9,399 Hits in 3.2 sec

Deletion-Compliance in the Absence of Privacy [article]

Jonathan Godin, Philippe Lamontagne
2022 arXiv   pre-print
A requirement of deletion-compliance is strong privacy for the deletion requesters since no outside observer must be able to tell if deleted data was ever present in the first place.  ...  The main thesis of this paper is that deletion-compliance is a standalone notion, distinct from privacy.  ...  Our definition demonstrates that this is more a design choice than a necessary condition, and that a meaningful notion of deletion-compliance exists in the absence of total privacy.  ... 
arXiv:2201.03499v1 fatcat:hv4zjbxlqbek7fdqsa36axkhdm

Detecting the Effects of Changes on the Compliance of Cross-Organizational Business Processes [chapter]

David Knuplesch, Walid Fdhila, Manfred Reichert, Stefanie Rinderle-Ma
2015 Lecture Notes in Computer Science  
Since compliance verification is known to be very costly, reducing the number of compliance rules to be rechecked in the context of process changes will be crucial.  ...  Altogether, our approach increases the efficiency of compliance checking in cross-organizational settings.  ...  In particular, compliance checking must cope with the fact that the partners do not know all parts of the CBP relevant for a GCR, e.g., due to privacy reasons [6, 7] .  ... 
doi:10.1007/978-3-319-25264-3_7 fatcat:7xiatrhywrcgjdjeq5frvo3pfi

A Study on the Information Security Management Index through Analysis of EU-GDPR(European Union-General Data Protection Regulation)

2018 Asia-pacific Journal of Law Politics and Administration  
The European Commission is committed to ensuring the free movement of personal information between EU Member States and strengthening the protection of the privacy of information by EU Member States through  ...  Companies that are servicing the EU or preparing for business need to have a good understanding of the GDPR compliance requirements and need to comply with the relevant regulatory requirements.  ...  indicators Analysis of the ISMS, PIMS and GDPR compliance indicators showed that the A code did not differ from the PIMS case and all the codes related to the GDPR privacy protection evaluation were in  ... 
doi:10.21742/ajlpa.2018.2.2.03 fatcat:sjuhsqqlarcj5iccnkcolpval4

Towards Compliant Data Management Systems for Healthcare ML [article]

Goutham Ramakrishnan, Aditya Nori, Hannah Murfet, Pashmina Cameron
2020 arXiv   pre-print
The increasing popularity of machine learning approaches and the rising awareness of data protection and data privacy presents an opportunity to build truly secure and trustworthy healthcare systems.  ...  We build a prototype of the solution that demonstrates the difficulties in this domain.  ...  Healthcare ML practitioners are the primary data feeders to the tool and the DPO or privacy officer is the primary consumer of the tool in order to monitor data compliance.  ... 
arXiv:2011.07555v1 fatcat:hkygwivw3ncavm3slf6bkv3e2u

A Formal Privacy Management Framework [chapter]

Daniel Le Métayer
2009 Lecture Notes in Computer Science  
The work described in this paper results from a multidisciplinary project involving lawyers and computer scientists with the double goal to (1) reconsider the fundamental values motivating privacy protection  ...  This paper focuses on the formal framework proposed in the project to deliver this consent through software agents.  ...  Acknowledgements This work has been partially funded by the INRIA ARC (Action de Recherche Coopérative) PRIAM (Privacy Issues in Ambient Intelligence) and ANR (Agence Nationale de la Recherche) under the  ... 
doi:10.1007/978-3-642-01465-9_11 fatcat:p2duzsvuajfbhlg2kgmjbv66zi

GDPR Anti-Patterns: How Design and Operation of Modern Cloud-scale Systems Conflict with GDPR [article]

Supreeth Shastri, Melissa Wasserman, Vijay Chidambaram
2019 arXiv   pre-print
In recent years, our society is being plagued by unprecedented levels of privacy and security breaches.  ...  In this article, we review GDPR from a systems perspective, and identify how the design and operation of modern cloud-scale systems conflict with this regulation.  ...  consult the supervisory authority prior to processing where [...] that would result in a high risk in the absence of measures taken by the controller to mitigate the risk. " GDPR establishes, via articles  ... 
arXiv:1911.00498v1 fatcat:fui4d7buevcsnittxqnbz3sql4

Evaluation of Free Android Healthcare Apps Listed in Database: Technical Analysis, Survey Results and Suggestions for Developers

Lorenzo Di Matteo, Carmela Pierri, Sergio Pillon, Giampiero Gasperini, Paolo Preite, Edoardo Limone, Silvia Rongoni
2018 Journal of Mobile Technology in Medicine  
Moreover a limited number of the analyzed apps adopt data protection mechanisms and declare privacy compliance. Security and Privacy are generally poor.  ...  Data sharing has been detected in 133 cases. 9,45% of the apps provides a backup option. 13% of the apps declare to be compliant to some kind of privacy regulation.  ...  Acknowledgements We would like to thank the General Directorate for Medical Devices and the Pharmaceutical Service of the Ministry of Health (Italy), especially Dir. Marcella Marletta, Eng.  ... 
doi:10.7309/jmtm.7.2.3 fatcat:lhbmnph6yfcgtkkhrkqa3w5pji

Analyzing the Impact of GDPR on Storage Systems [article]

Aashaka Shah, Vinay Banakar, Supreeth Shastri, Melissa Wasserman, and Vijay Chidambaram
2019 arXiv   pre-print
Motivated by the finding that more than 30% of GDPR articles are related to storage, we investigate the impact of GDPR compliance on storage systems.  ...  We illustrate the challenges of retrofitting existing systems into compliance by modifying Redis to be GDPR-compliant.  ...  Introduction "In law, nothing is certain but the expense. " Samuel Butler Privacy and protection of personal data (or more aptly, the lack thereof) has become a topic of concern for the modern society  ... 
arXiv:1903.04880v3 fatcat:wpvzfpjjvnbudmdhoocqf5w4vy

Privacy Impact Assessment Template for Provenance

Jenni Reuben, Leonardo A. Martucci, Simone Fischer-Hubner, Heather S. Packer, Hans Hedbom, Luc Moreau
2016 2016 11th International Conference on Availability, Reliability and Security (ARES)  
The semantics of these links and domain specific reasoning can support the inference of additional information about the elements in the graph.  ...  The PIA template identifies privacy threats, lists potential countermeasures, helps to manage personal data protection risks, and maintains compliance with privacy data protection laws and regulations.  ...  Furthermore, our study highlights the absence of the state-of-the-art counter measures for several privacy threats that arise in provenance.  ... 
doi:10.1109/ares.2016.95 dblp:conf/IEEEares/ReubenMFPHM16 fatcat:psysbk6urvfcrcfevzagof76ay

Athena: Probabilistic Verification of Machine Unlearning

David M. Sommer, Liwei Song, Sameer Wagh, Prateek Mittal
2022 Proceedings on Privacy Enhancing Technologies  
compliance with data deletion requests, and (2) our mechanism is robust against servers deploying state-of-the-art backdoor defense methods.  ...  In this work, we take the first step in proposing a formal framework, called Athena, to study the design of such verification mechanisms for data deletion requests – also known as machine unlearning –  ...  This work was supported in part by the National Science Foundation under grants CNS-1553437 and CNS-1704105, the ARL's Army Artificial Intelligence Innovation Institute (A2I2), the Office of Naval Research  ... 
doi:10.56553/popets-2022-0072 fatcat:waedy56wjfhpdjeusufv5n6k7m

Challenges of Complying with Data Protection and Privacy Regulations

A. Lonzetta, T. Hayajneh
2018 EAI Endorsed Transactions on Scalable Information Systems  
This influx in data, partnered with challenges complying with data protection and privacy regulations and the absence of a comprehensive global data protection and privacy strategy, has contributed to  ...  Our paper presents an overview of existing data protection and privacy regulations, the challenges of complying with the regulations, and recommendations to achieve long-term data protect and privacy.  ...  , blocking, or deletion of data processed in ways not complaint with the regulation.  ... 
doi:10.4108/eai.26-5-2020.166352 fatcat:oyobd5g4rrdfdhubg4fjsdqjy4

Towards Software-Defined Data Protection: GDPR Compliance at the Storage Layer is Within Reach [article]

Zsolt Istvan
2020 arXiv   pre-print
Enforcing data protection and privacy rules within large data processing applications is becoming increasingly important, especially in the light of GDPR and similar regulatory frameworks.  ...  We highlight the challenges that remain, especially that of trusting the storage nodes. These need to be tackled before we can reach widespread adoption in cloud environments.  ...  Permissions in the PT are orthogonal to the presence/absence of cipher keys in the KT: even if a client has the right to read all key-value pairs belonging to a purpose, only those for which the storage  ... 
arXiv:2008.04936v1 fatcat:tqmvsptm4feyfc5ih4afixwyri

The Seven Sins of Personal-Data Processing Systems under GDPR [article]

Supreeth Shastri, Melissa Wasserman, Vijay Chidambaram
2019 arXiv   pre-print
In recent years, our society is being plagued by unprecedented levels of privacy and security breaches.  ...  In this paper, we review GDPR from a system design perspective, and identify how its regulations conflict with the design, architecture, and operation of modern systems.  ...  As several other nations are in the process of drafting privacy regulations, participation from the systems community would be valuable.  ... 
arXiv:1903.09305v2 fatcat:mkirfyi7onfuvaaugzzg6h677a

An Empirical Evaluation of the Implementation of the California Consumer Privacy Act (CCPA) [article]

Trong Nguyen
2022 arXiv   pre-print
This paper was about an empirical evaluation of the implementation of the California Consumer Privacy Act.  ...  However, on the other hand, we still noticed aspects of CCPA being absent on some websites. Additionally, we found no prior evaluation of the CCPA implementation in organizations.  ...  CCPA Compliance Helper In the application design, the CCPA Compliance Helper is an extended feature out of the scope to assist companies with CCPA complying.  ... 
arXiv:2205.09897v1 fatcat:ijnsomcg7ngjxpeku2kldhnayy

WhatsApp in Clinical Practice—The Challenges of Record Keeping and Storage. A Scoping Review

Christopher Morris, Richard E. Scott, Maurice Mars
2021 International Journal of Environmental Research and Public Health  
In the absence of clear guidelines, problematic practices and workarounds have been created, increasing legal, regulatory and ethical concerns.  ...  The aim of this study was to review the literature on how clinicians who use WhatsApp in clinical practice keep medical records of the content of WhatsApp messages and how they store WhatsApp messages  ...  the difficulty of compliance.  ... 
doi:10.3390/ijerph182413426 pmid:34949033 pmcid:PMC8708459 fatcat:ylauwkk5gvctzceuynkgi7frpa
« Previous Showing results 1 — 15 out of 9,399 results