Instituting Tobacco-Free Employee Policies: An Invasion of Privacy or an Employer’s Legal Right?

Rising health care costs are causing some employers to assess and regulate the health behaviors of their employees. Different approaches and levels of non-smoking regulations are discussed, and the legal parameters and challenges of regulating employees’ private behaviors are explored.

ARCHITECTING USER-CENTRIC PRIVACY-AS-A-SET-OF-SERVICES: DIGITAL IDENTITY RELATED PRIVACY FRAMEWORK

AbstractDigitalization gives to the Internet the power by allowing several virtual representations of reality, including that of identity. We leave an increasingly digital footprint in cyberspace and this situation puts our identity at high risks. Privacy is a right and fundamental social value that could play a key role as a medium to secure digital identities. Identity functionality is increasingly delivered as sets of services, rather than monolithic applications. So, an identity layer in which identity and privacy management services are loosely coupled, publicly hosted and available to on-demand calls could be more realistic and an acceptable situation. Identity and privacy should be interoperable and distributed through the adoption of service-orientation and implementation based on open standards (technical interoperability). Ihe objective of this project is to provide a way to implement interoperable user-centric digital identity-related privacy to respond to the need of distributed nature of federated identity systems. It is recognized that technical initiatives, emerging standards and protocols are not enough to guarantee resolution for the concerns surrounding a multi-facets and complex issue of identity and privacy. For this reason they should be apprehended within a global perspective through an integrated and a multidisciplinary approach. The approach dictates that privacy law, policies, regulations and technologies are to be crafted together from the start, rather than attaching it to digital identity after the fact. Thus, we draw Digital Identity-Related Privacy (DigldeRP) requirements from global, domestic and business-specific privacy policies. The requirements take shape of business interoperability. We suggest a layered implementation framework (DigldeRP framework) in accordance to model-driven architecture (MDA) approach that would help organizations' security team to turn business interoperability into technical interoperability in the form of a set of services that could accommodate Service-Oriented Architecture (SOA): Privacy-as-a-set-of- services (PaaSS) system. DigldeRP Framework will serve as a basis for vital understanding between business management and technical managers on digital identity related privacy initiatives. The layered DigldeRP framework presents five practical layers as an ordered sequence as a basis of DigldeRP project roadmap, however, in practice, there is an iterative process to assure that each layer supports effectively and enforces requirements of the adjacent ones. Each layer is composed by a set of blocks, which determine a roadmap that security team could follow to successfully implement PaaSS. Several blocks' descriptions are based on OMG SoaML modeling language and BPMN processes description. We identified, designed and implemented seven services that form PaaSS and described their consumption. PaaSS Java QEE project), WSDL, and XSD codes are given and explained.

Categorization of bibsonomy tags to apply privacy-preserving mechanisms.

In this technical report, we approach one of the practical aspects when it comes to represent users' interests from their tagging activity, namely the categorization of tags into high-level categories of interest. The reason is that the representation of user profiles on the basis of the myriad of tags available on the Web is certainly unfeasible from various practical perspectives; mainly concerningthe unavailability of data to reliably, accurately measure interests across such fine-grained categorization, and, should the data be available, its overwhelming computational intractability. Motivated by this, our study presents the results of a categorization process whereby a collection of tags posted at BibSonomy #http://www.bibsonomy.org# are classified into 5 categories of interest. The methodology used to conduct such categorization is in line with other works in the field.

Nurse educators’ perceptions of the way nursing students protect patient privacy

The aim of this study was to assess the teaching-learning process related to patient privacy during the care process and the way nursing students’ protect patient privacy. Descriptive/correlational study using a qualitative approach and nonprobability sampling of 19 nurse educators from two schools of nursing. Data was collected using semi-structured interviews. Data analysis was undertaken using the SPSS version 20 and Alceste 2010 programs. The study complied with ethical standards. Two classes were assigned (protection of patient privacy and care process) with four subcategories (protection, empathy, relational competencies and technoscientific competencies).The findings show the need to adopt a reflective approach to the teaching-learning process by using experiential learning activities and real-life activities. We believe that intimacy and the protection of privacy should be core themes of nurse education and training.

Privacy as a Tradeoff: Introducing the Notion of Privacy Calculus for Context-Aware Mobile Applications

Evidences collected from smartphones users show a growing desire of personalization offered by services for mobile devices. However, the need to accurately identify users' contexts has important implications for user's privacy and it increases the amount of trust, which users are requested to have in the service providers. In this paper, we introduce a model that describes the role of personalization and control in users' assessment of cost and benefits associated to the disclosure of private information. We present an instantiation of such model, a context-aware application for smartphones based on the Android operating system, in which users' private information are protected. Focus group interviews were conducted to examine users' privacy concerns before and after having used our application. Obtained results confirm the utility of our artifact and provide support to our theoretical model, which extends previous literature on privacy calculus and user's acceptance of context-aware technology.

Security, Privacy and Anonymity in Legal Distribution of Copyrighted Multimedia Content over Peer-to-Peer Networks: A Brief Overview

Peer-reviewed

Images of the future of privacy: A privacy dynamics framework and a causal layered

The future of privacy in the information age is a highly debated topic. In particular, new and emerging technologies such as ICTs and cognitive technologies are seen as threats to privacy. This thesis explores images of the future of privacy among non-experts within the time frame from the present until the year 2050. The aims of the study are to conceptualise privacy as a social and dynamic phenomenon, to understand how privacy is conceptualised among citizens and to analyse ideal-typical images of the future of privacy using the causal layered analysis method. The theoretical background of the thesis combines critical futures studies and critical realism, and the empirical material is drawn from three focus group sessions held in spring 2012 as part of the PRACTIS project. From a critical realist perspective, privacy is conceptualised as a social institution which creates and maintains boundaries between normative circles and preserves the social freedom of individuals. Privacy changes when actors with particular interests engage in technology-enabled practices which challenge current privacy norms. The thesis adopts a position of technological realism as opposed to determinism or neutralism. In the empirical part, the focus group participants are divided into four clusters based on differences in privacy conceptions and perceived threats and solutions. The clusters are fundamentalists, pragmatists, individualists and collectivists. Correspondingly, four ideal-typical images of the future are composed: ‘drift to low privacy’, ‘continuity and benign evolution’, ‘privatised privacy and an uncertain future’, and ‘responsible future or moral decline’. The images are analysed using the four layers of causal layered analysis: litany, system, worldview and myth. Each image has its strengths and weaknesses. The individualistic images tend to be fatalistic in character while the collectivistic images are somewhat utopian. In addition, the images have two common weaknesses: lack of recognition of ongoing developments and simplistic conceptions of privacy based on a dichotomy between the individual and society. The thesis argues for a dialectical understanding of futures as present images of the future and as outcomes of real processes and mechanisms. The first steps in promoting desirable futures are the awareness of privacy as a social institution, the awareness of current images of the future, including their assumptions and weaknesses, and an attitude of responsibility where futures are seen as the consequences of present choices.

A Study of Privacy Preserving Queries with Bloom Filters

This thesis focuses on the private membership test (PMT) problem and presents three single server protocols to resolve this problem. In the presented solutions, a client can perform an inclusion test for some record x in a server's database, without revealing his record. Moreover after executing the protocols, the contents of server's database remain secret. In each of these solutions, a different cryptographic protocol is utilized to construct a privacy preserving variant of Bloom filter. The three suggested solutions are slightly different from each other, from privacy perspective and also from complexity point of view. Therefore, their use cases are different and it is impossible to choose one that is clearly the best between all three. We present the software developments of the three protocols by utilizing various pseudocodes. The performance of our implementation is measured based on a real case scenario. This thesis is a spin-off from the Academy of Finland research project "Cloud Security Services".

Perception of privacy in smartphone applications: profiling users based on personality types.

This document is focused on studying privacy perception and personality traits of users in the context of smartphone application privacy. It is divided into two parts. The first part presents an in depth systematic literature review of the existing academic writings available on the topic of relation between privacy perception and personality traits. Demographics, methodologies and other useful insight is extracted and the available literature is divided into broader group of topics bringing the five main areas of research to light and highlighting the current research trends in the field along with pinpointing the research gap of interest to the author. The second part of the thesis uses the results from the literature review to administer an empirical study to investigate the current privacy perception of users and the correlation between personality traits and privacy perception in smartphone applications. Big five personality test is used as the measure for personality traits whereas three sub-variables are used to measure privacy perception i.e. perceived privacy awareness, perceived threat to privacy and willingness to trade privacy. According to the study openness to experience is the most dominant trait having a strong correlation with two privacy sub-variables whereas emotional stability doesn’t show any correlation with privacy perception. Empirical study also explores other findings as preferred privacy sources and application installation preferences that provide further insight about users and might be useful in future.

Analysis of Automotive Cybersecurity - Attack surfaces and users’ privacy concerns

Modern automobiles are no longer just mechanical tools. The electronics and computing services they are shipping with are making them not less than a computer. They are massive kinetic devices with sophisticated computing power. Most of the modern vehicles are made with the added connectivity in mind which may be vulnerable to outside attack. Researchers have shown that it is possible to infiltrate into a vehicle’s internal system remotely and control the physical entities such as steering and brakes. It is quite possible to experience such attacks on a moving vehicle and unable to use the controls. These massive connected computers can be life threatening as they are related to everyday lifestyle. First part of this research studied the attack surfaces in the automotive cybersecurity domain. It also illustrated the attack methods and capabilities of the damages. Online survey has been deployed as data collection tool to learn about the consumers’ usage of such vulnerable automotive services. The second part of the research portrayed the consumers’ privacy in automotive world. It has been found that almost hundred percent of modern vehicles has the capabilities to send vehicle diagnostic data as well as user generated data to their manufacturers, and almost thirty five percent automotive companies are collecting them already. Internet privacy has been studies before in many related domain but no privacy scale were matched for automotive consumers. It created the research gap and motivation for this thesis. A study has been performed to use well established consumers privacy scale – IUIPC to match with the automotive consumers’ privacy situation. Hypotheses were developed based on the IUIPC model for internet consumers’ privacy and they were studied by the finding from the data collection methods. Based on the key findings of the research, all the hypotheses were accepted and hence it is found that automotive consumers’ privacy did follow the IUIPC model under certain conditions. It is also found that a majority of automotive consumers use the services and devices that are vulnerable and prone to cyber-attacks. It is also established that there is a market for automotive cybersecurity services and consumers are willing to pay certain fees to avail that.

Openness and privacy in Ontario: an evaluation of the implementation of FIPPA : (The Freedom of Information and Protection of Privacy Act, 1987, Chapter 25 and Ontario Regulation 532/87) /

Since the early 1970's, Canadians have expressed many concerns about the growth of government and its impact on their daily lives. The public has requested increased access to government documents and improved protection of the personal information which is held in government files and data banks. At the same time, both academics and practitioners in the field of public administration have become more interested in the values that public servants bring to their decisions and recommendations. Certain administrative values, such as accountability and integrity, have taken on greater relative importance. The purpose of this thesis is to examine the implementation of Ontario's access and privacy law. It centres on the question of whether or not the Freedom of Information and Protection of Privacy Act, 1987, (FIPPA) has answered the demand for open access to government while at the same time protecting the personal privacy of individual citizens. It also assesses the extent to which this relatively new piece of legislation has made a difference to the people of Ontario. The thesis presents an overview of the issues of freedom of information and protection of privacy in Ontario. It begins with the evolution of the legislation and a description of the law itself. It focuses on the structures and processes which have been established to meet the procedural and administrative demands of the Act. These structures and processes are evaluated in two ways. First, the thesis evaluates how open the Ontario government has become and, second, it determines how Ill carefully the privacy rights of individuals are safeguarded. An analytical framework of administrative values is used to evaluate the overall performance of the government in these two areas. The conclusion is drawn that, overall, the Ontario government has effectively implemented the Freedom of Information and Protection of Privacy Act, particularly by providing access to most government-held documents. The protection of individual privacy has proved to be not only more difficult to achieve, but more difficult to evaluate. However, the administrative culture of the Ontario bureaucracy is shown to be committed to ensuring that the access and privacy rights of citizens are respected.

Wireless privacy and personalized location-based services: the challenge of translating the legal framework into business practices

L'avancement des communications sans-fil permet l'obtention de nouveaux services bases sur l'habileté des fournisseurs de services sans-fil à déterminer avec précision, et avec l'utilisation de technologies de pistage, la localisation et position géographiquement d'appareils sans-fil Cette habileté permet d'offrir aux utilisateurs de sans-fil de nouveaux services bases sur la localisation et la position géographique de leur appareil. Le développement des services basés sur la localisation des utilisateurs de sans-fil soulevé certains problèmes relatifs à la protection de la vie privée qui doivent être considérés. En effet, l'appareil sans-fil qui suit et enregistre les mouvements de I 'utilisateur permet un système qui enregistre et entrepose tous les mouvements et activités d'un tel utilisateur ou encore qui permet l'envoi de messages non anticipes à ce dernier. Pour ce motif et afin de protéger la vie privée des utilisateurs de sans-fil, une compagnie désirant développer ou déployer une technologie permettant d'offrir ce genre de services personnalisés devra analyser l'encadrement légal touchant la protection des données personnelles--lequel est dans certains cas vague et non approprié à ce nouveau contexte--ainsi que la position de l'industrie dans ce domaine, et ce, afin d'être en mesure de traduire cet encadrement en pratiques commerciales. Cette analyse permettra d'éclairer le fournisseur de ces services sur la façon d'établir son modèle d'affaires et sur le type de technologie à développer afin d'être en mesure de remédier aux nouveaux problèmes touchant la vie privée tout en offrant ces nouveaux services aux utilisateurs de sans-fil.