Change search
ReferencesLink to record
Permanent link

Direct link
The principle of security safeguards: Unauthorized activities
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences. Kungliga tekniska högskolan.
2009 (English)In: The Computer Law and Security Report, ISSN 0267-3649, Vol. 25, no 2, 165-172 p.Article in journal (Refereed) Published
Abstract [en]

The principle of information security safeguards is a key information privacy principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers who are responsible for providing adequate protection. This paper takes a step toward bridging this knowledge gap by presenting an analysis of how Data Protection and Privacy Commissioners have evaluated the adequacy level of security protection measures given to personal information in selected privacy invasive cases. This study addresses both security measures used to protect personal information against unauthorized activities and the use of personal information in authentication mechanisms. This analysis also lays a foundation for building a set of guidelines that can be used by data controllers for designing, implementing, and operating both technological and organizational measures used to protect personal information.

Place, publisher, year, edition, pages
2009. Vol. 25, no 2, 165-172 p.
Keyword [en]
Information privacy, Information security, Data control, Privacy guidelines, Unauthorized data usage, Information systems design, Password/passphrase
National Category
Computer and Information Science
URN: urn:nbn:se:su:diva-89900DOI: 10.1016/j.clsr.2009.02.012OAI: diva2:621431
Available from: 2013-05-14 Created: 2013-05-14 Last updated: 2013-05-15Bibliographically approved
In thesis
1. Discovering Constructs and Dimensions for Information Privacy Metrics
Open this publication in new window or tab >>Discovering Constructs and Dimensions for Information Privacy Metrics
2013 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Privacy is a fundamental human right. During the last decades, in the information age, information privacy has become one of the most essential aspects of privacy. Information privacy is concerned with protecting personal information pertaining to individuals.

Organizations, which frequently process the personal information, and individuals, who are the subjects of the information, have different needs, rights and obligations. Organizations need to utilize personal information as a basis to develop tailored services and products to their customers in order to gain advantage over their competitors. Individuals need assurance from the organizations that their personal information is not changed, disclosed, deleted or misused in any other way. Without this guarantee from the organizations, individuals will be more unwilling to share their personal information.

Information privacy metrics is a set of parameters used for the quantitative assessment and benchmark of an organization’s measures to protect personal information. These metrics can be used by organizations to demonstrate, and by individuals to evaluate, the type and level of protection given to personal information. Currently, there are no systematically developed, established or widely used information privacy metrics. Hence, the purpose of this study is to establish a solid foundation for building information privacy metrics by discovering some of the most critical constructs and dimensions of these metrics. 

The research was conducted within the general research strategy of design science and by applying research methods such as data collection and analysis informed by grounded theory as well as surveys using interviews and questionnaires in Sweden and in Sri Lanka. The result is a conceptual model for information privacy metrics including its basic foundation; the constructs and dimensions of the metrics. 

Place, publisher, year, edition, pages
Kista: Department of Computer and Systems Sciences, tockholm Univeristy, 2013. 169 p.
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 13-003
Information privacy, Privacy metrics, Data protection, Personal information
National Category
Computer and Information Science
Research subject
Computer and Systems Sciences
urn:nbn:se:su:diva-89336 (URN)978-91-7447-637-8 (ISBN)
Public defence
2013-06-10, sal C, Forum 100, Isafjordsgatan 39, Kista, 13:00 (English)
Sida - Swedish International Development Cooperation Agency

At the time of the doctoral defense, the following paper was unpublished and had a status as follows: Paper 6: Accepted.

Available from: 2013-05-16 Created: 2013-04-22 Last updated: 2013-05-15Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text
By organisation
Department of Computer and Systems Sciences
In the same journal
The Computer Law and Security Report
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 37 hits
ReferencesLink to record
Permanent link

Direct link