Showing papers on "Information privacy published in 2001"

Protecting respondents identities in microdata release

Abstract: Today's globally networked society places great demands on the dissemination and sharing of information. While in the past released information was mostly in tabular and statistical form, many situations call for the release of specific data (microdata). In order to protect the anonymity of the entities (called respondents) to which information refers, data holders often remove or encrypt explicit identifiers such as names, addresses, and phone numbers. Deidentifying data, however, provides no guarantee of anonymity. Released information often contains other data, such as race, birth date, sex, and ZIP code, that can be linked to publicly available information to reidentify respondents and inferring information that was not intended for disclosure. In this paper we address the problem of releasing microdata while safeguarding the anonymity of respondents to which the data refer. The approach is based on the definition of k-anonymity. A table provides k-anonymity if attempts to link explicitly identifying information to its content map the information to at least k entities. We illustrate how k-anonymity can be provided without compromising the integrity (or truthfulness) of the information released by using generalization and suppression techniques. We introduce the concept of minimal generalization that captures the property of the release process not distorting the data more than needed to achieve k-anonymity, and present an algorithm for the computation of such a generalization. We also discuss possible preference policies to choose among different minimal generalizations.

Consumer Perceptions of Privacy and Security Risks for Online Shopping

Abstract: Government and industry organizations have declared information privacy and security to be major obstacles in the development of consumer-related e-commerce. Risk perceptions regarding Internet privacy and security have been identified as issues for both new and experienced users of Internet technology. 'This paper explores risk perceptions among consumers of varying levels of Internet experience and how these perceptions relate to online shopping activity. Findings provide evidence of hypothesized relationships among consumers' levels of Internet experience, the use of alternate remote purchasing methods (such as telephone and mail-order shopping), the perceived risks of online shopping, and online purchasing activity. Implications for online commerce and consumer welfare are discussed. The Internet has grown considerably during the past decade, particularly with respect to its use as a tool for communication, entertainment, and marketplace exchange. This rapid growth has been accompanied, however, by concerns regarding the collection and dissemination of consumer information by marketers who participate in online retailing. These concerns pertain to the privacy and security of accumulated consumer data (Briones 1998; Culnan 1999) and the perceived risks that consumers may experience with respect to these issues (Ernst & Young 1999; Milne and Boza 1999; Milne 2000). Consumers' perceived risks associated with online retailing have received limited attention despite their implications for e-commerce. Although some early research suggests that risk perceptions may play a minor role in the adoption of online shopping (Jarvenpaa and Todd 1996-97), several recent industry and government-related studies (e.g., Culnan 1999; Federal Trade Commission (FTC) 1998b, 1998d, 2000) have deemed consumer risk perceptions to be a primary obstacle to the future growth of online commerce. Many involved in online retailing assume that time alone will dissolve consumer concerns regarding the privacy and security of online shopping, yet others argue that greater Internet experience and more widespread publicity of the potential risks of online shopping will lead to increased risk perceptions. To date, no known research has investigated whether higher levels of Internet experience are related to higher or lower levels of perceived risks and concerns regarding the privacy and security of online shopping. Thus, presented here are the results of a study that explores the relationships among Internet experience levels, risk perceptions, and online purchasing rates. This study begins with an examination of Internet users' concerns and perceived risk regarding online shopping. The next area to be examined is how general experience with the Internet and other more-established remote purchasing methods relates to risk perceptions and online purchase rates. Finally, implications for online retailers are discussed with consideration of policy issues surrounding privacy and security on the Internet. PRIVACY AND SECURITY OF ONLINE CONSUMER INFORMATION Statistics and data regarding the growth of the Internet [1] have been widely cited in the popular press. Recent accounts report that over half (52%) of American adults use the Internet, which is twice as many as in mid-1997 (Sefton 2000). Moreover, approximately half of current Internet users have purchased products or services online (Sefton 2000), with average per capita online expenditures exceeding $1,200 in 1999 (Ernst & Young 2000). Looking toward the near future, Ernst & Young (2000) reports that 79 percent of nonbuyers plan to purchase via the Internet during the next twelve months, resulting in online sales of $45 to $50 billion. The issues of privacy and security have been labeled by government and consumer organizations as two major concerns of e-commerce (Briones 1998; CLI 1999; CNN 2000; Consumer Reports Online 1998; FTC 1998a, 2000; Folkers 1998; Judge 1998; Machrone 1998; National Consumers League 1999). …

Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems

Abstract: This paper tries to serve as an introductory reading to privacy issues in the field of ubiquitous computing. It develops six principles for guiding system design, based on a set of fair information practices common in most privacy legislation in use today: notice, choice and consent, proximity and locality, anonymity and pseudonymity, security, and access and recourse. A brief look at the history of privacy protection, its legal status, and its expected utility is provided as a background.

Privacy and security concerns as major barriers for e‐commerce: a survey study

Abstract: The public lack of confidence in online information technology (IT) is not merely about security of value, but also about trust in the information society. Privacy and security concerns are the number one reason Web users are not purchasing over the Web. Proposes to investigate the privacy and security concerns of IT users in order to establish a consensus among them. Uses data from 158 participants to come to a conclusion that the following major concerns (in the descending of importance) exist: privacy, security and threats, impersonation and forged identity, children protection, e‐mail safety, and censorship. The results also show that privacy and security concerns are the main impediment to shopping on the Internet. The implication is that the successful organizations will be those who expend their resources and efforts to ensure that IT users’ concerns are adequately addressed.

Privacy-preserving cooperative statistical analysis

Abstract: The growth of the Internet opens up tremendous opportunities for cooperative computation, where the answer depends on the private inputs of separate entities. Sometimes these computations may occur between mutually untrusting entities. The problem is trivial if the context allows the conduct of these computations by a trusted entity that would know the inputs from all the participants; however if the context disallows this then the techniques of secure multiparty computation become very relevant and can provide useful solutions. Statistical analysis is a widely used computation in real life, but the known methods usually require one to know the whole data set; little work has been conducted to investigate how statistical analysis could be performed in a cooperative environment, where the participants want to conduct statistical analysis on the joint data set, but each participant is concerned about the confidentiality of its own data. We have developed protocols for conducting the statistical analysis in such a cooperative environment based on a data perturbation technique and cryptography primitives.

Software security and privacy risks in mobile e-commerce

Abstract: Most current e-commerce transactions are conducted by users in fixed locations using workstations and personal computers. Soon, we expect a significant portion of e-commerce will take place via wireless, Internet-enabled devices such as cellular phones and personal digital assistants. Wireless devices provide users mobility to research, communicate, and purchase goods and services from anywhere at anytime without being tethered to the desktop. Using the Internet from wireless devices has come to be known as mobile e-commerce, or simply “m-commerce,” and encompasses many more activities than merely online purchasing. One of the major wireless applications is Web access for retrieval of real-time information such as weather reports, sport scores, flight and reservation information, navigational maps, and stock quotes. While email will continue to dominate wireless applications, innovative online applications that, for instance, use location reference information of end users will drive new areas of mobile e-business growth. Strategy Analytics, among other market research groups, predicts that by 2004 there will be over one TE R Y M IU R A

A system and method for establishing a privacy communication path

Abstract: The invention relates to a Privacy Infrastructure Platform that provides a solution for privacy enabling communication and secures trade of both electronic and physical goods and services. Through user-controlled Communication Rules including an Access Control Filter and a Dynamic Routing service the individual is in control of communication and enables a universal user-controlled Opt-In filter for SPAM protection. The invention builds a support for Privacy Enabling the full value chain from the original supplier to the consumer. In addition the invention can support trade across existing standard barriers supporting standard conversion, government reporting and existing and future eCommerce standards such as EDIFACT, OFX, OBI and CBL. Privacy is established using a principle of multiple non-linkable pseudonyms or Virtual Identities (VID) combined with intermediation of on- and offline communication channels.

Privacy and security: an ethical analysis

Abstract: During the past decade, Canadian information highway policy and e-commerce strategy underwent a tremendous amount of policy, academic, and national and international debate. There was, however, no substantive philosophical justification of privacy as a human right beyond its prima facie link with human dignity and autonomy. On what philosophical ground, however, ought legislation seek to instantiate physical privacy, privacy of personal information, freedom from surveillance, privacy of personal communications, and privacy of personal space into public policy? The philosophical meaning of privacy as a social value has also gone undeveloped in information policy documents. The government has called upon academics for \"open commtmication and dialogue\" on how best to protect personal information in the private sector, and how best to think about the ethical and policy implications of privacy, security, and new surveillance technologies. Fair infbrmation principles appropriate for database forms of surveillance np to last decade, are necessary but insufficient for deciding whether a given means of data collection is ethically acceptable (Marx, 1999). Bill C-6 attempts to strike the right balance between the business need to gather, store, and use personal information, and the consumer need to be informed about how that information will be used and protected. The cryptography policy framework for e-commerce seeks to balance the legitimate use and flow of digital data, with privacy and civil and hmnan rights concerns and law enforcement and national security interests. And yet, how may we best achieve ethical balance? What are the limits of legal rights for coping with radically new privacy and security challenges?

Privacy risks in recommender systems

Abstract: Recommender system users who rate items across disjoint domains face a privacy risk analogous to the one that occurs with statistical database queries.

Information Privacy and Marketing: What the U.S. Should (and Shouldn't) Learn from Europe:

Abstract: The U.S. and Europe exhibit very different approaches to information privacy—a condition of limited access to identifiable information about individuals—from both regulatory and managerial perspectives. Grounded in different cultural values and assumptions about the meaning of privacy (a 99human rights" issue in Europe versus a contractual issue in the U.S.), these differences have led to regulatory and managerial conflicts. In this article, the differences between the two approaches are explored. U.S. corporations would be well served to embrace some of the premises of the European perspective. However, the U.S. would be poorly served by the creation of a federal regulatory structure such as some commonly found in Europe.

Concepts for personal location privacy policies

Abstract: A Location Based Service (LBS) is a service where knowledge of the location of an object or individual is used to personalise the service. Typical examples include the E911 emergency location service in the US and 'Where is the nearest xx' type of services. However, since these services often may be implemented in a way that exposes sensitive personal information, there are several privacy issues to consider. A key question is: "Who should have access to what location information under which circumstances?It is our view that individuals should be equipped with tools to become in the position to formulate their own personal location privacy policies, subject to applicable rules and regulations.This paper identifies concepts that may be useful when formulating such policies. The key concept is that of an observation of a located object. An observation typically includes the location, the identity of the object, the time the observation was made and the speed of the object. The idea is that the individual should be able to adjust the accuracy at which these observations are released depending on parameters such as the intended use and the identity of the recipient.We provide fragments of a language for formulating personal location privacy policies and give some small examples illustrating the kind of policies that we have in mind.

Privacy protection, control of information, and privacy-enhancing technologies

Abstract: The present study is organized into two main parts. In Part I, we respond to a recent criticism that the restricted access theoryofprivacydoes not adequately explain the role that control of personal information plays in protecting one's priva~ In defending a version of the restricted access theory, we put forth a tripartite model that differentiates the concq~tofprivacyfrom both the justification and the management of privacy. This-distinction is important, we argue, because it enables us to avoid conflafing the concept of privacy which we define in terms of protection from intrusion and information gathering [Moor 1990; 1997], from the concept of control, which (a) is used to justifi/ the flaming of polities that provide privacy prrotection and (b) is essential to the management ofptivac~ Separating privacy from control is necessa~ we further argue, to preserve the identityofboth notions. After showingwhy the notion of individual control, as expressed in three different ways-choice, consent, and correction--plays an important role in the management ofpriva~ we conclude Part I with an account of why individual controls alone are not sufficient to guarantee the protection nfpersonal privacy and why certain external controls, such as those provided by privacy polities, are also needed. To illustrate some of the key points made in the first part of this essay we consider examples ofptivacy-enhancing technologies (or PETs) in Part II. We argue that even if PETs provide individuals with a means of controlling their personal information, these tools do not necessarily ensure privacy protection. Became PETs do not provide online users with a zone of privacy protection that incorporates external controls, i.e., controls beyond those at the individual level, we condude that the use of PETs can actually blur the need for privacy protection, rather than provide it.

Standards for Privacy of Individually Identifiable Health Information

Abstract: This rule includes standards to protect the privacy of individually identifiable health information. The rules below, which apply to health plans, health care clearinghouses, and certain health care providers, present standards with respect to the rights of individuals who are the subjects of this information, procedures for the exercise of those rights, and the authorized and required uses and disclosures of this information. The use of these standards will improve the efficiency and effectiveness of public and private health programs and health care services by providing enhanced protections for individually identifiable health information. These protections will begin to address growing public concerns that advances in electronic technology and evolution in the health care industry are resulting, or may result in, a substantial erosion of the privacy surrounding individually identifiable health information maintained by health care providers, health plans and their administrative contractors. This rule implements the privacy requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996.

IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms

Abstract: Privacy in the Global Information Society.- IT-Security.- Privacy-Enhancing Technologies.- A Task-Based Privacy Model.- Specification and Implementation of the Privacy Policy Following the Generalised Framework for Access Control- Approach.- Concluding Remarks.- Appendix A: Formal Mathematical Privacy Model.- Appendix B: Implementation of a Hospital Scenario as a Demonstration Example.

Analysis of internet users' level of online privacy concerns

Abstract: As the Internet permeates almost every aspect of our daily lives, some argue that the benefits of its use are diminished by threats to personal privacy. Privacy concern is a desire to keep personal information out of the hands of others. Online privacy is becoming an increasingly important policy issue as consumer groups rally to protect what they perceive to be basic privacy rights whereas others argue for freedom of information. This article presents an overview of the literature on privacy studies and examines survey results relating to Internet users’ demographic characteristics using data from 1998 online Internet surveys conducted at the Graphics, Visualization, and Usability Center at the Georgia Institute of Technology. Results indicate that there are small differences among degrees of Internet privacy concerns across groups divided by sex, education level, income level, and race, with all groups preferring privacy to convenience.

Privacy in Multimedia Communications: Protecting Users, Not Just Data

Abstract: As the use of ubiquitous multimedia communication increases so do the privacy risks associated with widespread accessibility and utilisation of data generated by such applications. Most invasions of privacy are not intentional but due to designers inability to anticipate how this data could be used, by whom, and how this might affect users. This paper addresses the problem by providing a model of user perceptions of privacy in multimedia environments. The model has been derived from an analysis of empirical studies conducted by the authors and other researchers and aids designers to determine which information users regard as private, and in which context It also identifies trade-offs that users are willing to make rendering some privacy risks acceptable. To demonstrate how this model can be used to assess the privacy implications of multimedia communications in a specific context, an example of the models application for a specific usage scenario is provided.

Privacy and Power: Computer Databases and Metaphors for Information Privacy

Abstract: Journalists, politicians, jurists, and legal academics often describe the privacy problem created by the collection and use of personal information through computer databases and the Internet with the metaphor of Big Brother - the totalitarian government portrayed in George Orwell's Nineteen Eighty-Four. Professor Solove argues that this is the wrong metaphor. The Big Brother metaphor as well as much of the law that protects privacy emerges from a longstanding paradigm for conceptualizing privacy problems. Under this paradigm, privacy is invaded by uncovering one's hidden world, by surveillance, and by the disclosure of concealed information. The harm caused by such invasions consists of inhibition, self-censorship, embarrassment, and damage to one's reputation. Privacy law has developed with this paradigm in mind, and consequently, it has failed to adapt to grapple effectively with the database problem. Professor Solove argues that the Big Brother metaphor merely reinforces this paradigm and that the problem is better captured by Franz Kafka's The Trial. Understood with the Kafka metaphor, the problem is the powerlessness, vulnerability, and dehumanization created by the assembly of dossiers of personal information where individuals lack any meaningful form of participation in the collection and use of their information. Professor Solove illustrates that conceptualizing the problem with the Kafka metaphor has profound implications for the law of information privacy as well as which legal approaches are taken to solve the problem.

Healthcare data warehousing and quality assurance

Abstract: Healthcare data warehousing presents unique challenges. The industry is rife with often incompatible medical standards and coding schemes that require careful translation. Healthcare data comes from many sources and is delivered in many forms, including published books, individual spreadsheets, and several tape or data formats. Results derived from a healthcare data warehouse must be delivered in accessible form to diverse stakeholders, including healthcare regulators, physicians, hospital administrators, consumers, community activists, and members of the popular press. The industry's widely decentralized and largely autonomous data collection efforts make data quality a significant challenge. Finally, the sensitivity of healthcare data makes privacy and security issues paramount. Healthcare data warehousing will make rigorous, quantitative information available to healthcare decision makers. The authors describe a fully functional healthcare data warehouse used to produce several reports for communities throughout Florida. Building on this work, they're actively pursuing a research agenda to enhance technical data warehousing capabilities while investigating innovative community and clinical healthcare applications.

Targeted Advertising ... And Privacy Too

Abstract: The Web presents a rich and powerful tool for aggregation of consumer information. A flurry of recent articles in the popular press has documented aggressive manipulation of such information by some companies for the purposes of targeted advertising. While advertisers tout the economic and social benefits of such advertising, consumer privacy groups have expressed grave concerns about its potential abuses, and called for legislative policies to protect sensitive consumer data. In this paper, we explore the notion that targeted advertising and privacy protection need not necessarily be conflicting goals. We describe some conceptually simple technical schemes that facilitate targeted advertising, but also offer protection for sensitive consumer data. Some simple proposals do not even require the use of cryptography. (As an example, we mention an existing scheme in commercial deployment.) We also consider some more sophisticated protocols offering greater assurance of privacy. These involve cryptographic constructions that may be thought of as partial, practical PIR (private information retrieval) schemes.

Privacy and confidentiality of genetic information: what rules for the new science?

Abstract: This review covers the ethical, legal, and policy issues associated with the generation and dissemination of genetic information. First, conceptual issues, such as the definition of terms and the description of two modes of analysis, are addressed. Research findings on public attitudes toward privacy and genetics and other factors relevant to policy making are also reviewed. Second, the example of genetic research is used to highlight the importance of attention to the intrinsic harms associated with violations of genetic privacy. Subtopics include national databases and biobanks, gene brokers, and pharmacogenomics. Third, the example of insurer access to genetic information is used to highlight the importance of attention to discrimination and other instrumental harms associated with failures of regulation. Fourth, a summary of the preceding sections leads into an outline of a program for realizing the benefits of the new science in a manner that affirms rather than erodes privacy and other important values.

Security implications of typical Grid Computing usage scenarios

Abstract: A Computational Grid is a collection of heterogeneous computers and resources spread across multiple administrative domains with the intent of providing users easy access to these resources. There are many ways to access the resources of a Computational Grid, each with unique security requirements and implications for both the resource user and the resource provider. A comprehensive set of Grid usage scenarios is presented and analyzed with regard to security requirements such as authentication, authorization, integrity, and confidentiality. The main value of these scenarios and the associated security discussions is to provide a library of situations against which an application designer can match, thereby facilitating security-aware application use and development from the initial stages of the application design and invocation. A broader goal of these scenarios is to increase the awareness of security issues in Grid Computing. The purpose of this paper is to review the various Grid usage scenarios and analyze their security requirements and implications.

Tailoring Privacy to Users' Needs

Abstract: This article discusses how the deployment of personalized systems is affected by users' privacy concerns and by privacy legislation. It shows that these impacts are substantial and will require a significant enhancement of current systems. Basic requirements can already be met with existing technology. Most privacy laws however also impose demands that call for new technologies that still need to be researched. A central conclusion of the paper is that a uniform solution for privacy demands does not exist since both user preferences and legal stipulations are too heterogeneous. Instead, privacy will have to be dynamically tailored to each individual user's needs, and to the jurisdiction at both the location of the personalized system and that of the user.

Privacy and the Information Age

Abstract: Chapter 1 Introduction Chapter 2 Privacy's Complexities Chapter 3 The Law on Privacy Chapter 4 Ambiguous Privacy Chapter 5 Privacy Endangered Chapter 6 Privacy and the Processing of Personal Data Chapter 7 Conclusion Chapter 8 Appendix: The European Community Directive on Personal Data Chapter 9 Bibliography Chapter 10 Index

Human Rights and Patients’ Privacy in UK Hospitals

Abstract: The European Convention on Human Rights has been incorporated into UK domestic law. It gives many rights to patients within the National Health Service (NHS). This article explores the concept of patients' right to privacy. It stresses that privacy is a basic human right, and that its respect by health professionals is vital for a patient's physical, mental, emotional and spiritual well-being. I argue that health professionals can violate patients' privacy in a variety of ways. For example: the right to enjoy their property; the right to protect their medical and personal information as confidential; the right to expect treatment with dignity during intimate care; and the right to control their personal space and territory. Some preliminary evidence indicates that many health care practitioners, including nurses, are presently unaware of the articles of the Convention and the implications of the Human Rights Act 1998. In order to prevent litigation for breaches of patients' privacy, it is advocated that universities and other educational institutions, the Government and NHS trusts should help to produce a clear educational strategy and protocols so that students and practitioners are well informed in this field. Although 41 European countries are presently the signatories of the European Convention on Human Rights, including the UK, it is important to stress that the principles discussed in this article are applicable world-wide.

Online relationships and the consumer’s right to privacy

Abstract: With the astounding growth of the Internet, the potential threats to consumer privacy have grown exponentially. Much of the threat lies hidden beneath the view of the average consumer. Information technology makes collecting potentially sensitive information automatic and unseen. Indeed, it is the job of marketers to collect salient information to ensure refining products and services to foster consumer satisfaction. The paper explores the issues surrounding the protection of consumer privacy and delineates a means by which the interests of both consumers and the organizations that serve them can be enhanced while protecting consumer privacy.

Protecting genetic privacy

Abstract: This article outlines the arguments for and against new rules to protect genetic privacy. We explain why genetic information is different to other sensitive medical information, why researchers and biotechnology companies have opposed new rules to protect genetic privacy (and favour anti-discrimination laws instead), and discuss what can be done to protect privacy in relation to genetic-sequence information and to DNA samples themselves.

Securing the wireless internet

Abstract: Internet-enabled wireless devices continue to proliferate and are expected to surpass traditional Internet clients in the near future. This has opened up exciting new opportunities in the mobile e-commerce market. However, data security and privacy remain major concerns in the current generation of "wireless Web" offerings. All such offerings today use a security architecture that lacks end-to-end security. This unfortunate choice is driven by perceived inadequacies of standard Internet security protocols like SSL on less capable CPUs and low-bandwidth wireless links. This article presents our experiences in implementing and using standard security mechanisms and protocols on small wireless devices. We have created new classes for the Java 2 Micro-Edition platform that offer fundamental cryptographic operations such as message digests and ciphers as well as higher level security protocols like SSL. Our results show that SSL is a practical solution for ensuring end-to-end security of wireless Internet transactions even within today's technological constraints.

Business privacy in the electronic marketplace

Abstract: A method for controlling an exchange of information between a first party and a second party includes receiving from the first party a set of one or more privacy preferences, indicating restrictions to be placed on use of specified items of the information to be disclosed by the first party, and receiving from the second party a description of a privacy policy, indicating undertakings by the second party with regard to restricting the use of the specified items of the information. The compatibility of the privacy preferences with the privacy policy is assessed. If the privacy preferences and the privacy policy are found to be incompatible, a negotiation is brokered with at least one of the first and the second parties so as to bring the privacy preferences and the privacy policy into mutual compatibility. The formation is provided from the first party to the second party only when the privacy preferences and the privacy policy are found to be compatible.