Encryption safe harbours and data breach notification laws

Data breach notification laws require organisations to notify affected persons or regulatory authorities when an unauthorised acquisition of personal data occurs. Most laws provide a safe harbour to this obligation if acquired data has been encrypted. There are three types of safe harbour: an exemption; a rebuttable presumption and factor-based analysis. We demonstrate, using three condition-based scenarios, that the broad formulation of most encryption safe harbours is based on the flawed assumption that encryption is the silver bullet for personal information protection. We then contend that reliance upon an encryption safe harbour should be dependent upon a rigorous and competent risk-based review that is required on a case-by-case basis. Finally, we recommend the use of both an encryption safe harbour and a notification trigger as our preferred choice for a data breach notification regulatory framework.

'But I've never sent them any personal details apart from my driver's licence number...': Exploring seniors' attitudes towards identity crime

Identity crime is argued to be one of the most significant crime problems of today. This paper examines identity crime, through the attitudes and practices of a group of seniors in Queensland, Australia. It examines their own actions towards the protection of their personal data in response to a fraudulent email request. Applying the concept of a prudential citizen (as one who is responsible for self-regulating their behaviour to maintain the integrity of one’s identity) it will be argued that seniors often expose identity information through their actions. However, this is demonstrated to be the result of flawed assumptions and misguided beliefs over the perceived risk and likelihood of identity crime, rather than a deliberate act. This paper concludes that to protect seniors from identity crime, greater awareness of appropriate risk-management strategies towards disclosure of their personal details is required to reduce their inadvertent exposure to identity crime.

Impact of online privacy concerns and brand reputation on consumer willingness to provide personal information

The aim of this research was to identify the role of brand reputation in encouraging consumer willingness to provide personal data online, for the benefits of personalisation. This study extends on Malhotra, Kim and Agarwal’s (2004) Internet Users Information Privacy Concerns Model, and uses the theoretical underpinning of Social Contract Theory to assess how brand reputation moderates the relationship between trusting beliefs and perceived value (Privacy Calculus framework) with willingness to give personal information. The research is highly relevant as most privacy research undertaken to date focuses on consumer related concerns. Very little research exists examining the role of brand reputation and online privacy. Practical implications of this research include gaining knowledge as to how to minimise online privacy concerns; improve brand reputation; and provide insight on how to reduce consumer resistance to the collection of personal information and encourage consumer opt-in.

On the integration of self-tracking data amongst quantified self members

Self-tracking, the process of recording one's own behaviours, thoughts and feelings, is a popular approach to enhance one's self-knowledge. While dedicated self-tracking apps and devices support data collection, previous research highlights that the integration of data constitutes a barrier for users. In this study we investigated how members of the Quantified Self movement---early adopters of self-tracking tools---overcome these barriers. We conducted a qualitative analysis of 51 videos of Quantified Self presentations to explore intentions for collecting data, methods for integrating and representing data, and how intentions and methods shaped reflection. The findings highlight two different intentions---striving for self-improvement and curiosity in personal data---which shaped how these users integrated data, i.e. the effort required. Furthermore, we identified three methods for representing data---binary, structured and abstract---which influenced reflection. Binary representations supported reflection-in-action, whereas structured and abstract representations supported iterative processes of data collection, integration and reflection. For people tracking out of curiosity, this iterative engagement with personal data often became an end in itself, rather than a means to achieve a goal. We discuss how these findings contribute to our current understanding of self-tracking amongst Quantified Self members and beyond, and we conclude with directions for future work to support self-trackers with their aspirations.

Towards an intelligent learning system for the natural born cyborg

We propose to design a Custom Learning System that responds to the unique needs and potentials of individual students, regardless of their location, abilities, attitudes, and circumstances. This project is intentionally provocative and future-looking but it is not unrealistic or unfeasible. We propose that by combining complex learning databases with a learner’s personal data, we could provide all students with a personal, customizable, and flexible education. This paper presents the initial research undertaken for this project of which the main challenges were to broadly map the complex web of data available, to identify what logic models are required to make the data meaningful for learning, and to translate this knowledge into simple and easy-to-use interfaces. The ultimate outcome of this research will be a series of candidate user interfaces and a broad system logic model for a new smart system for personalized learning. This project is student-centered, not techno-centric, aiming to deliver innovative solutions for learners and schools. It is deliberately future-looking, allowing us to ask questions that take us beyond the limitations of today to motivate new demands on technology.

Australian children's experiences of parents' online mediation

This paper draws on the work of the ‘EU Kids Online’ network funded by the EC (DG Information Society) Safer Internet plus Programme (project code SIP-KEP-321803); see www.eukidsonline.net, and addresses Australian children’s online activities in terms of risk, harm and opportunity. In particular, it draws upon data that indicates that Australian children are more likely to encounter online risks — especially around seeing sexual images, bullying, misuse of personal data and exposure to potentially harmful user-generated content — than is the case with their EU counterparts. Rather than only comparing Australian children with their European equivalents, this paper places the risks experienced by Australian children in the context of the mediation and online protection practices adopted by their parents, and asks about the possible ways in which we might understand data that seems to indicate that Australian children’s experiences of online risk and harm differ significantly from the experiences of their Europe-based peers. In particular, and as an example, this paper sets out to investigate the apparent conundrum through which Australian children appear twice as likely as most European children to have seen sexual images in the past 12 months, but parents are more likely to filter their access to the internet than is the case with most children in the wider EU Kids Online study. Even so, one in four Australian children (25%) believes that what their parents do helps ‘a lot’ to improve their internet experience, and Australian children and their parents are a little less likely to agree about the mediation practices taking place in the family home than is the case in the EU. The AU Kids Online study was carried out as a result of the ARC Centre of Excellence for Creative Industries and Innovation’s funding of a small scale randomised sample (N = 400) of Australian families with at least one child, aged 9–16, who goes online. The report on Risks and safety for Australian children on the internet follows the same format and uses much of the contextual statement around these issues as the ‘county level’ reports produced by the 25 EU nations involved in EU Kids Online, first drafted by Livingstone et al. (2010). The entirely new material is the data itself, along with the analysis of that data.

The sound of music : sharing song selections between collocated strangers in public urban places

This paper presents Capital Music, a mobile application enabling real-time sharing of song choices with collocated urban dwellers. Due to the real-time, location-based peer-to-peer approach of the application, a user experience study was performed utilising the Wizard of Oz method. The study provides insight into how sharing non-privacy sensitive but personal data in an anonymous way can influence the user experience of people in public urban places. We discuss the findings in relation to how Capital Music influences the process of “cocooning” in public urban places, the practice of designing anonymous interactions between collocated strangers, and how the sharing of song choices can create a sense of commonality between anonymous users in the urban space. The outcomes of this study are relevant for future location-based social networking applications that aim to create interactions between collocated strangers.

Developing a Libyan information privacy framework

This thesis considers how an information privacy system can and should develop in Libya. Currently, no information privacy system exists in Libya to protect individuals when their data is processed. This research reviews the main features of privacy law in several key jurisdictions in light of Libya's social, cultural, and economic context. The thesis identifies the basic principles that a Libyan privacy law must consider, including issues of scope, exceptions, principles, remedies, penalties, and the establishment of a legitimate data protection authority. This thesis concludes that Libya should adopt a strong information privacy law framework and highlights some of the considerations that will be relevant for the Libyan legislature.

Digital Identity 3.0: The Platform for People

Developed economies are moving from an economy of corporations to an economy of people. More than ever, people produce and share value amongst themselves, and create value for corporations through co-creation and by sharing their data. This data remains in the hands of corporations and governments, but people want to regain control. Digital identity 3.0 gives people that control, and much more. In this paper we describe a concept for a digital identity platform that substantially goes beyond common concepts providing authentication services. Instead, the notion of digital identity 3.0 empowers people to decide who creates, updates, reads and deletes their data, and to bring their own data into interactions with organisations, governments and peers. To the extent that the user allows, this data is updated and expanded based on automatic, integrated and predictive learning, enabling trusted third party providers (e.g., retailers, banks, public sector) to proactively provide services. Consumers can also add to their digital identity desired meta-data and attribute values allowing them to design their own personal data record and to facilitate individualised experiences. We discuss the essential features of digital identity 3.0, reflect on relevant stakeholders and outline possible usage scenarios in selected industries.

Mapping personal trip OD from probe data

The paper analyses the expected value of OD volumes from probe with fixed error, error that is proportional to zone size and inversely proportional to zone size. To add realism to the analysis, real trip ODs in the Tokyo Metropolitan Region are synthesised. The results show that for small zone coding with average radius of 1.1km, and fixed measurement error of 100m, an accuracy of 70% can be expected. The equivalent accuracy for medium zone coding with average radius of 5km would translate into a fixed error of approximately 300m. As expected small zone coding is more sensitive than medium zone coding as the chances of the probe error envelope falling into adjacent zones are higher. For the same error radii, error proportional to zone size would deliver higher level of accuracy. As over half (54.8%) of the trip ends start or end at zone with equivalent radius of ≤ 1.2 km and only 13% of trips ends occurred at zones with equivalent radius ≥2.5km, measurement error that is proportional to zone size such as mobile phone would deliver higher level of accuracy. The synthesis of real OD with different probe error characteristics have shown that expected value of >85% is difficult to achieve for small zone coding with average radius of 1.1km. For most transport applications, OD matrix at medium zone coding is sufficient for transport management. From this study it can be drawn that GPS with error range between 2 and 5m, and at medium zone coding (average radius of 5km) would provide OD estimates greater than 90% of the expected value. However, for a typical mobile phone operating error range at medium zone coding the expected value would be lower than 85%. This paper assumes transmission of one origin and one destination positions from the probe. However, if multiple positions within the origin and destination zones are transmitted, map matching to transport network could be performed and it would greatly improve the accuracy of the probe data.

Personal preferences for end-of-life care among Taiwanese community city dwellers : an inductive approach for qualitative data

Background: As an increasing number of Taiwanese people live out the final stages of their lives with chronic and complex conditions. Care decisions at the end of life can also be complex, overwhelming and stressful for an individual, family and health professionals. Understanding individuals’ wishes for end-of-life care and factors which influence individuals' decisions is important so that the provision of quality end-of-life care for all can be promoted and ensured.

The validity of personal disturbance scale (DSSI/sAD) in people with diabetes mellitus, using longitudinal data

Despite being used since 1976, Delusions-Symptoms-States-Inventory/states of Anxiety and Depression (DSSI/sAD) has not yet been validated for use among people with diabetes. The aim of this study was to examine the validity of the personal disturbance scale (DSSI/sAD) among women with diabetes using Mater-University of Queensland Study of Pregnancy (MUSP) cohort data. The DSSI subscales were compared against DSM-IV disorders, the Mental Component Score of the Short Form 36 (SF-36 MCS), and Center for Epidemiologic Studies Depression Scale (CES-D). Factor analyses, odds ratios, receiver operating characteristic (ROC) analyses and diagnostic efficiency tests were used to report findings. Exploratory factor analysis and fit indices confirmed the hypothesized two-factor model of DSSI/sAD. We found significant variations in the DSSI/sAD domain scores that could be explained by CES-D (DSSI-Anxiety: 55%, DSSI-Depression: 46%) and SF-36 MCS (DSSI-Anxiety: 66%, DSSI-Depression: 56%). The DSSI subscales predicted DSM-IV diagnosed depression and anxiety disorders. The ROC analyses show that although the DSSI symptoms and DSM-IV disorders were measured concurrently the estimates of concordance remained only moderate. The findings demonstrate that the DSSI/sAD items have similar relationships to one another in both the diabetes and non-diabetes data sets which therefore suggest that they have similar interpretations.

The Global Protection of Personal Health Data

The workshop is an activity of the IMIA Working Group ‘Security in Health Information Systems’ (SiHIS). It is focused to the growing global problem: how to protect personal health data in today’s global eHealth and digital health environment. It will review available trust building mechanisms, security measures and privacy policies. Technology alone does not solve this complex problem and current protection policies and legislation are considered woefully inadequate. Among other trust building tools, certification and accreditation mechanisms are dis-cussed in detail and the workshop will determine their acceptance and quality. The need for further research and international collective action are discussed. This workshop provides an opportunity to address a critical growing problem and make pragmatic proposals for sustainable and effective solutions for global eHealth and digital health.

A cloud-based intelligent computing system for contextual exploration on personal sleep-tracking data using association rule mining

With the development of wearable and mobile computing technology, more and more people start using sleep-tracking tools to collect personal sleep data on a daily basis aiming at understanding and improving their sleep. While sleep quality is influenced by many factors in a person’s lifestyle context, such as exercise, diet and steps walked, existing tools simply visualize sleep data per se on a dashboard rather than analyse those data in combination with contextual factors. Hence many people find it difficult to make sense of their sleep data. In this paper, we present a cloud-based intelligent computing system named SleepExplorer that incorporates sleep domain knowledge and association rule mining for automated analysis on personal sleep data in light of contextual factors. Experiments show that the same contextual factors can play a distinct role in sleep of different people, and SleepExplorer could help users discover factors that are most relevant to their personal sleep.