| 1. |
- Dayarathna, Rasika
(författare)
-
The Principle of Security Safeguards : Accidental activities
- 2008
-
Ingår i: Proceedings of the ISSA 2008 Innovative Minds Conference. - 9781868546930 ; , s. 81-98
-
Konferensbidrag (refereegranskat)abstract
- The principle of information security safeguards is a key information principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers. This paper takes a step to bridge the aforementioned knowledge gap by presenting an analysis of how data protection and privacy commissioners have evaluated the level of adequacy of security protection given to personal information in selected privacy invasive cases. This study addresses security measures used to protect personal information against accidental incidents. This analysis also lays a foundation for building a set of guidelines for data controllers on designing, implementing, and operating both technological and organizational measures used to protect personal information.
|
|
| 2. |
- Dayarathna, Rasika
(författare)
-
The principle of security safeguards: Unauthorized activities
- 2009
-
Ingår i: The Computer Law and Security Report. - : Elsevier BV. - 0267-3649 .- 1873-6734. ; 25:2, s. 165-172
-
Tidskriftsartikel (refereegranskat)abstract
- The principle of information security safeguards is a key information privacy principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers who are responsible for providing adequate protection. This paper takes a step toward bridging this knowledge gap by presenting an analysis of how Data Protection and Privacy Commissioners have evaluated the adequacy level of security protection measures given to personal information in selected privacy invasive cases. This study addresses both security measures used to protect personal information against unauthorized activities and the use of personal information in authentication mechanisms. This analysis also lays a foundation for building a set of guidelines that can be used by data controllers for designing, implementing, and operating both technological and organizational measures used to protect personal information.
|
|
| 3. |
- Dayarathna, Rasika
(författare)
-
Towards Bridging the Knowledge Gap between Lawyers and Technologists
- 2008
-
Ingår i: International Journal of Technology Transfer and Commercialisation. - 1470-6075 .- 1741-5284. ; 7:1, s. 34-43
-
Tidskriftsartikel (refereegranskat)abstract
- Although Information and Communication Technology (ICT) has made our lives more comfortable, it has also increased threats to our privacy by making the processing and storing of personal information more convenient and economical. Consequently, a huge demand has been created for the proper handling of personal information. Some countries have introduced data protection and privacy legislation measures to ensure the proper handling of personal information. Data controllers deploy organisational and technological measures to protect personal information. Technologists are then involved in designing, implementing and operating these measures to a great extent. It has been shown, however, that a knowledge gap exists between legal privacy advocates and technologists who protect personal information. In order to hold a healthy dialogue, a common platform must be created for technologists and legal privacy advocates. This paper proposes a methodology for bridging the knowledge gap between technologists and legal privacy advocates. This platform facilitates a way for both parties to have a fruitful dialogue.
|
|
| 4. |
- Dayarathna, Rasika
(författare)
-
Towards Comparing Personal Information Privacy Protection Measures
- 2007
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Privacy is a fundamental human right. Data controllers take measures to protect personal information that is processed. Data subjects are interested in the level of protection given to their personal information by data controllers. In determining the level of protection necessary for guarding personal information, an adequate level of protection against unauthorized and accidental activities is a key requirement. This thesis presents the findings of studies conducted on the nature of personal information and the risks of processing personal information. Two surveys were conducted in Sweden and Sri Lanka. Personal interviews and questionnaires with both structured and semi-structured questions were used to collect data. A documentary review was done to study how data protection and privacy commissioners have interpreted the principle of information security safeguards. The findings contribute to the knowledge base; they can subsequently be used for developing a method for comparing different protection levels. In addition to that, one paper in this thesis takes a step toward bridging the knowledge gap between legal privacy advocates and technologists. The list of protection measures can be used to evaluate, improve, and enhance personal information protection measures. Submitted to Stockholm University in partial fulfilment of the requirements for the degree of Licentiate of Philosophy
|
|
