The Conceptual Basis of Personal Information in Australian Privacy Law

Australian privacy law regulates how government agencies and private sector organisations collect, store and use personal information. A coherent conceptual basis of personal information is an integral requirement of information privacy law as it determines what information is regulated. A 2004 report conducted on behalf of the UK’s Information Commissioner (the 'Booth Report') concluded that there was no coherent definition of personal information currently in operation because different data protection authorities throughout the world conceived the concept of personal information in different ways. The authors adopt the models developed by the Booth Report to examine the conceptual basis of statutory definitions of personal information in Australian privacy laws. Research findings indicate that the definition of personal information is not construed uniformly in Australian privacy laws and that different definitions rely upon different classifications of personal information. A similar situation is evident in a review of relevant case law. Despite this, the authors conclude the article by asserting that a greater jurisprudential discourse is required based on a coherent conceptual framework to ensure the consistent development of Australian privacy law.

Key competitiveness indicators for new real estate developers

Purpose – The paper aims to explore the key competitiveness indicators (KCIs) that provide the guidelines for helping new real estate developers (REDs) achieve competitiveness during their inception stage in which the organisations start their business. Design/methodology/approach – The research was conducted using a combination of various methods. A literature review was undertaken to provide a proper theoretical understanding of organisational competitiveness within RED's activities and developed a framework of competitiveness indicators (CIs) for REDs. The Delphi forecasting method is employed to investigate a group of 20 experts' perception on the relative importance between CIs. Findings – The results show that the KCIs of new REDs are capital operation capability, entrepreneurship, land reserve capability, high sales revenue from the first real estate development project, and innovation capability. Originality/value – The five KCIs of new REDs are new. In practical terms, the examination of these KCIs would help the business managers of new REDs to effectively plan their business by focusing their efforts on these key indicators. The KCIs can also help REDs provide theoretical constructs of the knowledge base on organisational competitiveness from a dynamic perspective, and assist in providing valuable experiences and in formulating feasible strategies for survival and growth.

Ecological and social characterization of key resource areas in Kenyan rangelands

Key resource areas (KRAs), defined as dry season foraging zones for herbivores, were studied relative to the more extensive outlying rangeland areas (non-KRAs) in Kenya. Field surveys with pastoralists, ranchers, scientists and government officials delineated KRAs on the ground. Identified KRAs were mapped based on global positioning and local experts' information on KRAs accessibility and ecological attributes. Using the map of known KRAs and non-KRAs, we examined characteristics of soils, climate, topography, land use/cover attributes at KRAs relative to non-KRAs. How and why do some areas (KRAs) support herbivores during droughts when forage is scarce in other areas of the landscape? We hypothesized that KRAs have fundamental ecological and socially determined attributes that enable them to provide forage during critical times and we sought to characterize some of those attributes in this study. At the landscape level, KRAs took different forms based on forage availability during the dry season but generally occurred in locations of the landscape with aseasonal water availability and/or difficult to access areas during wet season forage abundance. Greenness trends for KRAs versus non-KRAs were evaluated with a 22-year dataset of Normalized Difference Vegetation Index (NDVI). Field surveys of KRAs provided qualitative information on KRAs as dry season foraging zones. At the scale of the study, soil attributes did not significantly differ for KRAs compared to non-KRAs. Slopes of KRA were generally steeper compared to non-KRAs and elevation was higher at KRAs. Field survey respondents indicated that animals and humans generally avoid difficult to access hilly areas using them only when all other easily accessible rangeland is depleted of forage during droughts. Understanding the nature of KRAs will support identification, protection and restoration of critical forage hotspots for herbivores by strengthening rangeland inventory, monitoring, policy formulation, and conservation efforts to improve habitats and human welfare. (c) 2007 Elsevier Ltd. All rights reserved.

A matter of confidence : privacy compliance for connected-up enterprises

Governments around the world are increasingly investing in information and communications technology (ICT) as a means of improving service delivery to citizens. Government ICT adoption is also being driven by a desire to streamline information accessibility and information flows within government - both between different levels of government and between different departments at the same level. Increasing the availability of information internally and to citizens has clear and compelling benefits but it also carries risks that must be carefully managed. This talk will examine the implications of such E-government initiatives for a range of compliance obligations, with a focus on information privacy. It will review recent developments in the area of systems-based enforcement of privacy policies and the particular privacy challenges presented by the aggregation of geospatial information.

Influences of age and mechanical stability on volume, microstructure, and mineralization of the fracture callus during bone healing : Is osteoclast activity the key to age-related impaired healing?

Earlier studies have shown that the influence of fixation stability on bone healing diminishes with advanced age. The goal of this study was to unravel the relationship between mechanical stimulus and age on callus competence at a tissue level. Using 3D in vitro micro-computed tomography derived metrics, 2D in vivo radiography, and histology, we investigated the influences of age and varying fixation stability on callus size, geometry, microstructure, composition, remodeling, and vascularity. Compared were four groups with a 1.5-mm osteotomy gap in the femora of Sprague–Dawley rats: Young rigid (YR), Young semirigid (YSR), Old rigid (OR), Old semirigid (OSR). Hypothesis was that calcified callus microstructure and composition is impaired due to the influence of advanced age, and these individuals would show a reduced response to fixation stabilities. Semirigid fixations resulted in a larger ΔCSA (Callus cross-sectional area) compared to rigid groups. In vitro μCT analysis at 6 weeks postmortem showed callus bridging scores in younger animals to be superior than their older counterparts (pb0.01). Younger animals showed (i) larger callus strut thickness (pb0.001), (ii) lower perforation in struts (pb0.01), and (iii) higher mineralization of callus struts (pb0.001). Callus mineralization was reduced in young animals with semirigid fracture fixation but remained unaffected in the aged group. While stability had an influence, age showed none on callus size and geometry of callus. With no differences observed in relative osteoid areas in the callus ROI, old as well as semirigid fixated animals showed a higher osteoclast count (pb0.05). Blood vessel density was reduced in animals with semirigid fixation (pb0.05). In conclusion, in vivo monitoring indicated delayed callus maturation in aged individuals. Callus bridging and callus competence (microstructure and mineralization) were impaired in individuals with an advanced age. This matched with increased bone resorption due to higher osteoclast numbers. Varying fixator configurations in older individuals did not alter the dominant effect of advanced age on callus tissue mineralization, unlike in their younger counterparts. Age-associated influences appeared independent from stability. This study illustrates the dominating role of osteoclastic activity in age-related impaired healing, while demonstrating the optimization of fixation parameters such as stiffness appeared to be less effective in influencing healing in aged individuals.

Contextualizing the tensions and weaknesses of information privacy and data breach notification laws

Data breach notification laws have detailed numerous failures relating to the protection of personal information that have blighted both corporate and governmental institutions. There are obvious parallels between data breach notification and information privacy law as they both involve the protection of personal information. However, a closer examination of both laws reveals conceptual differences that give rise to vertical tensions between each law and shared horizontal weaknesses within both laws. Tensions emanate from conflicting approaches to the implementation of information privacy law that results in different regimes and the implementation of different types of protections. Shared weaknesses arise from an overt focus on specified types of personal information which results in ‘one size fits all’ legal remedies. The author contends that a greater contextual approach which promotes the importance of social context is required and highlights the effect that contextualization could have on both laws.

Centrally supported online surveys for research at QUT

We describe the introduction, service growth, benefits and holistic support approach of a centrally supported universitywide online survey tool for researchers at QUT. The online survey service employs the Key Survey software, and has grown into a significant service for QUT researchers since being introduced in 2009. Key benefits of the approach include the ability of QUT to handle important issues relating to data such as security, privacy, integrity, archiving & disposal. The service also incorporates a workflow process that enhances the institution’s ability to ensure survey quality control through controlled approval and pilot testing before any survey is widely released. An important issue is that a tool like this can make it very easy to do very poor research very quickly while creating lots of data, due to the absence of a rigorous methodology designed to reduce errors and collect accurate, comprehensive, timely data. With this in mind, a holistic approach to service provision and support has been taken, which has included the introduction of an integrated system of seminars, tools and workshops to get researchers thinking about the quality of their research while becoming operational quickly. The system of seminars, workshops, checks and approvals we have put in place at QUT is designed to ensure better quality outcomes for QUT’s research and the individual researchers concerned.

Automating computational proofs for public-key-based key exchange

We present an approach to automating computationally sound proofs of key exchange protocols based on public-key encryption. We show that satisfying the property called occultness in the Dolev-Yao model guarantees the security of a related key exchange protocol in a simple computational model. Security in this simpler model has been shown to imply security in a Bellare {Rogaway-like model. Furthermore, the occultness in the Dolev-Yao model can be searched automatically by a mechanisable procedure. Thus automated proofs for key exchange protocols in the computational model can be achieved. We illustrate the method using the well-known Lowe-Needham-Schroeder protocol.

Identifying key belief-based targets for promoting regular physical activity among mothers and fathers with young children

We investigated the key beliefs to target in interventions aimed at increasing physical activity (PA) among mothers and fathers of young children. Parents (288 mothers and 292 fathers) completed a Theory of Planned Behaviour belief-based questionnaire and a 1-week follow-up of PA behaviour. We found that a range of behavioural, normative, and control beliefs were significantly correlated with parents’ PA intentions and behaviour, with only a few differences observed in correlations between PA beliefs and intention and behaviour by gender. A range of key beliefs was identified as making independent contributions to parents’ PA intentions; however, the behavioural beliefs about improving parenting practices (β = 0.13), interfering with other commitments (β = −0.29); normative beliefs about people I exercise with (β = 0.20); and control beliefs about lack of time (β = −0.24), inconvenience (β = −0.14), lack of motivation (β = −0.34), were revealed as significant independent predictors of actual PA behaviour. Furthermore, we found that a limited amount of parents already hold these beliefs, suggesting that these key beliefs warrant changing and, therefore, are appropriate targets for subsequent intervention. The current study fills an empirical gap in the PA literature by investigating an at-risk group and using a well established theoretical framework to identify key beliefs that guide parents’ PA decision-making. Overall, we found support for parents being a unique group who hold distinctive behavioural, normative, and control beliefs toward PA. Attention to these key underlying beliefs will assist intervention work aimed at combating inactivity among this at-risk population.

Strengthening and formally verifying privacy in identity management systems

In a digital world, users’ Personally Identifiable Information (PII) is normally managed with a system called an Identity Management System (IMS). There are many types of IMSs. There are situations when two or more IMSs need to communicate with each other (such as when a service provider needs to obtain some identity information about a user from a trusted identity provider). There could be interoperability issues when communicating parties use different types of IMS. To facilitate interoperability between different IMSs, an Identity Meta System (IMetS) is normally used. An IMetS can, at least theoretically, join various types of IMSs to make them interoperable and give users the illusion that they are interacting with just one IMS. However, due to the complexity of an IMS, attempting to join various types of IMSs is a technically challenging task, let alone assessing how well an IMetS manages to integrate these IMSs. The first contribution of this thesis is the development of a generic IMS model called the Layered Identity Infrastructure Model (LIIM). Using this model, we develop a set of properties that an ideal IMetS should provide. This idealized form is then used as a benchmark to evaluate existing IMetSs. Different types of IMS provide varying levels of privacy protection support. Unfortunately, as observed by Jøsang et al (2007), there is insufficient privacy protection in many of the existing IMSs. In this thesis, we study and extend a type of privacy enhancing technology known as an Anonymous Credential System (ACS). In particular, we extend the ACS which is built on the cryptographic primitives proposed by Camenisch, Lysyanskaya, and Shoup. We call this system the Camenisch, Lysyanskaya, Shoup - Anonymous Credential System (CLS-ACS). The goal of CLS-ACS is to let users be as anonymous as possible. Unfortunately, CLS-ACS has problems, including (1) the concentration of power to a single entity - known as the Anonymity Revocation Manager (ARM) - who, if malicious, can trivially reveal a user’s PII (resulting in an illegal revocation of the user’s anonymity), and (2) poor performance due to the resource-intensive cryptographic operations required. The second and third contributions of this thesis are the proposal of two protocols that reduce the trust dependencies on the ARM during users’ anonymity revocation. Both protocols distribute trust from the ARM to a set of n referees (n > 1), resulting in a significant reduction of the probability of an anonymity revocation being performed illegally. The first protocol, called the User Centric Anonymity Revocation Protocol (UCARP), allows a user’s anonymity to be revoked in a user-centric manner (that is, the user is aware that his/her anonymity is about to be revoked). The second protocol, called the Anonymity Revocation Protocol with Re-encryption (ARPR), allows a user’s anonymity to be revoked by a service provider in an accountable manner (that is, there is a clear mechanism to determine which entity who can eventually learn - and possibly misuse - the identity of the user). The fourth contribution of this thesis is the proposal of a protocol called the Private Information Escrow bound to Multiple Conditions Protocol (PIEMCP). This protocol is designed to address the performance issue of CLS-ACS by applying the CLS-ACS in a federated single sign-on (FSSO) environment. Our analysis shows that PIEMCP can both reduce the amount of expensive modular exponentiation operations required and lower the risk of illegal revocation of users’ anonymity. Finally, the protocols proposed in this thesis are complex and need to be formally evaluated to ensure that their required security properties are satisfied. In this thesis, we use Coloured Petri nets (CPNs) and its corresponding state space analysis techniques. All of the protocols proposed in this thesis have been formally modeled and verified using these formal techniques. Therefore, the fifth contribution of this thesis is a demonstration of the applicability of CPN and its corresponding analysis techniques in modeling and verifying privacy enhancing protocols. To our knowledge, this is the first time that CPN has been comprehensively applied to model and verify privacy enhancing protocols. From our experience, we also propose several CPN modeling approaches, including complex cryptographic primitives (such as zero-knowledge proof protocol) modeling, attack parameterization, and others. The proposed approaches can be applied to other security protocols, not just privacy enhancing protocols.

Interaction, privacy and profiling considerations in local mobile social software : a prototype agile ride share system

Agile ridesharing aims to utilise the capability of social networks and mobile phones to facilitate people to share vehicles and travel in real time. However the application of social networking technologies in local communities to address issues of personal transport faces significant design challenges. In this paper we describe an iterative design-based approach to exploring this problem and discuss findings from the use of an early prototype. The findings focus upon interaction, privacy and profiling. Our early results suggest that explicitly entering information such as ride data and personal profile data into formal fields for explicit computation of matches, as is done in many systems, may not be the best strategy. It might be preferable to support informal communication and negotiation with text search techniques.

The key to successful implementation : project management of sustainable infrastructure provision

Delivering infrastructure projects involves many stakeholders. Their responsibilities and authorities vary over the course of the project lifecycle - from establishing the project parameters and performance requirements, to operating and maintaining the completed infrastructure. To ensure the successful delivery of infrastructure projects, it is important for the project management team to identify and manage the stakeholders and their requirements. This chapter discusses the management of stakeholders in delivering infrastructure projects, from their conception to completion. It includes managing the stakeholders for project selection and involving them to improve project constructability, operability and maintainability.

QoS-oriented resource allocation and scheduling of multiple composite Web services in a hybrid cloud using a random-key genetic algorithm

In cloud computing resource allocation and scheduling of multiple composite web services is an important challenge. This is especially so in a hybrid cloud where there may be some free resources available from private clouds but some fee-paying resources from public clouds. Meeting this challenge involves two classical computational problems. One is assigning resources to each of the tasks in the composite web service. The other is scheduling the allocated resources when each resource may be used by more than one task and may be needed at different points of time. In addition, we must consider Quality-of-Service issues, such as execution time and running costs. Existing approaches to resource allocation and scheduling in public clouds and grid computing are not applicable to this new problem. This paper presents a random-key genetic algorithm that solves new resource allocation and scheduling problem. Experimental results demonstrate the effectiveness and scalability of the algorithm.

Towards defining semantic foundations for purpose-based privacy policies

We define a semantic model for purpose, based on which purpose-based privacy policies can be meaningfully expressed and enforced in a business system. The model is based on the intuition that the purpose of an action is determined by its situation among other inter-related actions. Actions and their relationships can be modeled in the form of an action graph which is based on the business processes in a system. Accordingly, a modal logic and the corresponding model checking algorithm are developed for formal expression of purpose-based policies and verifying whether a particular system complies with them. It is also shown through various examples, how various typical purpose-based policies as well as some new policy types can be expressed and checked using our model.

If Big Brother comes to a venue near you! Employee surveillance issues and the communication professional

Todoy's monogers-drowing on the expertise of their IT professiono/s-privacy, key communication and control issues, the current legal climate, and ethical issues that communication professionals need to address to forestall future problems. lA questionnaire is included as a starting point for communication professionals to assess their own attitudes and values to workplace surveillance.