own responsibilities. ConclusionUndertaking an overview of privacy conditions can be a valuable step in comparing privacy and security requirements in different national regulations. The qualitative content analysis was found a suitable approach for this purpose because it enables the detection of fine characteristics. By using an incremental design, it is possible to adapt the coding system to include additional partners. However, the current coding system has the limitation that heterogeneity between the agreements leads to a fine granularity of categories that hamper the comparability between partners. Despite these problems, the approach allows the comparison of data privacy and supports the development of a data integration process for international harmonisation.

scholarly journals A Lightweight Blockchain-Based IoT Identity Management Approach

2021 ◽  
Vol 13 (2) ◽  
pp. 24
Author(s):  
Mohammed Amine Bouras ◽  
Qinghua Lu ◽  
Sahraoui Dhelim ◽  
Huansheng Ning
Keyword(s):  
Identity Management ◽  
Single Point ◽  
Data Access ◽  
Emerging Technology ◽  
Management Approach ◽  
Proof Of Concept ◽  
Data Access Control ◽  
And Storage ◽  
Privacy Issues ◽  
Centralized System

Identity management is a fundamental feature of Internet of Things (IoT) ecosystem, particularly for IoT data access control. However, most of the actual works adopt centralized approaches, which could lead to a single point of failure and privacy issues that are tied to the use of a trusted third parties. A consortium blockchain is an emerging technology that provides a neutral and trustable computation and storage platform that is suitable for building identity management solutions for IoT. This paper proposes a lightweight architecture and the associated protocols for consortium blockchain-based identity management to address privacy, security, and scalability issues in a centralized system for IoT. Besides, we implement a proof-of-concept prototype and evaluate our approach. We evaluate our work by measuring the latency and throughput of the transactions while using different query actions and payload sizes, and we compared it to other similar works. The results show that the approach is suitable for business adoption.

scholarly journals The Impact of Operating System on Bandwidth in Open VPN Technology

2016 ◽  
Vol 13 (1) ◽  
pp. 204-211
Author(s):  
Baghdad Science Journal
Keyword(s):  
Operating System ◽  
Operating Systems ◽  
Data Privacy ◽  
The Internet ◽  
Sensitive Data ◽  
Privacy And Security ◽  
Basic Source ◽  
Basic Functions ◽  
And Performance ◽  
The Impact

The internet is a basic source of information for many specialities and uses. Such information includes sensitive data whose retrieval has been one of the basic functions of the internet. In order to protect the information from falling into the hands of an intruder, a VPN has been established. Through VPN, data privacy and security can be provided. Two main technologies of VPN are to be discussed; IPSec and Open VPN. The complexity of IPSec makes the OpenVPN the best due to the latter’s portability and flexibility to use in many operating systems. In the LAN, VPN can be implemented through Open VPN to establish a double privacy layer(privacy inside privacy). The specific subnet will be used in this paper. The key and certificate will be generated by the server. An authentication and key exchange will be based on standard protocol SSL/TLS. Various operating systems from open source and windows will be used. Each operating system uses a different hardware specification. Tools such as tcpdump and jperf will be used to verify and measure the connectivity and performance. OpenVPN in the LAN is based on the type of operating system, portability and straightforward implementation. The bandwidth which is captured in this experiment is influenced by the operating system rather than the memory and capacity of the hard disk. Relationship and interoperability between each peer and server will be discussed. At the same time privacy for the user in the LAN can be introduced with a minimum specification.

scholarly journals Improving the data access control using blockchain for healthcare domain

F1000Research ◽  
2021 ◽  
Vol 10 ◽  
pp. 901
Author(s):  
Olaosebikan Tahir Yinka ◽  
Su-Cheng Haw ◽  
Timothy Tzen Vun Yap ◽  
Samini Subramaniam
Keyword(s):  
Big Data ◽  
Identity Management ◽  
Performance Metrics ◽  
Data Access ◽  
Data Access Control ◽  
Proposed Model ◽  
Big Data Technologies ◽  
Access To Data ◽  
Authorization Control ◽  
Privacy Issues

Introduction: Unauthorized access to data is one of the most significant privacy issues that hinder most industries from adopting big data technologies. Even though specific processes and structures have been put in place to deal with access authorization and identity management for large databases nonetheless, the scalability criteria are far beyond the capabilities of traditional databases. Hence, most researchers are looking into other solutions, such as big data management. Methods: In this paper, we firstly study the strengths and weaknesses of implementing cryptography and blockchain for identity management and authorization control in big data, focusing on the healthcare domain. Subsequently, we propose a decentralized data access and sharing system that preserves privacy to ensure adequate data access management under the blockchain. In addition, we designed a blockchain framework to resolve the decentralized data access and sharing system privacy issues, by implementing a public key infrastructure model, which utilizes a signature cryptography algorithm (elliptic curve and signcryption). Lastly, we compared the proposed blockchain model to previous techniques to see how well it performed. Results: We evaluated the blockchain on four performance metrics which include throughput, latency, scalability, and security. The proposed blockchain model was tested using a sample of 5000 patients and 500,000 observations. The performance evaluation results further showed that the proposed model achieves higher throughput and lower latency compared to existing approaches when the workload varies up to 10,000 transactions. Discussion: This research reviews the importance of blockchains as they provide infinite possibilities to individuals, companies, and governments.

scholarly journals Mobile Research Applications and State Data Protection Statutes

2020 ◽  
Vol 48 (S1) ◽  
pp. 87-93
Author(s):  
Stacey A. Tovino
Keyword(s):  
Data Protection ◽  
Data Security ◽  
Health Research ◽  
Data Privacy ◽  
District Of Columbia ◽  
Research Data ◽  
Mobile App ◽  
Data Breach ◽  
Privacy And Security ◽  
State Data

This article focuses on state privacy, security, and data breach regulation of mobile-app mediated health research, concentrating in particular on research studies conducted or participated in by independent scientists, citizen scientists, and patient researchers. Prior scholarship addressing these issues tends to focus on the lack of application of the HIPAA Privacy and Security Rules and other sources of federal regulation. One article, however, mentions state law as a possible source of privacy and security protections for individuals in the particular context of mobile app-mediated health research. This Article builds on this prior scholarship by: (1) assessing state data protection statutes that are potentially applicable to mobile app-mediated health researchers; and (2) suggesting statutory amendments that could better protect the privacy and security of mobile health research data. As discussed in more detail below, all fifty states and the District of Columbia have potentially applicable data breach notification statutes that require the notification of data subjects of certain informational breaches in certain contexts. In addition, more than two-thirds of jurisdictions have potentially applicable data security statutes and almost one-third of jurisdictions have potentially applicable data privacy statutes. Because all jurisdictions have data breach notification statutes, these statutes will be assessed first.

scholarly journals Review: Big Data Privacy and Security Risk and Solutions

2021 ◽  
pp. 85-94
Author(s):  
Madhavi Tota
Keyword(s):  
Big Data ◽  
Data Privacy ◽  
High Efficiency ◽  
Data Access ◽  
Database Systems ◽  
Mobile Internet ◽  
Security Measures ◽  
Security Risk ◽  
Privacy And Security ◽  
Big Data Privacy

Big Data is very dynamic issues in the current year, enables computing resources as a data to be provided as Information Technology services with high efficiency and effectiveness. The high amount of data in world is growing day by day. Data is growing very rapidly because of use of internet, smart phone and social network. Now size of the data is in Petabyte and Exabyte. Traditional database systems are not able to capture, store and analyze this large amount of data. In the digital and computing world, information is generated and collected at a rate that rapidly exceeds the limits. However, the current scenario the growth rate of such large data creates number of challenges, such as the fast growth of data, access speed, diverse data, and security. This paper shows the fundamental concepts of Big Data. Privacy threats and security methods used in Big Data. With the development of various research application and recourses of Internet/Mobile Internet, social networks, Internet of Things, big data has become the very important topic of research across the world, at the same time, big data has security risks and privacy protection during different stages such as collecting, storing, analyzing and utilizing. This paper introduces security measures of big data, then proposes the technology to solve the security threats.

scholarly journals Improving the data access control using blockchain for healthcare domain

F1000Research ◽  
2021 ◽  
Vol 10 ◽  
pp. 901
Author(s):  
Olaosebikan Tahir Yinka ◽  
Su-Cheng Haw ◽  
Timothy Tzen Vun Yap ◽  
Samini Subramaniam
Keyword(s):  
Big Data ◽  
Identity Management ◽  
Performance Metrics ◽  
Data Access ◽  
Data Access Control ◽  
Proposed Model ◽  
Big Data Technologies ◽  
Access To Data ◽  
Authorization Control ◽  
Privacy Issues

Introduction Unauthorized access to data is one of the most significant privacy issues that hinder most industries from adopting big data technologies. Even though specific processes and structures have been put in place to deal with access authorization and identity management for large databases nonetheless, the scalability criteria are far beyond the capabilities of traditional databases. Hence, most researchers are looking into other solutions, such as big data management. Methods In this paper, we firstly study the strengths and weaknesses of implementing cryptography and blockchain for identity management and authorization control in big data, focusing on the healthcare domain. Subsequently, we propose a decentralized data access and sharing system that preserves privacy to ensure adequate data access management under the blockchain. In addition, we designed a blockchain framework to resolve the decentralized data access and sharing system privacy issues, by implementing a public key infrastructure model, which utilizes a signature cryptography algorithm (elliptic curve and signcryption). Lastly, we compared the proposed blockchain model to previous techniques to see how well it performed. Results We evaluated the blockchain on four performance metrics which include throughput, latency, scalability, and security. The proposed blockchain model was tested using a sample of 5000 patients and 500,000 observations. The performance evaluation results further showed that the proposed model achieves higher throughput and lower latency compared to existing approaches when the workload varies up to 10,000 transactions. Discussion This research reviews the importance of blockchains as they provide infinite possibilities to individuals, companies, and governments.

scholarly journals Improving the data access control using blockchain for healthcare domain

F1000Research ◽  
2021 ◽  
Vol 10 ◽  
pp. 901
Author(s):  
Olaosebikan Tahir Yinka ◽  
Su-Cheng Haw ◽  
Timothy Tzen Vun Yap ◽  
Samini Subramaniam
Keyword(s):  
Big Data ◽  
Identity Management ◽  
Performance Metrics ◽  
Data Access ◽  
Data Access Control ◽  
Proposed Model ◽  
Big Data Technologies ◽  
Access To Data ◽  
Authorization Control ◽  
Privacy Issues

Introduction: Unauthorized access to data is one of the most significant privacy issues that hinder most industries from adopting big data technologies. Even though specific processes and structures have been put in place to deal with access authorization and identity management for large databases nonetheless, the scalability criteria are far beyond the capabilities of traditional databases. Hence, most researchers are looking into other solutions, such as big data management. Methods: In this paper, we firstly study the strengths and weaknesses of implementing cryptography and blockchain for identity management and authorization control in big data, focusing on the healthcare domain. Subsequently, we propose a decentralized data access and sharing system that preserves privacy to ensure adequate data access management under the blockchain. In addition, we designed a blockchain framework to resolve the decentralized data access and sharing system privacy issues, by implementing a public key infrastructure model, which utilizes a signature cryptography algorithm (elliptic curve and signcryption). Lastly, we compared the proposed blockchain model to previous techniques to see how well it performed. Results: We evaluated the blockchain on four performance metrics which include throughput, latency, scalability, and security. The proposed blockchain model was tested using a sample of 5000 patients and 500,000 observations. The performance evaluation results further showed that the proposed model achieves higher throughput and lower latency compared to existing approaches when the workload varies up to 10,000 transactions. Discussion: This research reviews the importance of blockchains as they provide infinite possibilities to individuals, companies, and governments.

scholarly journals Comprehensive Study of Security and Privacy of Emerging Non-Volatile Memories

2021 ◽  
Vol 11 (4) ◽  
pp. 36
Author(s):  
Mohammad Nasim Imtiaz Khan ◽  
Swaroop Ghosh
Keyword(s):  
Data Privacy ◽  
New Technologies ◽  
Spin Transfer Torque ◽  
Main Memory ◽  
Security And Privacy ◽  
System Level ◽  
System Throughput ◽  
Privacy And Security ◽  
Von Neumann ◽  
Privacy Issues

Several promising non-volatile memories (NVMs) such as magnetic RAM (MRAM), spin-transfer torque RAM (STTRAM), ferroelectric RAM (FeRAM), resistive RAM (RRAM), and phase-change memory (PCM) are being investigated to keep the static leakage within a tolerable limit. These new technologies offer high density and consume zero leakage power and can bridge the gap between processor and memory. The desirable properties of emerging NVMs make them suitable candidates for several applications including replacement of conventional memories. However, their unique characteristics introduce new data privacy and security issues. Some of them are already available in the market as discrete chips or a part of full system implementation. They are considered to become ubiquitous in future computing devices. Therefore, it is important to ensure their security/privacy issues. Note that these NVMs can be considered for cache, main memory, or storage application. They are also suitable to implement in-memory computation which increases system throughput and eliminates von Neumann bottleneck. Compute-capable NVMs impose new security and privacy challenges that are fundamentally different than their storage counterpart. This work identifies NVM vulnerabilities and attack vectors originating from the device level all the way to circuits and systems, considering both storage and compute applications. We also summarize the circuit/system-level countermeasures to make the NVMs robust against security and privacy issues.

Sign in / Sign up

Export Citation Format

Share Document