In this paper we define the notion of a privacy design strategy. These strategies help IT architects to support privacy by design early in the software development life cycle, during concept development and analysis. Using current data protection legislation as point of departure we derive the following eight privacy design strategies: MINIMISE, HIDE, SEPARATE, AGGREGATE, INFORM, CONTROL, ENFOR...

Protection of personal data is essential for customer acceptance. Even though existing privacy policies can describe how data shall be handled, privacy enforcement remains a challenge. Especially for existing applications, it is unclear how one can effectively ensure correct data handling without completely redesigning the applications. In this paper we introduce Privacy Injector, which allows ...

Data as a Service (DaaS) builds on service-oriented technologies to enable fast access to data resources on the Web. However, this paradigm raises several new privacy concerns that traditional privacy models do not handle since they only focus on the service interface without taking into account privacy constraints related to the data exchanged with a DaaS during its invocation. In addition, Da...

The phenomena of illegal disclosure of user privacy has become more serious considerably in the last years. How to protect user privacy and prevent user privacy from illegal disclosure has become of great interest to researchers. In this paper, we propose an approach of user privacy protection based on ontology inference. We create privacy ontology through detailed analysis of privacy domain. T...

We investigate a mechanism for secure remote logging to improve privacy guarantees in dynamic systems. Considering an extended threat model for privacy, we first describe outer and inner privacy: outer privacy expresses the traditional attacker model for privacy where identity management systems control the collection of personal, observable information; inner privacy denotes the threat posed b...

The U.S. department of Health and Human Services’ (HHS) Privacy Rule requires healthcare institutions to notify their customers about the institution’s privacy practices. Privacy practices are typically posted online in the form of privacy policy documents. We investigate the online privacy practices of three categories of healthcare Web sites –– pharmaceuticals, health insurance companies and ...

In the U.S., there is no comprehensive national law regulating the collection and use of personal information. As a response to the high level of privacy concerns among U.S. citizens and the currently limited regulations, states have enacted their own privacy laws over and above the principles of Fair Information Practices (FIP). In this exploratory study, we draw upon the privacy literature an...

Traditional approaches to differential privacy assume a fixed privacy requirement ε for a computation, and attempt to maximize the accuracy of the computation subject to the privacy constraint. As differential privacy is increasingly deployed in practical settings, it may often be that there is instead a fixed accuracy requirement for a given computation and the data analyst would like to maxim...

This paper concerns personal privacy and privacy protection in context-aware ubiquitous computing environments. It proposes a privacy ontology solution to facilitate automated processes in privacy control. The development of the privacy ontology is an integrated part of our ongoing effort towards a privacy-respecting middleware solution for context-aware systems.

Companies’ efforts to manage their information practices to produce transparent privacy policies have yielded mixed results. Web retailers detail such practices in their online privacy policies, but most of the time this information remains invisible to consumers. This paper reports on research undertaken to determine whether a more prominent display of privacy information will cause consumers ...