Exploring How UK Public Authorities Use Redaction to Protect Personal Information

IF 2.5 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

ACM Transactions on Management Information Systems Pub Date : 2024-03-12 DOI:10.1145/3651989

Yijun Chen, Reuben Kirkham

{"title":"Exploring How UK Public Authorities Use Redaction to Protect Personal Information","authors":"Yijun Chen, Reuben Kirkham","doi":"10.1145/3651989","DOIUrl":null,"url":null,"abstract":"\n Document redaction has become increasingly important for individuals and organizations. This article investigates public-sector information redaction practices in order to determine if they adequately protect personal information from accidental disclosure due to redaction errors. Despite the importance of this in respect of data protection, 66.4% of those Public Authorities that responded did not hold formal policies or procedures\n at all\n . To assess those policies that did exist, we produced a 17-item check list of minimum best practice. Even those with policies and procedures had substantial defects to some degree (with the median performance being 29.4% on our checklist), with policies frequently recommending the use of high-risk redaction methods and overlooking essential practices. This means that these existing practices amount to widespread breaches of data protection law on the ground. To remedy this, we articulate a new set of document redaction standards, which overcome the existing inadequacies in current guidance, as well as make proposals for regulatory reform in this space.\n","PeriodicalId":45274,"journal":{"name":"ACM Transactions on Management Information Systems","volume":null,"pages":null},"PeriodicalIF":2.5000,"publicationDate":"2024-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Management Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3651989","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Document redaction has become increasingly important for individuals and organizations. This article investigates public-sector information redaction practices in order to determine if they adequately protect personal information from accidental disclosure due to redaction errors. Despite the importance of this in respect of data protection, 66.4% of those Public Authorities that responded did not hold formal policies or procedures at all . To assess those policies that did exist, we produced a 17-item check list of minimum best practice. Even those with policies and procedures had substantial defects to some degree (with the median performance being 29.4% on our checklist), with policies frequently recommending the use of high-risk redaction methods and overlooking essential practices. This means that these existing practices amount to widespread breaches of data protection law on the ground. To remedy this, we articulate a new set of document redaction standards, which overcome the existing inadequacies in current guidance, as well as make proposals for regulatory reform in this space.

查看原文本刊更多论文

探索英国公共机构如何使用 "编辑 "技术保护个人信息

对个人和组织而言，文件编辑变得越来越重要。本文调查了公共部门的信息编辑实践，以确定它们是否能充分保护个人信息不因编辑错误而意外泄露。尽管这一点在数据保护方面非常重要，但 66.4% 的公共机构在回复中表示根本没有制定正式的政策或程序。为了评估那些确实存在的政策，我们编制了一份包含 17 个项目的最低限度最佳实践检查清单。即使是那些制定了政策和程序的公共机构，在某种程度上也存在重大缺陷（在我们的核对清单中，表现的中位数为 29.4%），政策经常建议使用高风险的编辑方法，而忽略了基本的做法。这意味着，这些现行做法在实际中普遍违反了数据保护法。为了弥补这一缺陷，我们提出了一套新的文件编辑标准，以克服当前指南中存在的不足，并为这一领域的监管改革提出建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Management Information Systems COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

6.30

自引率

20.00%

发文量