Science topic

Data Protection - Science topic

Explore the latest questions and answers in Data Protection, and find Data Protection experts.
Questions related to Data Protection
  • asked a question related to Data Protection
Question
2 answers
The impact of digital health technologies on healthcare system is becoming relevant day in day out and its adoption is making access to to patient care more easily accessible.
Introduction of deep learning into the security of EHR data is one of the areas that is being looked into, to ascertain better protection of these sensitive personal identifiable data.
Your input will help a lot to ensure great achievement of this project.
Relevant answer
Answer
Is there a specific view of security you are thinking of, or is this just a wide and general question?
Thinking of security with respect to network/cyber attacks, then Electroni Health Records simply inherit the same deep learning techniques that can be applied to any networked systems/applications (perhaps with some diffeent 'value' calclulations as to the monetary expression of the damage done in such an attack).
If this question is about privacy concerns and data use - who has access to and whwo uses your data, then mostly the access controlls and logging of data access are within the EHR applications themselves (EHR, personal health record or any system/application that looks after health information).
The are also in some networked environments with multiple actors, there are audit logs that can be inspected (the IHE ATNA being an example). I know of a few real world examples (but with no accademic publications) where such logs were inspected and the evidence of un-authorised access (or miss use of authorised access) was proven. Since this activity is looking for patterns in a log file (or set of log files with some correlation) then this looks to me exactly like the kind of problem that deeo learning could be applied to. Note "who" is looking at "what" data implies you need to know the identities of the "who" in a real world context that would confirm or deny that they are allowed to look at "whatever-it-is".
In private healthcare based economies, your insurance premiums are based on your declared health. Health insurance companies may use deep learning tools in analysis of their customers health records - but this is ouutside of my experience and it is of course linked to the legality of doing this (which I am surer varies from country to country).
Effectively though, this kind of deep learning would ook like a specialisation of the kind of deep learning applied to fraud (specialised for healthcare insurance premiums and delcarations).
I am sure there are other areras. Computer architecture that results in multiple copies of healthcare data items and records leads to ambiguity in records - where is the source of truth. You can see how in the above fraud example any ambiguity might lead to loopholes for fraudulent activity or put a consumer in a position where they find it difficult to prove their health records. I am not sure if deep learning would be applicable here, when inspection of the architeture would tell you about this potential-duplicates problem.
Your question seems quite wide, I hope my contribution is useful for you and I haven't missed the poiont of your question.
  • asked a question related to Data Protection
Question
4 answers
As an important factor of production, data is actively protected by criminal law in most countries, such as Germany and the United States.
But where is the boundary of criminal law protection?
How can protection be achieved for the entire data life cycle (fetch, process, expose, store, and destroy)?
What are the differences between criminal law obligations undertaken by different subjects (platforms, countries and individuals)?
please give me your answer
Relevant answer
Answer
Laws will definitely govern the life cycle, as you put it, of any data collected. Needless to say, different jurisdictions/countries will have their own respective laws on the matter. One concept of relatively recent development in "destroying" data collected is the "right to be forgotten."
  • asked a question related to Data Protection
Question
3 answers
I obtained a dataset from an official body. The data is tabulated so in the cells there are actual case numbers. When the numbers are lower than three but higher than zero they are intentionally removed as a result of data protection. I wanted to run an imputation model to impute those numbers in SPSS. However the model impute values lower than zero (even minus 56). When I put the options like one for the lowest value and two for the highest value the process ends with empty cells. Does anyone recommend anything to overcome this obstacle?
Kind regards.
Relevant answer
Answer
@Erdem Erkoyun, you could also use median number as a replacement of missing numbers and rerun the model.
This link maybe useful
"Hands-on with Feature Engineering Techniques: Imputing Missing Values | by Younes Charfaoui | Heartbeat" https://heartbeat.comet.ml/hands-on-with-feature-engineering-techniques-imputing-missing-values-6c22b49d4060
  • asked a question related to Data Protection
Question
5 answers
My name is Laura Lomax and I am an undergraduate student at the University of Bolton completing my 3rd-year project, under the supervision of Professor Jerome Carson. My study is examining whether adverse childhood experiences (ACES), affect an individual’s level of flourishing in adulthood.
Your participation should take approximately 10-15 minutes and will require minimal demographic information such as age, gender, and country. There are two questionnaires to complete, with eight short questions at the end. The first questionnaire consists of 10 questions regarding Adverse Childhood Experiences and the second questionnaire has a total of 23 questions that all relate to one’s flourishing.
Participation in the study is voluntary and you are free to withdraw from the study at any time before the last question. Completing the survey is giving your consent to participate. Once you have completed the questionnaire and pressed ‘submit’, you will no longer be able to withdraw from the study. Please note that all responses to this study are completely anonymous and your identity will remain unknown throughout. Once submitted, all data will be stored in line with the General Data Protection Regulation. The only people with access to the results are the researcher and her supervisor.
This study has been approved by the Psychology Department’s ethical committee, which adheres to the British Psychological Society’s guidelines. It is not my intention to cause you any psychological distress, however, some questions are of a sensitive nature that you may find distressing. If this is the case, or if you are interested in receiving any support about any issues raised in this study, please contact the following helplines:
Samaritans (UK & Ireland) – Call 116 123
CALM – 0800 58 58 58
Thank you for taking the time to complete the study. Should you feel you require any additional information concerning this study either before completing it or afterwards, please do not hesitate to contact me via email at ll6eps@bolton.ac.uk My supervisor’s details are J.Carson@bolton.ac.uk
Warm Regards
Laura
Relevant answer
Answer
Hi, I am looking for participants for the study if you are able to take part? x
  • asked a question related to Data Protection
Question
6 answers
The EU General Data Protection Regulation (GDPR) is among the world’s toughest data protection laws. Under the GDPR, the EU’s data protection authorities can impose fines of up to up to €20 million (roughly $2,372,000), or 4 percent of worldwide turnover for the preceding financial year—whichever is higher.
Since the GDPR took effect in May 2018, we’ve seen over 800 fines issued across the European Economic Area (EEA) and the U.K. Enforcement started off somewhat slow. But between July 18, 2020, and July 18, 2021, there was a significant increase in the size and quantity of fines, with total penalties surging by around 113.5%. And that was before the record-breaking fine against Amazon—announced by the company in its July 30 earnings report—which dwarfed the cumulative total of all GDPR fines up until that date.
Top 10 fines so far:
  1. Amazon — €746 million
  2. Google – €50 million
  3. H&M — €35 million
  4. TIM – €27.8 million
  5. British Airways – €22 million
  6. Marriott – €20.4 million
  7. Wind — €17 million
  8. Vodafone Italia — €12.3 million
  9. Notebooksbilliger.de — €10.4 million
  10. Eni — €8.5 million
Relevant answer
Answer
Dear Mr. Sekulovic!
You pointed to an important issue. There might be a need for studies depicting the context and impact of this regulation package:
1) Karen Yeung, Lee A. Bygrave (2021). Demystifying the modernized European data protection regime: Cross-disciplinary insights from legal and regulatory governance scholarship, Regulation & Governance Early View, 04 May 2021, Open access:
2) Hallinan D. (2021) Biobank Oversight and Sanctions Under the General Data Protection Regulation. In: Slokenberga S., Tzortzatou O., Reichel J. (eds) GDPR and Biobanking. Law, Governance and Technology Series, vol 43. Springer, Cham. https://doi.org/10.1007/978-3-030-49388-2_8 Available at:
3) Ilse Heine (2021). 3 Years Later: An Analysis of GDPR Enforcement, Center for Strategic & International Studies, Sept., 13, 2021, Free access: https://www.csis.org/blogs/strategic-technologies-blog/3-years-later-analysis-gdpr-enforcement
Yours sincerely, Bulcsu Szekely
  • asked a question related to Data Protection
Question
3 answers
Hello. I am conducting a psychological research study with participants in the UK, and I want to know what privacy and data protection rules there are about recording participants' microphone audio and camera video for research purposes. We have a video-conferencing simulation with a virtual human (recorded actor) and would like to record short clips of participants' audio and video during the video interaction. Is this possible, and, if so, what types of informed consent and data protection need to be provided?
Thank you so much.
Relevant answer
Answer
Your question is very interesting, thank you for taking me into account
  • asked a question related to Data Protection
Question
1 answer
Given the privacy and data protection concern, is there a good place to get anonymous runners training data for their previous marathon for academic research purpose? What are that proper ways to ask companies, such as Garmin, Strava etc. for a dataset for research purpose?
Relevant answer
Answer
As a runner, user of Garmin and Strava, and someone who has dabbled in the analytics space, I think that this is a really interesting question. First, Kaggle has a number of data sets on marathon prediction and some kernels that attempt to solve that problem. You can find them with this query:
Second, getting data from Strava would be more challenging. While the have an API you can use with athletes' permission described here:
they have a ToS prohibiting doing analytics on their data:
I suggest asking their developer forum to see how to get permissions for doing analytics.
Third and last, I found this fitness database called fitabase that is de-identified. Never used it, but thought I would mention it is there:
  • asked a question related to Data Protection
Question
3 answers
Data Protection and Privacy- Comparative perspective
Relevant answer
Answer
send details " inbox"
  • asked a question related to Data Protection
Question
5 answers
Even though the idea of a "pay with money not with data" principle is not new in the literature, so far this idea has not translated into domestic legislation. Why? Are there hurdles or obstacles to it? if so, of what nature (legal, political, financial)? If such principle were to be implemented, what should be the features of a corresponding legal provision under domestic law? Regarding the international regulatory framework of data protection, you are welcome to look at my last research on the matter at :
Relevant answer
Answer
Interesting question for sure. There is a semantic difficulty since "paying" somewhat presuppose a financial transaction with money. While data is certainly something that worth money, it requires quite a lot of intermediate steps to do so.
Any basic website collects automatically lot of data (connection logs, information on browser and location, sessions...). To distinguish data collected as payment from data collected not as payment might not be very easy (you would need to carefully examine the use of data in many steps).
  • asked a question related to Data Protection
Question
3 answers
The compatibility of DLT-based applications with the GDPR has been reviewed in the past years, but the conclusions were in general not very sharp. Often, scholars underscored the fact that compatibility or lack thereof can only be assessed on a case-by-case basis. This is at least the conclusion I drew in my article on the matter, available at :
.Yet, I wonder if, with the recent developments in technology and applications, and with the better understanding of how the GDPR is implemented, time has come for a renewed assessment of the relationship between the two. Are there ways to make DLT applications a priori GDPR compatible? if so, how? Or, to the contrary, are DLT a priori not meeting the GDPR requirements? and if so why and what should be fixed when it comes to concrete use cases?
Many thanks for a lively discussion.
Christian Pauletto
Relevant answer
Answer
It's definitely tricky, as you have two opposing principles:
1) What happens on the blockchain, stays on the blockchain
2) The GDPR "right to be forgotten"
This implies that you can certainly never place any form of personal information on a blockchain, but only links to or hashes of such information. However, this in turn breaks another principle, namely that you should never sign something you don't know the content of. What happend if the information that is pointed to changes? Is it possible to perform a birthday attack on the hash by preparing two different messages with the same hash?
  • asked a question related to Data Protection
Question
4 answers
CALL FOR CONTRIBUTIONS
Cyber-Physical Systems in Pandemic Monitoring and Management
Special Issue for the Cyber-Physical Systems Journal
Cyber-Physical Systems in Pandemic Monitoring and Management
This special issue addresses the timely theme of tackling challenges associated with managing infectious diseases.  As witnessed in the outbreaks of many infectious diseases such as SARS and swine flu over the past couple of decades, and more recently another wave of global pandemic, the substantial volume of human traffic from country to country has posed substantial challenges to public health systems.
Utilizing integrated solutions of computation, networked sensors, and physical processes; cyber-physical systems are well-suited as monitoring systems for effective disease-spread simulation analysis that enables health resource management in tackling the current global epidemic as well as any infectious disease outbreaks that may happen in the future.
Given the urgent need for modeling disease transmission behavior in highly infectious risk areas and mitigation strategies under different outbreak circumstances, this special issue invites manuscript submissions in the following topics, but not limited to:
  • Physical processes in air quality control for ventilation enhancement
  • Disease transmission and spread modelling
  • Pandemic data protection and management system architecture
  • Social impact and socio-technology development of CPS in healthcare
  • Data mining and analytics for analyzing public health data
  • Model-based design, validation and implementation of CPS
  • Model driven disease transmission simulation
  • Transportation scenarios in confined spaces (e.g. trains, ships, airplanes)
  • Sensor networks
  • Data Fusion of epidemiological knowledge
  • Ethical and regulatory issues concerning CPS deployment in fighting pandemic
For details please visit:
Important Dates
Paper submission due: October 15, 2020
Notification of decision: December 23, 2020
Revision due: January 15, 2021
Acceptance notification: February 28, 2021
Approximate publication date: Spring 2021, subject to journal publication schedules
Relevant answer
Answer
Thank you for this post
  • asked a question related to Data Protection
Question
4 answers
Hello everyone, right now I am working in the very initial phase of a dissertation proposal revolving around the Article 16 and Article 17 of the EU GDPR, and compliance of a Blockchain model to it.
Relevant answer
Answer
Whether the blockchain is permissioned or not does not make any difference regarding Art. 16 and 17 GDPR. As long as the blockchain has the standard functionality that you cannot modify any data once they have been included in the blockchain, you can by definition not satisfy the requirements regarding correction or erasure.
A workaround is that the personal data are stored within the blockchain, but the blockchain only contains a link to the personal data. Then you cannot modify the link but you can modify the data itself since they are outside the blockchain.
  • asked a question related to Data Protection
Question
16 answers
Over 10000 people from 84 countries have already participated. Survey available in 24+ languages. In order to join, please visit: https://www.yashchawla.in/corona-virus
Description: Researchers, policymakers and societies alike are increasingly discussing the New Corona Virus (COVID-19) situation, globally and in their respective countries of residence. The European Commission, national governments and private foundations invest large amounts of money for research, focusing on finding the potential cure for the virus.
In line with these developments, our international research consortium is conducting a research survey to better understand public awareness, opinions of COVID-19, and the role of various communication channels in the propagation of myths and facts. We invite you to participate in this anonymous survey, as learning about your opinions will help us to provide recommendations to both, research institutions and policymakers, regarding the process of effective communication with society. The results of this survey will be published in international academic outlets, with no identifiers to individual respondents. The data collection procedures are in-line with the General Data Protection Regulations (GDPR).
Relevant answer
Answer
I have sent the survey to some colleagues and encouraged their participation.
On another note my work has focused on global citizenship education and competence, as well as diversity, equity, and inclusion. I find that this Covid-19 issue has highlighted the continued need to develop Global Citizenship Education program, as well as global citizenship competencies in today's students. There have been numerous examples from around the world (and so many in the US) of people ignoring the well being of their families and communities in order to go to Spring Break, go to a ski resort, or have 1 last party before leaving campus. In each of these cases participants got sick and brought this home to their loved ones and their community. This has led to increases in the spread of the virus, which has directly led to an increase in the number of deaths.
If anything this pandemic has showed that unchecked globalization, without the global citizenship competencies needed to balance it, is dangerous to us all, and a silver lining would be an increase in the promotion of these competencies across higher education institutions.
I would like to discuss this with you and see if we can collaborate on some future research. I will email you.
  • asked a question related to Data Protection
Question
8 answers
A need for Data Protection Officers is emerging very fast. After adoption of GDPR, organizations worldwide need hundreds of thousands of DPOs. Are universities ready, are there enough data privacy programs/courses that putts together information security and law?
Relevant answer
Answer
Agree with Ralf's views on this. Universities can look at industry linked programs in Risk and Compliance space and privacy can be covered under that.
  • asked a question related to Data Protection
Question
12 answers
Do you think Data Protection Officer should be a lawyer or an infosec expert? Since it is very hard to get 2 in 1 in one person, do you thing that DPO should be a team of at least two people?
GDPR says:
The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.
Article 39
Tasks of the data protection officer
1.   The data protection officer shall have at least the following tasks:
(a) to inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions;
(b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
(c) to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;
(d) to cooperate with the supervisory authority;
(e) to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.
2.   The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
Relevant answer
Answer
Thank you very much for a comprehensive and helpful answer! I myself am an Information Security Manager, and also an Operational Risk Manager in my institution and I am pretty much familiar with your experiences. So I think, definitely, a lawyer and an infosec manager should make a DPO team. Lawyers know the legislation and infosec managers know standards and data protection side of the story. It's like two sides of the same coin, both necessary for a good privacy management.
Dear Mr.
Syed Hassan
Thank you very much for good wishes! All the best to you too in the coming year!
Best Regards,
Rajko Sekulović
  • asked a question related to Data Protection
Question
3 answers
I am looking for case studies of actual privacy risks. At the core of privacy and data protection impact assessments, we find the concept of 'risk' meaning - in this case - the probability of a threat to personal data and the possible harm or damage caused by this threat. E.g. I fall victim to a phishing attack and the attacker gains access to my bank account, the actual harm being that my account is emptied. Another example would be that my account at a social media platform is hacked and my identity is used to "go shopping".
Now, one finds a lot of literature on privacy (PIA) and data protection impact assessments (e.g. the edited volume by Wright and De Hert (2012) on PIA), on the potential risks of low levels of data security (e.g. Rosner, Kenneally (2018): Clearly Opaque: Privacy Risks of the Internet of Things), on technological and organization standards (e.g. ISO 27001 on Information security management), or on the regulatory frameworks of privacy and data protection (e.g. everything on the details of the GDPR in the EU). But I have a hard time to find research results evaluating actual risks similar to your risk to fall victim to a traffic accident, have your home being broken into, or get cancer.
I would welcome any hint to empirical publications on actual privacy risk analysis be it from medical, social, internet-based or any other research that you consider as most important. I am *not* looking for literature on how to conduct privacy and data protection impact assessments or standards for this purpose. Thank you.
Relevant answer
Answer
This is a great question, and inspired to me to look for some quantification of the risk and probability of data breaches and harm. Found the following reports which may be of interest. They are largely from security companies and insurance companies, which would have access to this kind of data and might need data like that to set insurance policies.
  • asked a question related to Data Protection
Question
8 answers
Has the the the GDPR effectuated the application and enforcement of data protection controls in the non-European countries? How has it impacted on your own country's legal system (if applicable)?
Relevant answer
Answer
Japan changed its legislation in order to get an adequacy decision from the European Commission and South Korea is in the way to do the same. There is a clear convergence trend from some countries who aspire to have a free flow of personal data with the EU. In my opinion, the EC rushed with the Japanese decision which should had set an example as it was the first after the application of the GDPR started to be applicable but the EU wanted to apply it in parallel with the EU/Japan trade agreement so it could not wait any more. I am finishing a paper on the topic if you want to check the draft you can send me a message.
  • asked a question related to Data Protection
Question
3 answers
Hi,
I am participating in a scientific study. Our general aim is to collect financial information about the amount of the funds that natural protected areas are using (and a breakdown of the spending of those funds), and what is the estimated budget needed for the PA system to achieve its objectives (the ideal budget). At the country level, or broken down in individual protected areas. 
Apart from that, we have more specific questions, like how much would it cost to create new protected area, and how much is the positive economic value of the protected area, taking into account ecosystem services and visitor-based income. 
📷
If you were so kind as to help me, I would be very grateful. Many thanks and best regards
Relevant answer
Answer
Hard to find the data on the Internet.
Ecosystem service approach is still not used properly, but hopefully some rough estimates exist. Perhaps Robertina Brajanoska can help.
Visitors don't pay for entrance yet, so that income is 0.
  • asked a question related to Data Protection
Question
11 answers
The General Data Protection Regulation (GDPR) has been in force since May 2018 and thus for almost a year. Do you know of cases in which fines were imposed for violating the requirements of the GDPR? How high were these fines and which companies were affected? Background of the question are the fears of the fines at that time (up to 20 million Euro or in the case of a company up to 4% of the total worldwide annual turnover of the previous business year). To what extent were these fears justified?
Relevant answer
Answer
The report is in German but it covers other EU countries as well.
  • asked a question related to Data Protection
Question
4 answers
Implementation of GDPR will reduce the access to personal data by the corporations in several aspects. The effects will have several pros and cons for the economy and business. What are the prospects that GDPR will effect?
Relevant answer
Answer
Please read my papers below for my take on the GDPR's impact on non-EU businesses, in particular on the controversial topics of extraterritorial applicability and cross-border data transfer:
  • asked a question related to Data Protection
Question
10 answers
I was wondering what the feelings were (esp for those in the EU) about the new General Data Protection Regulation (GDPR) that comes online in 4 months...
Relevant answer
Answer
I have set out some analyses of the GDPR from the perspective of non-EU businesses, in the following research pieces, feel free to have a read:
  • asked a question related to Data Protection
Question
19 answers
In my opinion, information contained in posts, posts, comments on social media portals can be used as research material, which can be used for scientific research if appropriate standards of ethics and personal data protection are maintained.
In view of the above, I am asking you: Does the information contained in posts, posts, comments on social media portals can be used for scientific research?
Please reply.
I invite you to the discussion
Thank you very much
Best wishes
Dear Friends and Colleagues of RG
The problems of the analysis of information contained on social media portals for marketing purposes are described in the publication:
I invite you to discussion and cooperation.
Best wishes
Relevant answer
Answer
I agree they can be used as material for a research. As said above, by some researchs, the context, the purposes, the methods used are important to consider this as material to study some issue from a scientific point of view.
  • asked a question related to Data Protection
Question
7 answers
The ongoing saga of improper access to personal medical data continues despite the multitude of computing standards for data protection.
Could Blockchain ensure the security of patient data while allowing access to appropriate healthcare staff?
Relevant answer
Answer
The answer is yes !!!
  • asked a question related to Data Protection
Question
3 answers
Dear colleagues,
I will be really thankful if you share your experience , research, pre-prints on the impact of GDPR on planning and executing the surveys. How you achieve the consent for data protection? Whaat is the respondent reaction? What is the response rate after GDPR? We expect some decrease, for now more visible in online surveys than in face-to-face.
Relevant answer
Answer
Dear Ekaterina, I enclose a copy of the Baker McKenzie report titled, GDPR National Legislation Survey issued in January 2018 and it covers a number of your queries.
  • asked a question related to Data Protection
Question
3 answers
The GDPR seems to be more a protectionist initiative for large and rich publishers. They say that "the GDPR improves transparency and data privacy rights of individuals", but seems to be an initiative to restrict science and reduces the access to information, but is it? Please you must say what your opinion.
Relevant answer
Answer
GPDR can be considered in many aspects.
For small organizations, this will involve many new responsibilities. It will also affect honest and high standards - as there will be a need to document compliance with these standards, while it has been sufficient to comply with them so far.
Larger organizations are likely to feel less because they are more formalized and bureaucratic anyway.
There will be fear of penalties, which may limit some activities. While most probably agree that abuses and uncontrolled trade in personal data should be limited, the problem of borderline events, taken in good faith, will also appear, which, however, can also be interpreted as abuse and transgression.
Will this improve the protection of the right to privacy? It really depends on people and their awareness. The last affair with Facebook showed how easy private data can be used, but on the other hand people should be able to count on such a situation by sharing their data on the Internet. No regulation can replace reason and caution.
Will it affect learning and information flow? I do not think so much. If these regulations were in force many years ago, today we would probably know that the AIDS patient traveled a lot and was homosexual - because they influenced the way the disease spread and that it affected homosexuals in the first place, but we would not know the name this patient, which does not matter to understand the mechanism of disease spread.
I work in data recovery. This is a very sensitive area when it comes to confidentiality and data security. If someone entrusts me with his medium, he expects that the data I will recover will not be disclosed to anyone else or to a jealous wife or police - if I suspect that they may be evidence of a crime. On the other hand, if the client is, for example, the Police, it is not my role to protect someone's intimate secrets that concern legal but very personal matters.
Usually I do not analyze the contents of the media, unless I am explicitly asked for it, so I do not even know about many ethically doubtful situations. However, over the years I have seen something like this several times that I had serious doubts as to how to proceed. Always prevailed loyalty to the client. He is the owner of the data and he is responsible for their use.
  • asked a question related to Data Protection
Question
5 answers
I am currently working on a catalogue of good practices in the sphere of privacy and data protection learning and this information will help me decide if to include your project in the catalogue.
Thank you in advance,
Dilyana
Relevant answer
Answer
Thank you very much and all the best with the project,
Dilyana
  • asked a question related to Data Protection
Question
11 answers
The use of big data to target groups with advertising is a mild form of manipulation but considering all the things that it could be used for, good and bad, how can a set of ethics be maintained until there is some way of policing the internet. There is a very fine line between using big data to protect people to using it to control people.
Relevant answer
Answer
  • Almost fifty years ago, it was clearly acknowledged by leading authorities of that time (1967) that data and publications had already got out of hand -- "surfeit-data syndrome".
  • Today even the accomplished specialist cannot claim to be remaining abreast of all developments in her/his field.
  • Big data, if applied to science and scientific discovery, will lead to a catastrophic nightmare of confusion and abolition of straight thinking. This is not just a warning, it is a guarantee from a person at the frontier of medical research for almost three decades now.
  • People will then think through numbers and statistics.
  • asked a question related to Data Protection
Question
3 answers
I am wondering particularly in light of the new general data protection regulation coming into force across Europe shortly. We found data protection presented a significant challenge in our long term cohort follow up study.
Relevant answer
Answer
This is a really good question, and the general issue has recently come up in my work. I looked around for studies, and found a couple of analysis of its effects. They seem to point out that there is an exception for "research," but the definition of "research" can vary by EU member state. Anonymization is said to help with the restriction, but pseudo anonymization, where data can be re-identified, has particular issues. Here are links I saw that may be helpful:
  • asked a question related to Data Protection
Question
7 answers
Today, in the UK, the Department of Digital, Culture, Media and Sport (DCMS) announced that organisations could face a fine of 4% of global turnover or £17 million for the failure of critical infrastructure, including within energy, water, transport, and health. Overall it is part of the UK's response to an EU directive on Network and Information Systems (NIS), and levies the same levels of fines of GDRP (which focuses on data protection).
This also comes on the back of recent power-related outages at BA and Capita, which led to serious problems their systems. A key focus is that organisations will be required to prove that they have a disaster recovery plan in place, and have plans to enact it on serious incidents.
But, will fines actually improve things or will auditors and the legal industry be rubbing their hands with the increasing fees for the work?
Relevant answer
Answer
 I'm tempted to say "let's wait and see", but I suspect that the GDPR may end up being just so much smoke - everyone is currently in a frenzy, worrying about the 4% of global turnover fines, but will they actually ever be levied? Or will we just see the customary wrist-slapping from the respective DPAs?
  • asked a question related to Data Protection
Question
3 answers
When working with collaborators in Switzerland it became obvious that the government shot itself in the foot when regulating the use and transfer of patient data. Even some of the simple anonymized statistical data sets require permission from the ethics committee.
These country-specific regulations also serve as a barrier to entry when asking someone for a data set from a published paper in order to replicate their experiments to see if these experiments are reproducible. 
In your experience, what are the best countries (including Asia), where data transactions for research purposes are not regulated and most fluid? 
Relevant answer
Answer
Here is an article discussing the privacy laws between the EU and the US: 
As for the determination of the best country, it will depend on your preset determining factors.
  • asked a question related to Data Protection
Question
3 answers
I am doing reseach on electronic solutions to substitute the Excel/Word checklist to facilitate the Inspectors' tasks and then a possible second phase to support the centres' preparations. Do members have any suggestions of solutions that you have seen and that could work as an alternative to the current Excel file? One requirement is that the solution is hosted in the EU to meet data protection requirements.
Relevant answer
Answer
Very kind of you Bob. I will read it with interest.
Thank you.
Eoin
  • asked a question related to Data Protection
Question
11 answers
Hello! I am doing Master of Laws in Criminal Procedure in São Paulo (Brazil) and my dissertation involves data protection according to its sensitivity aspect. The main objective of my dissertation is to study the classification of data, mainly the sensitive category, i.e., when this category came up, in which context this category came up, how can I define sensitive data, which parameters could be used to conclude that a data is sensitive, etc. Does anyone have/know any article/book related to this subject? Tks
Relevant answer
Answer
Dear Arthur, you might consider what he says to his profession. Everything should be monetized.
Then sencibilidade a document is directly linked to the value that it has, or projuízo would cause if disclosed.
In my profile you will find many articles on privacy and data loss and data leakage.
Estou em Campinas caso precise.
  • asked a question related to Data Protection
Question
2 answers
Relevant answer
Answer
I assume you are referring to web app security assessment.
  • asked a question related to Data Protection
Question
8 answers
Hello people,
how can i evaluate the security on IoT 
Any suggestion, resource or comment will help
Thank you! 
Relevant answer
Answer
The evaluation of any security devices is in fact an evaluation of security algorithms and security implemented protocols. However, the evaluation in not mainly related to Devices. For example we evaluate AES or RSA cipher algorithms regardless they are implemented in smart card or in a router. 
  • asked a question related to Data Protection
Question
2 answers
I need to used Weka tool for analyse the anonymization algorithms
Relevant answer
Answer
can i use weka for data anonymization.Please explainme
  • asked a question related to Data Protection
Question
8 answers
I am interested to find the advantages for each method , because there are a  lot of researchers used k-anonymity and they were make many enhancement to it. Some others worked on l-diversity also for protecting sensitive data privacy.If anyone know other techniques I appreciate that..  
Relevant answer
Answer
Authentication User’s Privacy: An Integrating Location Privacy Protection Algorithm for Secure Moving Objects in Location Based Services
read this paper also related reference it will help you .
  • asked a question related to Data Protection
Question
9 answers
Hello everybody,
Which algorithm of anonymous data is more useful to preserve a big data from a data analizer. For example I want to outsourcing a database for data mining. What is the effective data anonimizing in the big data to protect the personal infomation? 
Relevant answer
Answer
The first issue with any public-use file (open data) is providing a file that allows reproduction of 1-2 (but hopefully more) analyses that might be performed the the original, non-public file prior to the 'masking' of certain fields to prevent re-identification. If the file has valid analytic properties, then the data producer should (attempt to) justify that re-identification of a small proportion of individuals is exceptionally difficult or impossible.
 This has been an open area of research for 35+ years. Do a bunch of tabulations (queries) with the underlying microdata in a manner so that individuals cannot reconstruct the underlying microdata from the tabulations (even when noise (epsilon) is added in a suitable manner). At one point, major database groups and IBM concluded that it was an impossible problem (even after millions in dollars of NSF support).
 In the mid 1990s, Latanya Sweeney (then a CS Ph.D. student at MIT, now a Harvard professor) took an 'anonymized' set of health data from Massachusetts State employees and showed how to re-identify most of them using a Massachusetts voter registration database. The health data had been anonymized by removing individual's names, SSNs, heath insurance IDs, doctor's names, hospital names and just about any other identifiers that individuals could think of. For analytic purposes, ZIP codes, sex, and date-of-birth were left in the file and these fields were used to re-identify more than 70% of the individuals in the file, including the Governor.
 In 2003 Dinur and Nissim provided methods with rigorous guarantees on the privacy.
Dinur, I., and Nissim, K. (2003), “Revealing Information while Preserving Privacy,” ACM PODS Conference, 202-210.
Much of the work in recent years has been on improving analytic properties.
Dwork, C. (2008), “Differential Privacy: A Survey of Results,” in (M. Agrawal et al., eds.) TAMC 2008, LNCS 4978, 1-19.
Barak, B., Chaudhuri, K., Dwork, C., Kale, S., McSherry, F., and Talwar, K. (2007), “Privacy, Accuracy, and Consistency Too: A Holistic Solution to Contingency Table Release,” PODS ’07, Beijing, China.
Hardt, M,, Ligget, K., and McSherry, F. A (2010), A simple and practical algorithm for differentially private data release, available at http://arxiv.org/abs/1012.4763 .
Over the last seven years, the American Statistical Association has had three invited paper sessions at their Annual Meeting on differential privacy. Different groups would like to provide 'protected' microdata with guarantees on privacy and on valid analytic properties.
The answer is that there are presently no systematic methods of both assuring analytic properties and privacy. As long as your original data are suitably clean (this is not always assured in many databases), then your tabulations should be valid. Unfortunately, there are very sophisticated methods of working backwards from the tabulations to subsets of the microdata. Look at the following for improved methods of working backwards from the tabulations to the microdata.
Dwork, C. and Yekhanin, S. (2008), “New Efficient Attacks on Statistical Disclosure Control Mechanisms,” Advances in Cryptology—CRYPTO 2008, to appear, also at http://research.microsoft.com/research/sv/DatabasePrivacy/dy08.pdf .
Many CS and other researchers have shown how to re-identify with seemingly innocuous files.  The used public-use IMDB information to re-identify individuals in the Netflix public-use that Netflix subsequently took down.
Narayanan, A. and Shmatikov, V. (2008), Robust De-anonymization of Large Sparse Datasets, Proceedings of the 2008 IEEE Symposium on Security and Privacy, 111-125.
  • asked a question related to Data Protection
Question
5 answers
The future data protection package includes a General Regulation and a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data.
However, the data protection package initially leaves unaffected Prüm regime as was pointed out by the European Data Protection Supervisor (Opinion of the European Data Protection Supervisor on the data protection reform package, 7 March 2012, 443, page 68 ).
The Amendment 6 of EU Parliament (14 March 2014) introduced it. (EP legislative resolution of 12 March 2014 COM(2012)0010 – C7-0024/2012 – 2012/0010(COD)) Today (4 December 2014) is in discussion within the Council (http://eur-lex.europa.eu/procedure/EN/201285)
I am interested in know any comments or articles regarding this question, thanks!
Relevant answer
This paper perhaps does not respond to your question but is a good overview of the efforts to come to common ground and to identify the minimum standards between US-EU privacy law 
  • asked a question related to Data Protection
Question
3 answers
Hi All. I'm Khairil from Malaysia.
Currently, I've being working on developing a model / framework regarding the Data Leakage Protection for government sector. Does anyone have references? Thank you so much for your help.
Relevant answer
Answer
these are reference articles which discussed about data leakage protection and model, hopefully can help you.
  • asked a question related to Data Protection
Question
7 answers
Patient clinical data is private and acquiring it for research especially by researchers outside the affiliation to healthcare organisations can be close to impossible. Even when such data is anonymised.
Can patient data be simulated? Will it then be considered applicable for use in a research?
Are there any samples of simulated data which can be tested?
Relevant answer
Answer
I also agree with Lazaridis, Ngafeeson and Aghatise. Simulated data is possible, and results based on them even publishable, as long as it refers to simulation. Its connection to real clinical outputs, however, remains doubtful, precisely because it is based on a simulation.
  • asked a question related to Data Protection
Question
4 answers
Dear colleagues, we are looking for data on informality among firms in Latin America, and comparisons to other emerging regions.
In particular, we would like to know estimates of the share of firms not registered (while they should); or firms paying taxes, etc...
Apparently, some household surveys include the question, but we would favor firm surveys.
Many thanks!
Note: The WB Entreprise survey only surveys formal firms, and how they compete with informal ones.
Relevant answer
Answer
Gracias Fabio! I'll take a look (although I doubt that most workers know whether their employers are registered or pay taxes...)
  • asked a question related to Data Protection
Question
4 answers
The data protection can be studied in the two different angles, that is technical and legal. Can we consider data security as a technical issue and data protection as a legal issue?
Relevant answer
Answer
The challenges of data protection/security in an organization include:
-Availability of trained staff (from user to administrator)
-Regular training of master trainers as new threats are always growing
-Bringing all machines on the network 
-Disabling USB data storage devices
-Controlled access to internet
-SAN for data storage and archiving
-Effective group policies
-Regular updating/upgrading of OS
-Installation of antivirus software and its regular updating
-Legal support / supporting policies/Laws
-& physical security as an additional protection layer
Data protection is bigger picture and can be see as institutional issue where as  data security is an organizational matter and it deals more with technicalities or implementation of data protection policies. 
  • asked a question related to Data Protection
Question
1 answer
Using file entropy or the chi square test seems to generate too many false positives (i.e., encrypted files are reported as unencrypted).
Perhaps one can use the FRSS score mentioned on page 12 here (https://www.utica.edu/academic/institutes/ecii/publications/articles/A0B3DC9E-F145-4A89-36F7462B629759FE.pdf), but I'm not sure how to apply that patch to SleuthKit.
Any ideas?
Relevant answer
Answer
I can understand the opposite: unencrypted data being classified as encrypted. This can happen if data is compressed, thus increasing the entropy to the max limit (at least should). One thing that might help is to first identify the encoding of the source (e.g., raw or base64 encoded, quoted_printable, ...) Once this is know, the limit of entropy is also identified. Another practical issue, is to skip the initial blocks of the source file (e.g., the header info of a zip file will have low entropy, but actual encrypted content afterwards will be as random as they should).
  • asked a question related to Data Protection
Question
2 answers
My main concern is how to identify individuals who are prone to manifest psychological or social problems even in a well-managed and friendly working environment, without infringing their personal space and having in consideration data protection issues.
Relevant answer
Answer
I have done research and published on spatial position and movement in groups
as non-verbal behavior. There is some evidence that controlling for cultural definitions of permitted spatial closeness, those who infringe such boundaries and or, who move around a lot in a stable group such as a classroom, business or military group (after four sessions) are possibly alien to or uncomfortable with the group. There is also a difference depending on seat position, in dominant and minority group status, possible detection of pro or con attitudes toward authority or peers in the group. Experiments on spatial distance from others controlling for culture maybe class, might indicate emotional disturbance. Marking territory and defense of territory in invasion experiments also identifies dominants and "strangers" in the group. I would like to do more research on this topic that could benefit the field, also business and security, but would want to be recompensed. Also, many other nonverbal behaviors indicate cultural, class and other origins. Gilda Haber, PhD
  • asked a question related to Data Protection
Question
6 answers
Is jurisprudence of privacy law different from jurisprudence of data protection law?
Relevant answer
Answer
Confidentiality assumes full protection of any information relating to a person. Data protection legislation intended to ensure the integrity of the exclusive list of personal information about a person who strictly listed in a specific legislative act.
  • asked a question related to Data Protection
Question
2 answers
Like techniques for ensuring the integrity of data on the server-side (the service providers) or during the transfer of the data.
Relevant answer
Answer
hi ahmed. You can search for provable data possession for cloud data integrity.
  • asked a question related to Data Protection
Question
3 answers
In Clinical database management system, researchers can handle enormous patient records. Those records may consist of sensitive information. How to preserve the individual privacy of patients in clinical data management and biobank?
Relevant answer
Answer
This topic is of high-interest at OHRP right now and at every conference I've been to where a representative from OHRP is present, this issue is addressed by referring back to http://www.hhs.gov/ohrp/policy/reposit.html and specifically the guidance at http://www.hhs.gov/ohrp/policy/cdebiol.html. OHRP views personally identifiable private information stored as data synonymous with tissue samples, even if it's coded but could possibly be linked to specific individuals by the investigator(s) either directly or indirectly through a key (available to the investigator). There are exceptions spelled out in the guidance so take a close look to see if your project meets one of the exclusions.