{"title":"结合隐私结果:教老狗新把戏","authors":"E. Brown, T. A. Kosa","doi":"10.1109/PST.2008.27","DOIUrl":null,"url":null,"abstract":"Canadian government bodies are subject to a number of requirements, including legislation, regulations,directives and policies, that speaks to informational privacy. These have come to be considered synonymous with the completion of a Privacy Impact Assessment. Some go so far as to specifically require an assessment, but few speak to specific technical content. Nor are there process requirements for sustaining privacy standards once the assessment document is submitted. At best, recommendations are identified to enhance the privacy posture of a program area's information management practices, but there is no mechanism to ensure that they are implemented. We propose the PIA process be adapted to mandate privacy outcomes in terms of specific actions that must betaken once the assessment is complete. Starting with the established PIA document, the program area can identify how to best marry the privacy requirements with the established business processes supporting the service delivery line. The result would incorporate privacy outcomes as ongoing activities and include not only consideration of agency requirements for personal information management, but also the impact to an individual's informational privacy.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Incorporating Privacy Outcomes: Teaching an Old Dog New Tricks\",\"authors\":\"E. Brown, T. A. Kosa\",\"doi\":\"10.1109/PST.2008.27\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Canadian government bodies are subject to a number of requirements, including legislation, regulations,directives and policies, that speaks to informational privacy. These have come to be considered synonymous with the completion of a Privacy Impact Assessment. Some go so far as to specifically require an assessment, but few speak to specific technical content. Nor are there process requirements for sustaining privacy standards once the assessment document is submitted. At best, recommendations are identified to enhance the privacy posture of a program area's information management practices, but there is no mechanism to ensure that they are implemented. We propose the PIA process be adapted to mandate privacy outcomes in terms of specific actions that must betaken once the assessment is complete. Starting with the established PIA document, the program area can identify how to best marry the privacy requirements with the established business processes supporting the service delivery line. The result would incorporate privacy outcomes as ongoing activities and include not only consideration of agency requirements for personal information management, but also the impact to an individual's informational privacy.\",\"PeriodicalId\":422934,\"journal\":{\"name\":\"2008 Sixth Annual Conference on Privacy, Security and Trust\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Sixth Annual Conference on Privacy, Security and Trust\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PST.2008.27\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Sixth Annual Conference on Privacy, Security and Trust","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST.2008.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Incorporating Privacy Outcomes: Teaching an Old Dog New Tricks
Canadian government bodies are subject to a number of requirements, including legislation, regulations,directives and policies, that speaks to informational privacy. These have come to be considered synonymous with the completion of a Privacy Impact Assessment. Some go so far as to specifically require an assessment, but few speak to specific technical content. Nor are there process requirements for sustaining privacy standards once the assessment document is submitted. At best, recommendations are identified to enhance the privacy posture of a program area's information management practices, but there is no mechanism to ensure that they are implemented. We propose the PIA process be adapted to mandate privacy outcomes in terms of specific actions that must betaken once the assessment is complete. Starting with the established PIA document, the program area can identify how to best marry the privacy requirements with the established business processes supporting the service delivery line. The result would incorporate privacy outcomes as ongoing activities and include not only consideration of agency requirements for personal information management, but also the impact to an individual's informational privacy.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
