scispace - formally typeset
Search or ask a question

Showing papers on "Information privacy published in 1989"


Journal ArticleDOI
TL;DR: Patients' perceptions of the meaning of privacy within the physician-patient dyad are examined, and confidentiality is cast as a topic within both the informational and psychological realms of privacy.

81 citations



Proceedings ArticleDOI
01 May 1989
TL;DR: A framework is presented which allows security policies to be expressed in the context of the enterprise whose needs the trusted system is intended to serve and some possible applications are used to indicate how security policies affect design decision-making, security policy conflict detection, and security risk evaluation.
Abstract: The authors first describe some issues that arise from the interplay between the security requirements for an integrated project support environment (IPSE) for the development of a trusted system, and the security requirements of the trusted system itself. All of these issues derive from security policy and the modeling of security policy. A framework is then presented which allows security policies to be expressed in the context of the enterprise whose needs the trusted system is intended to serve. Finally some possible applications of the framework are used to indicate how security policies affect design decision-making, security policy conflict detection, and security risk evaluation. >

37 citations



Journal ArticleDOI

34 citations


Book
01 Jan 1989
TL;DR: The authors examines trends that affect citizen's privacy, now that computer files with information on credit and overall financial status are easily accessible, and not always accurate, and discusses the need for balance between the privacy interests of individuals and the financial interests of large institutions, who may benefit from these files in locating those trying to cheat the system.
Abstract: This book examines trends that affect citizen's privacy, now that computer files with information on credit and overall financial status are easily accessible, and not always accurate. The unregulated use of individuals' computer files is a serious challenge to the values that underlie this country's social political well-being. The book discusses the need for balance between the privacy interests of individuals and the financial interests of large institutions, who may benefit from these files in locating those trying to cheat the system. It also examines the problem of protecting personal privacy, and what can be done at government levels.

23 citations


Proceedings ArticleDOI
06 Feb 1989
TL;DR: A general report is presented on an approach problem of privacy-oriented information systems, based on extensive research experiences in specifying the structure of such a system, including the underlying data model and the privacy policy, as well as on the insight gained from a prototype implementation of selected parts of the specification.
Abstract: A general report is presented on an approach problem of privacy-oriented information systems. The report is based on extensive research experiences in specifying the structure of such a system, including the underlying data model and the privacy policy, as well as on the insight gained from a prototype implementation of selected parts of the specification. The system is called DORIS (datenschutz-orientiertes informations system). While the model is basically object-oriented, it is possible conveniently to describe an application by non-first-normal-form tuples and relations, and the data-manipulation language is high-level and relational. An expression is evaluated in three stages: navigation in the set of surrogates of persons, asking for knowledge, and finally normalization, prime value processing and output preparation. A prototype implementation of selected parts of the model is based on a kernel concept. >

18 citations



Book ChapterDOI
01 Jun 1989
TL;DR: The interaction of authorities and acquaintances is studied, some pitfalls are identified, and an explicit mechanism for cooparating roles is introduced.
Abstract: The information system DORIS has been designed to support privacy as the individual's right of informational self-determination. A person can hold two kinds of rights: Authorities on roles (allowing operations) which are statically declared for groups (classes), and acquaintances (access capabilities) that are dynamically granted to persons (instances). The interaction of authorities and acquaintances is studied and some pitfalls are identified. Solutions for circumventing these pitfalls are given. Surprisingly these solutions simplify the query language. An explicit mechanism for cooparating roles is introduced. All concepts are precisely described in syntax and semantics.

8 citations



Journal ArticleDOI
TL;DR: In this paper, the authors reviewed the debate over electronic data bases and privacy, with an emphasis on the United States since the Privacy Act of 1974, and synthesized proposals that have value for the 1990s, both nationally and internationally, are synthesized.
Abstract: This article reviews the debate over electronic data bases and privacy, with an emphasis on the United States since the Privacy Act of 1974. Proposals that have value for the 1990s, both nationally and internationally, are synthesized. Some current controversies are discussed, including some of the reasons for the failure of previous privacy legislation. The way social values affect both statistical and intelligence systems is reviewed, and the debate over organizational necessity and computerization is examined. Some controversial systems and programs are described, along with suggestions designed to move closer to state-of-the-art privacy oversight.

Journal ArticleDOI
TL;DR: Although there are many legal issues associated with substance abuse testing, this presentation deals with only three areas: privacy, employee contractual concerns, and wrongful use of test results.
Abstract: Although there are many legal issues associated with substance abuse testing, this presentation deals with only three areas: privacy, employee contractual concerns, and wrongful use of test results. Privacy must be considered under the federal and state constitutional guarantees to public employees, or whether one is a private employee so as not to determine applicability. In addition, there are state and federal statutes to deal with along with private civil actions such as the tortious invasion of privacy. Under contractual relationships, courts have gone a long way from allowing termination-at-will to public policy exceptions of forensic and implied covenants and guarantees of requiring just cause before discharge. Union involvement may necessitate bargaining in the implementation of substance abuse testing. The wrongful use of test results most often leads to actions of defamation.


Journal ArticleDOI
TL;DR: The ability of privacy laws that are presently on the books to protect us from abusive information collection, dissemination, and management practices is specifically considered.
Abstract: The major federal and state laws that govern the privacy aspects of the use of computer data banks fall into three types of relationships between individuals and institutions: 1) individuals dealing with private institutions such as colleges or universities, 2) individuals interacting with state and local governments; and 3) individuals interacting with the federal government. A separate section is devoted to each of these relationships, containing assessments of the effectiveness of the legal mechanisms that mediate them. The ability of privacy laws that are presently on the books to protect us from abusive information collection, dissemination, and management practices is specifically considered.

Book
01 Jun 1989
TL;DR: Employee Privacy Law and Practice as discussed by the authors sets forth procedures, policies, and forms for guiding employees, employers, and human resource professionals in the rapidly expanding area of employee privacy issues.
Abstract: This book sets forth procedures, policies, and forms for guiding employees, employers, and human resource professionals in the rapidly expanding area of employee privacy issues. Provides an audit procedure for employers to use in evaluating employee privacy needs. Covers specific privacy interests that arise during hiring, in the workplace, and outside the workplace. Examines issues in initial contacts, employment data verification, records, medical concerns, information collection, and even outside the workplace. By the author of Employee Privacy Law and Practice.

Proceedings ArticleDOI
27 Nov 1989
TL;DR: The author explores a number of approaches and techniques for detecting, correcting, recovering from, and preventing system data integrity problems associated with security breaches, environmental hazards, human error, and system malfunction due to hardware/software defect or failure.
Abstract: The author explores a number of approaches and techniques for detecting, correcting, recovering from, and preventing system data integrity problems associated with security breaches, environmental hazards, human error, and system malfunction due to hardware/software defect or failure. He starts out with a description of some techniques for detecting compromised data integrity resulting from both fraudulent (intended) and nonfraudulent (unintended) data corruption. Emphasis is placed on three general approaches: (1) building in system quality for preventing certain of these problems, (2) placing routines into data systems for detecting problems that cannot be prevented, and (3) designing functionality into these systems for recovering from compromised integrity. The author examines how selected system features and functionality are designed to help ensure data integrity. The role of the system in assuring data integrity is examined. >


Journal ArticleDOI
TL;DR: In this paper, the authors describe an experimental project to investigate and prove the feasibility of low-cost software-based encryption suitable for local area networks (LANs) in order to provide data privacy in the short term.
Abstract: The widespread use of local area networks within commercial organisations has raised concerns about the confidentiality of information carried by such networks. The provision of data privacy ideally requires dedicated encryption chips used in conjunction with access control and authorisation mechanisms. The availability of low-cost encryption chips is several years off, but how can data be protected in the short term?. This paper describes an experimental project to investigate and prove the feasibility of low-cost software-based encryption suitable for local area networks.


Proceedings ArticleDOI
04 Dec 1989
TL;DR: Proposed modifications to the mail privacy-enhancement standards will permit files to be afforded integrity and source authentication protection in a manner compatible with current file transfer conventions.
Abstract: There is currently only limited assurance that software electronically downloaded from a central source is a faithful copy of the original software. Current Internet standards for privacy enhancement of electronic mail can also be employed to protect electronic distribution of software. The standards offer disclosure protection, source (sender) authentication, and message integrity services. However, electronic mail is a relatively inefficient means for distributing software. Proposed modifications to the mail privacy-enhancement standards will permit files to be afforded integrity and source authentication protection in a manner compatible with current file transfer conventions. >





Journal ArticleDOI
TL;DR: Basic ideas on cryptography, important cryptographic algorithms and aspects on management of cryptographic keys are given, and some fundamentals an data disclosure by unintended but physically caused emanation of signals carrying information known under the term Tempest are dealt with.

Book ChapterDOI
01 Jan 1989
TL;DR: This paper deals with the legal aspects of privacy protection in relation to the introduction of automated information systems and data banks relating to the storage of medical data in computerised information systems or data banks.
Abstract: This paper deals with the legal aspects of privacy protection in relation to the introduction of automated information systems. In itself, the process of automation gives rise to several other legal problems, in addition to issues in the domain of privacy and confidentiality; the question of potential negligence or liability arising from the use of defective computer software is an example. On the other hand, also the concept of privacy protection is much broader than only the issue of data protection; in the European Convention for the Protection of Human Rights, for instance, the right to privacy is defined as everyone’s right to his private and family life, his name and his correspondence. In the following however, I will limit myself to the specific legal issues relating to the storage of medical data in computerised information systems or data banks.

Journal Article
TL;DR: This paper describes an experimental project to investigate and prove the feasibility of low-cost software-based encryption suitable for local area networks.