Change search
ReferencesLink to record
Permanent link

Direct link
The Principle of Security Safeguards: Accidental activities
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2008 (English)In: Proceedings of the ISSA 2008 Innovative Minds Conference, 2008, 81-98 p.Conference paper (Refereed)
Abstract [en]

The principle of information security safeguards is a key information principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers. This paper takes a step to bridge the aforementioned knowledge gap by presenting an analysis of how data protection and privacy commissioners have evaluated the level of adequacy of security protection given to personal information in selected privacy invasive cases. This study addresses security measures used to protect personal information against accidental incidents. This analysis also lays a foundation for building a set of guidelines for data controllers on designing, implementing, and operating both technological and organizational measures used to protect personal information.

Place, publisher, year, edition, pages
2008. 81-98 p.
Keyword [en]
Information privacy, information security, accidental disclosure, accidental loss, personal information
National Category
Computer and Information Science
URN: urn:nbn:se:su:diva-89899ISBN: 978-1-86854-693-0OAI: diva2:621428
ISSA 2008 : Information Security South Africa (ISSA) Conference 2008
Available from: 2013-05-14 Created: 2013-05-14 Last updated: 2013-05-15Bibliographically approved
In thesis
1. Discovering Constructs and Dimensions for Information Privacy Metrics
Open this publication in new window or tab >>Discovering Constructs and Dimensions for Information Privacy Metrics
2013 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Privacy is a fundamental human right. During the last decades, in the information age, information privacy has become one of the most essential aspects of privacy. Information privacy is concerned with protecting personal information pertaining to individuals.

Organizations, which frequently process the personal information, and individuals, who are the subjects of the information, have different needs, rights and obligations. Organizations need to utilize personal information as a basis to develop tailored services and products to their customers in order to gain advantage over their competitors. Individuals need assurance from the organizations that their personal information is not changed, disclosed, deleted or misused in any other way. Without this guarantee from the organizations, individuals will be more unwilling to share their personal information.

Information privacy metrics is a set of parameters used for the quantitative assessment and benchmark of an organization’s measures to protect personal information. These metrics can be used by organizations to demonstrate, and by individuals to evaluate, the type and level of protection given to personal information. Currently, there are no systematically developed, established or widely used information privacy metrics. Hence, the purpose of this study is to establish a solid foundation for building information privacy metrics by discovering some of the most critical constructs and dimensions of these metrics. 

The research was conducted within the general research strategy of design science and by applying research methods such as data collection and analysis informed by grounded theory as well as surveys using interviews and questionnaires in Sweden and in Sri Lanka. The result is a conceptual model for information privacy metrics including its basic foundation; the constructs and dimensions of the metrics. 

Place, publisher, year, edition, pages
Kista: Department of Computer and Systems Sciences, tockholm Univeristy, 2013. 169 p.
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 13-003
Information privacy, Privacy metrics, Data protection, Personal information
National Category
Computer and Information Science
Research subject
Computer and Systems Sciences
urn:nbn:se:su:diva-89336 (URN)978-91-7447-637-8 (ISBN)
Public defence
2013-06-10, sal C, Forum 100, Isafjordsgatan 39, Kista, 13:00 (English)
Sida - Swedish International Development Cooperation Agency

At the time of the doctoral defense, the following paper was unpublished and had a status as follows: Paper 6: Accepted.

Available from: 2013-05-16 Created: 2013-04-22 Last updated: 2013-05-15Bibliographically approved

Open Access in DiVA

No full text

Other links
By organisation
Department of Computer and Systems Sciences
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 21 hits
ReferencesLink to record
Permanent link

Direct link