Privacy by Design

This chapter traces the origins of the Privacy by Design (PbD) concept and leadership by the Office of the Information and Privacy Commissioner (IPC) of Ontario, Canada, from the mid-1990s to the current day (2011), with specific attention to three major themes: The evolution of PbD from its early emphasis on information technologies, which also apply to organizational practices and processes, and to broader information eco-systems and architectures; The evolution of the need to articulate and promote a set of universal principles to help guide the design of privacy, from Fair Information Practices to PbD’s 7 Foundational Principles; An account of the evolving work of the IPC in support of the new or “enhanced” FIPs that were codified in the PbD Foundational Principles. The chapter will outline recognition for PbD received, and the challenges ahead.

User-Centric Privacy Management in Future Network Infrastructure

Finally, it is analyzed how the inclusion of IdM in business organizations can provide economical benefits. These benefits range from a reduction in resource requirements to the increment of potential clients thanks to the incorporation of the organization in an identity federation. Special attention is placed on the case where the telecommunications operator is established as the main point of identity providing, as a straightforward result of its already established trust relationships with a wide range of parties (clients and service providers).

Protecting Privacy by Secure Computation

We consider collaborative social network analysis without revealing private inputs of the participants. This problem arises in criminal investigations of federal police organization where single organizations may not reveal their data without probable cause, but the aggregation of all data entails new information, such as the entire social network structure. We present algorithms for securely computing either the entire, anonymized graph or only specific metrics for individuals. We use secure computation protocols to disclose nothing, but the output of the analysis, i.e. anything that cannot be derived from one’s input and output – including other parties’ input – remains private. We have implemented a prototype for SAP’s investigative case management system – a derivate of its customer relationship management.

Ensuring Privacy and Confidentiality in Digital Video Surveillance Systems

Starting from these ideas and concepts, this chapter aims at presenting an innovative network-based digital video surveillance solution that meets all the aforementioned security and privacy requirements ensuring that the recorded data will be only accessible to a subset of authorities, trusting each other under precisely defined policies, agreements, and circumstances. This would aid the surveillance activities, when needed, without disrupting the privacy of individuals.

Privacy Considerations for Electronic Health Records

Electronic Health Record (EHR) systems are a powerful tool for healthcare providers and patients. Both groups benefit from unified, easily accessible record management; however, EHR systems also bring new threats to patient privacy. The reach of electronic patient data extends far beyond the healthcare realm. Patients are managing their own health records through personal health record (PHR) service providers, and businesses outside of the healthcare industry are finding themselves increasingly linked to medical data. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and other regulatory measures establish baseline standards for protecting patient privacy, but the inclusion of medical images in patient records presents unique challenges. Medical images often require specialized management tools, and some medical images may reveal a patient’s identity or medical condition through re-linkage or inherent identifiability. After exploring EHR systems in-depth and reviewing health information policy, the chapter explores how privacy challenges associated with EHR systems and medical images can be mitigated through the combined efforts of technology, policy, and legislation designed to reduce the risk of re-identification.

Leveraging Access Control for Privacy Protection

Modern business environments amass and exchange a great deal of sensitive information about their employees, customers, products, et cetera, acknowledging privacy to be not only a business but also an ethical and legal requirement. Any privacy violation certainly includes some access to personal information and, intuitively, access control constitutes a fundamental aspect of privacy protection. In that respect, many organizations use security policies to control access to sensitive resources and the employed security models must provide means to handle flexible and dynamic requirements. Consequently, the definition of an expressive privacy-aware access control model constitutes a crucial issue. Among the technologies proposed, there are various access control models incorporating features designed to enforce privacy protection policies, taking mainly into account the purpose of the access, privacy obligations, as well as other contextual constraints, aiming at the accomplishment of the privacy protection requirements. This chapter studies these models, along with the aforementioned features.

A Dynamic Privacy Manager for Compliance in Pervasive Computing

In this chapter we propose a decision support system for privacy management of context-aware technologies, which requires the alignment of four dimensions: business, regulation, technology, and user behavior. We have developed a middleware model able to achieve compliance with privacy policies within a dynamic and context-aware risk management situation. We illustrate our model in more details by means of a small prototype that we developed, and we present the current outcomes of its implementation to derive some pointers for the direction of future investigation.

Privacy Protection Issues for Healthcare Wellness Clouds

Healthcare is ubiquitous in every business organization. Whether as the primary focus of the business or as a function of the well-being of a firm’s employees, health issues play a dominant role in commerce. This recognition and the demonstrated benefits of a healthy contributor or worker have promoted a rejuvenated emphasis on wellness. In order to garner the benefits of cloud computing and foster improved employee health, the Taiwan Collaboratory is developing a first instance of a Wellness Cloud, which is an integrated, interconnected, and intelligent well-being platform. As the data held in this cloud is potentially very sensitive, the protection of this data is of utmost importance. In this chapter, we present issues and solutions for protecting user data while enabling the data to be usefully processed and for value to be derived, by using advanced technology and by harnessing the cumulative knowledge or wisdom of the collective of users.

Developing Secure Business Processes

Business processes are valuable resources for enterprises to maintain their competitiveness. They are characterized by describing the set of activities that enterprises perform to reach their objectives. On the other hand, security is also an essential element in current competitiveness. Enterprises invest resources in keeping their assets protected and worry about maintaining their customers’ trust. In this way, aspects such as confidentiality, integrity, and availability are important in relation to enterprise activities. In this work, we will define business processes that incorporate the viewpoint of the business analyst regarding security. The result is a secure business process model that is used for software creation under a model-driven approach. In this work, we will show the main aspects of this proposal, taking into consideration a case study that allows us to show its applicability.

Privacy Hash Table

A number of organizations publish microdata for purposes such as public health and demographic research. Although attributes of microdata that clearly identify individuals, such as name, are generally removed, these databases can sometimes be joined with other public databases on attributes such as Zip code, Gender, and Age to re-identify individuals who were supposed to remain anonymous. These linking attacks are made easier by the availability of other complementary databases over the Internet. K-anonymity is a technique that prevents linking attacks by generalizing or suppressing portions of the released microdata so that no individual can be uniquely distinguished from a group of size k. In this chapter, we investigate a practical full-domain generalization model of k-anonymity and examine the issue of computing minimal k-anonymous solution. We introduce the hash-based technique previously used in mining associate rules and present an efficient and effective privacy hash table structure to derive the minimal solution. The experimental results show the proposed hash-based technique is highly efficient compared with the binary search method.