Protecting privacy in the cyber era

Davis, John C.

doi:10.1109/44.846270

Cited by 13 publications

(7 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the US, the Privacy Act of 1974 requires that federal agencies grant individuals access to their identifiable records that are maintained by the agency, ensure that existing information is accurate and timely, and limit the collection of unnecessary information and the disclosure of identifiable information to third parties [5]. A recent survey [10] reveals ongoing concerns of bank officers, mostly procedural, about how to handle the anticipated privacy regulations of the US Gramm-Leach-Bliley (GLB) Act, which requires financial institutions to regularly communicate privacy policies to customers and provide adequate opportunities for "opting-out" of personal information disclosure to non-affiliated third parties.…”

Section: Background and Related Workmentioning

confidence: 99%

Towards end-to-end privacy control in the outsourcing of marketing activities

Hung¹,

Chiu

Fung

et al. 2005

Proceedings of the 7th International Conference on Electronic Commerce - ICEC '05

View full text Add to dashboard Cite

With the recent adoption of marketing activities outsourcing, there have been increasing demands and concerns for privacy control. The traditional approach of a bulk transmission of the customers' information to a marketing company cannot meet such demands, especially in the finance and healthcare businesses. Therefore, we propose a layered architecture and a development methodology for end-to-end privacy control over the export of each individual customer's records through a Web services platform, according to the corresponding enterprise's privacy control policies. A Web services system, with up-dated security and privacy facilities, can provide a suitable interoperation platform for required application-to-application interactions over the Internet. We further develop a conceptual model and an interaction protocol to send only the required part of a customer's records at a time. We illustrate our approach for end-to-end privacy control with a tele-marketing case study and show how the software of the outsourced call center can be integrated effectively with the Web services of a bank to protect privacy.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Towards end-to-end privacy control in the outsourcing of marketing activities

Hung¹,

Chiu

Fung

et al. 2005

Proceedings of the 7th International Conference on Electronic Commerce - ICEC '05

View full text Add to dashboard Cite

show abstract

“…An example of how unregulated interconnection may infringe on a individual's privacy is given by Davis (2000). While the U.S. law forbids soliciting information on race and marital status by the credit issuing agencies, such information can be fairly easily obtained by the credit agency since this is contained public records (e.g.…”

Section: A Brief Overview Of the Literature On Digital Identity mentioning

confidence: 99%

A Network-Economic Policy Study of Identity Management Systems and Implications for Security and Privacy Policy

Repkine

Hwang

2004

SSRN Journal

View full text Add to dashboard Cite

Solving the problems associated with identity management in the "virtual" world is proving to be one of the keys to full realization of the economic and social benefits of networked information systems. By definition, the virtual world lacks the rich combination of sensory and contextual cues that permit organizations and individual humans interacting in the physical world to reliably identify people and authorize them to engage in certain transactions or access specific resources. Being able to determine who an online user is and what they are authorized to do thus requires an identity management infrastructure. Some of the most vexing problems associated with the Internet (the deluge of spam, the need to regulate access to certain kinds of content, securing networks from intrusion and disruption, problems of inter-jurisdictional law enforcement related to online activities, impediments to the sharing of distributed computing resources) are fundamentally the problems of identity management. And yet, efforts by organizations and governments to solve those problems by producing and consuming identity systems may create serious risks to freedom and privacy. Thus the implementation and maintenance of identity management systems raises important public policy issues.The identity management systems (the IMS-s) often tend to require more information from the consumers than would otherwise be necessary for the authentication purposes. 2The typical choice being analyzed in IMS is the one between a completely centralized or integrated system (one ID -one password, and a single sign-on) and the one comprising a plethora of (highly) specialized IMS-s (multiple ID-s and passwords).While the centralized system is the most convenient one, it is also likely to require too much personal information about the users, which may infringe on their rights to privacy and which definitely will result in serious damage should this personal information be stolen and/or abused. When more than two IMS-s interconnect (more of a practical side with various types of commercial values), they share the private information with each other, thus increasing consumers' exposure to possible information misuse. It is thus rather obvious that the public policy plays an important role to maintain the structure of identity management systems ensuring the existence of a sound balance between the authentication requirements and consumers' rights to privacy. The focus of this paper is on investigating this type of tradeoff by employing a theoretical framework with agents whose utility depends on the amount of private information revealed, and on making policy recommendations related to the issue of interconnection between alternative IMS-s. Our model derives optimal process of interconnection between IMS-s in the simple case of three IMS-s, then generalizing it to the case of more than three firms. The socially optimal outcome of the interconnection process in our model implies encouraging the interconnection between smaller rather than larger IMS-...

show abstract

“…The traditional view of access control model should be extended with an enterprise wide privacy policy for managing and enforcing of individual privacy preferences [35]. In the US, the Privacy Act of 1974 requires that federal agencies grant individuals access to their identifiable records that are maintained by the agency, ensure that existing information is accurate and timely, and limit the collection of unnecessary information and the disclosure of identifiable information to third parties [36]. From a recent survey, bank officers said that they had ongoing concerns, mostly procedural, about how to handle the anticipated privacy regulations of the US Gramm-Leach-Bliley Act (GLB), which requires financial institutions to regularly communicate privacy policies to customers and provide adequate opportunities for "opting-out" of personal information disclosure to non-affiliated third parties [37].…”

Section: Introductionmentioning

confidence: 99%