{"title":"数据隐私法的可验证和实际遵守","authors":"M. Awasthi","doi":"10.1109/HiPCW57629.2022.00013","DOIUrl":null,"url":null,"abstract":"A number of governments have legislated privacy laws in recent years. The most prominent international one covering multiple nations is the General Data Protection Regulation (GDPR) of the European Union. Many national and local governments are in the process of tabling similar legislation. To be compliant with privacy laws, software companies providing Software as a Service (SaaS) have changed internal practices to develop applications with a “privacy first” ethos. In addition, these companies (data controllers) have put mechanisms in place for ensuring the privacy and security preparedness of their service providers (data processors), which is currently being done manually using questionnaires. Questionnaires designed to collect compliance information from processors aren't the best instruments. This is due to many reasons including lack of clarity on information to be collected, humans in the information collection loop, and badly designed questionnaires, among others. In this paper, we analyse a few reasons making compliance determination a herculean tasks for both parties and propose a simple mechanism to automate compliance information gathering.","PeriodicalId":432185,"journal":{"name":"2022 IEEE 29th International Conference on High Performance Computing, Data and Analytics Workshop (HiPCW)","volume":"124 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Verifiable and Practical Compliance for Data Privacy Laws\",\"authors\":\"M. Awasthi\",\"doi\":\"10.1109/HiPCW57629.2022.00013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A number of governments have legislated privacy laws in recent years. The most prominent international one covering multiple nations is the General Data Protection Regulation (GDPR) of the European Union. Many national and local governments are in the process of tabling similar legislation. To be compliant with privacy laws, software companies providing Software as a Service (SaaS) have changed internal practices to develop applications with a “privacy first” ethos. In addition, these companies (data controllers) have put mechanisms in place for ensuring the privacy and security preparedness of their service providers (data processors), which is currently being done manually using questionnaires. Questionnaires designed to collect compliance information from processors aren't the best instruments. This is due to many reasons including lack of clarity on information to be collected, humans in the information collection loop, and badly designed questionnaires, among others. In this paper, we analyse a few reasons making compliance determination a herculean tasks for both parties and propose a simple mechanism to automate compliance information gathering.\",\"PeriodicalId\":432185,\"journal\":{\"name\":\"2022 IEEE 29th International Conference on High Performance Computing, Data and Analytics Workshop (HiPCW)\",\"volume\":\"124 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 29th International Conference on High Performance Computing, Data and Analytics Workshop (HiPCW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HiPCW57629.2022.00013\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 29th International Conference on High Performance Computing, Data and Analytics Workshop (HiPCW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HiPCW57629.2022.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Verifiable and Practical Compliance for Data Privacy Laws
A number of governments have legislated privacy laws in recent years. The most prominent international one covering multiple nations is the General Data Protection Regulation (GDPR) of the European Union. Many national and local governments are in the process of tabling similar legislation. To be compliant with privacy laws, software companies providing Software as a Service (SaaS) have changed internal practices to develop applications with a “privacy first” ethos. In addition, these companies (data controllers) have put mechanisms in place for ensuring the privacy and security preparedness of their service providers (data processors), which is currently being done manually using questionnaires. Questionnaires designed to collect compliance information from processors aren't the best instruments. This is due to many reasons including lack of clarity on information to be collected, humans in the information collection loop, and badly designed questionnaires, among others. In this paper, we analyse a few reasons making compliance determination a herculean tasks for both parties and propose a simple mechanism to automate compliance information gathering.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
