Abstract
A lot of privacy principles have been proposed in the literature with the aim to preserve users’ privacy through the protection of the personal data collected by service providers. Despite the fact that there were remarkable efforts to gather all privacy principles and use them on a common privacy-by-design system, to the best of our knowledge, there is no published methodology that combines in a clear and structured way the existing privacy principles for supporting the design of a Privacy Preserving System. The absence of a widely accepted structured representation of the privacy principles makes their adoption or/and satisfaction difficult and in some cases inconsistent. Considering that privacy protection on its own is not an easy task for an organisation, the “scattered” privacy principles impose significant additional complexity. Consequently, very frequently organizations fail to effectively protect the privacy of their users. In this paper a structured privacy audit methodology that consists of discrete steps that organizations can follow for deciding or/and auditing the privacy protection measures is proposed. Every step is based on the significance of a privacy principle and on the sequence of the audit procedure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cavoukian, A.: Creation of a Global Privacy Standard, November (2006). http://www.ipc.on.ca/images/Resources/gps.pdf
Cavoukian, A., Taylor, S., Abrams, M.E.: Privacy by Design: essential for organizational accountability and strong business practices, Identity in the Information Society, Springer (2010). http://link.springer.com/article/10.1007/s12394-010-0053-z
Cavoukian, A.: The privacy payoff: how building privacy into your communications will give you a sustainable competitive advantage. In: International Association of Business Communicators International Conference 2008, New York, June 24, 2008. http://www.ipc.on.ca/images/Resources/2008-06-24-IABC-NYC.pdf
Cavoukian, A.: Privacy by design – the 7 foundational principles, Technical report, Information and Privacy Commissioner of Ontario, January 2011. (revised version)
Canadian Standards Association, Model Code for the Protection of Personal Information, A National Standard of Canada, Canadian Standards Association, March 1996. http://www.rogerclarke.com/DV/CanModel.html
Le Métayer, D.: Chapter 20 - Privacy by Design: A Matter of Choice, Data protection in a profiled world, Springer, (2010). http://link.springer.com/chapter/10.1007/978-90-481-8865-9_20
Directive 95/46/EC of the European Parliament and of the Council, The European Parliament and the Council of the European Union, October 24, 1995. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
Directive of the European Parliament and of the Council, European Commission, Brussels, March 12, 2014. http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P7-TA-2014-0212+0+DOC+XML+V0//EN
van Blarkom, G.W., Borking, J.J., Olk, J.G.E.: PET, Handbook of Privacy and Privacy-Enhancing Technologies, The Case of Intelligent Software Agents, 2003, ISBN 90-74087-33-7. http://www.andrewpatrick.ca/pisa/handbook/Handbook_Privacy_and_PET_final.pdf
Generally Accepted Privacy Principles (GAPP) (2010). www.aicpa.org/privacy, https://www.cippguide.org/2010/07/01/generally-accepted-privacy-principles-gapp/
Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises, IBM Research, Zurich Research Laboratory (2002). http://www.semper.org/sirene/publ/KaSW3_02.TrustBus-final-2002-05-01.pdf
Information technology — Security techniques — Privacy framework, International Standard, ISO/IEC 29100:2011(E) (2011)
Hoepman, J.-H.: Privacy Design Strategies, May 7, 2013
Hoepman, J.-H.: Privacy Design Strategies, October 25, 2012
Konstantina, K., Stefanos, G., Konstantinos, M.: Towards a Privacy Audit Programmes Comparison Framework. Springer-Verlag, Heidelberg (2004)
OECD Privacy Principles, OECDprivacy.org (1980). http://oecdprivacy.org/
Privacy, Accountability and Trust – Challenges and Opportunities, ENISA, February 2, 2011. https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/pat-study
Reform of data protection legislation, European Commission, (2012). http://ec.europa.eu/justice/data-protection/
Safe Harbor Privacy Principles, issued by the U.S. Department of Commerce, July 21, 2000. http://www.export.gov/safeharbor/eu/eg_main_018475.asp
The 10 Privacy Principles of PIPEDA, PrivacySense.net. http://www.privacysense.net/10-privacy-principles-of-pipeda/
The OECD Privacy Framework, OECD (2013)
Tommie, W.: Singleton, IT and Privacy Audits. ISACA J. 5, 2009
Wang, Y., Kobsa, A.: Privacy-Enhancing Technologies (2008). http://www.cs.cmu.edu/afs/cs/Web/People/yangwan1/papers/2008-Handbook-LiabSec-AuthorCopy.pdf
Acknowledgements
This work has been partially supported by the Research Center of the University of Piraeus.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Makri, EL., Lambrinoudakis, C. (2015). Privacy Principles: Towards a Common Privacy Audit Methodology. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-319-22906-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-22905-8
Online ISBN: 978-3-319-22906-5
eBook Packages: Computer ScienceComputer Science (R0)