Science topic

Information Privacy - Science topic

Explore the latest questions and answers in Information Privacy, and find Information Privacy experts.
Questions related to Information Privacy
  • asked a question related to Information Privacy
Question
3 answers
How viAct sticks to data privacy norms to fulfill GDPR and other privacy compliance?
Relevant answer
Answer
viAct is GDPR absolute complaint.
  • asked a question related to Information Privacy
Question
5 answers
Answers in the survey will be analyzed through a hybrid multi-criteria decision-making model, and the data privacy act will be followed. We are willing to have you as our co-authors with your participation in the research. We humbly request your assistance in answering this survey. We would also like to kindly ask that you not share any information about our research with others due to its novelty/uniqueness. We intend to publish this as a peer-reviewed scientific journal in the future.
Feel free to message me to let me know, thanks!
Relevant answer
Answer
Peter Broadhurst Thank you peter, sent you a message. Please check. Have a great day!
  • asked a question related to Information Privacy
Question
3 answers
I was exploring differential privacy (DP) which is an excellent technique to preserve the privacy of the data. However, I am wondering what will be the performance metrics to prove this between schemes with DP and schemes without DP.
Are there any performance metrics in which a comparison can be made between scheme with DP and scheme without DP?
Thanks in advance.
Relevant answer
Answer
Dear Anik Islam Abhi,
You may want to review the data below:
What is differential data privacy?
Differential privacy (DP) is a system for publicly sharing information about a dataset by describing the patterns of groups within the dataset while withholding information about individuals in the dataset.
Why is differential privacy so important?
Preventing attackers from access to perfect data This deniability aspect of differential privacy is important in cases like linkage attacks where attackers leverage multiple sources to identify the personal information of a target.
What is privacy budget in differential privacy?
Also known as the privacy parameter or the privacy budget. (i) When ε is small. (ε,0)-differential privacy asserts that for all pairs of adjacent databases x, y and all outputs M, an adversary cannot distinguish which is the true database on the basis of observing the output.
What is differential privacy in machine learning?
Differential privacy is a notion that allows quantifying the degree of privacy protection provided by an algorithm on the underlying (sensitive) data set it operates on. Through the lens of differential privacy, we can design machine learning algorithms that responsibly train models on private data.
How much is enough choosing Epsilon for differential privacy?
... The recommended values for ε vary in a big interval, from as small as 0.01 and 0.1 to as big as 7
Who uses differential privacy?
Apple launched differential privacy for the first time in macOS Sierra and iOS 10. Since then, we have expanded to other use cases such as Safari and Health types.
Differential Privacy: General Survey and Analysis of Practicability in the Context of Machine Learning
Franziska Boenisch
  • asked a question related to Information Privacy
Question
5 answers
While there are multiple researches that have been conducted to understand the importance of free will and data privacy in the context of neuromarketing, I am yet to come across a study which quantifies the issues. Would appreciate any suggestion on this, to help with my coursework. Thanks.
Relevant answer
Answer
The external influences on the work - profession, familiar life and so on.
The social conditions and relations with other people, also, I think influence the ethical issues of Neuromarketing.
  • asked a question related to Information Privacy
Question
4 answers
Dear all,
I have an epidemiological questionnaire for a project that I am currently involved. We need to use a web-based questionnaire for the patients, but the questionnaire will include personal and other confidential information about the patients. Could you suggest a web-based questionnaire tool which accepts this type of information and with high data privacy? As far as I know, SurveyMonkey and LimeSurvey are widely used in psychology research, but I am not quite sure that these fit for our purpose.
Many thanks
  • asked a question related to Information Privacy
Question
4 answers
Currently, due to the data privacy and security concerns, there are less institutes willing to share their data. What can be done by both medical and computer science domain to deal with the issue?
Relevant answer
Answer
The current state of cybersecurity in the world doesn't allow or makes it prohibitively expensive for an easy access to open-sourced medical data. The lesser of the two evils must be chosen.
  • asked a question related to Information Privacy
Question
1 answer
As Proposed by Cynthia Dwork, A Differential privacy gain a lots of attention nowadays in the field of Data Privacy.
Also, there are various version of Differential Privacy(DP), Mainly used either Local DP or Global DP.
Can anyone suggest Which DP is best/good for which Data Types??
Relevant answer
Answer
The General Data Protection Regulation (GDPR) is a robust privacy law that was created by the European Union (EU) in 2016 and became effective in 2018. ... The purpose of the GDPR is to update digital security for the citizens of the EU by giving them a higher level of control on the personal information they share online.
  • asked a question related to Information Privacy
Question
7 answers
Considering the use of facial recognition cameras on autonomous vehicles, the storage of data collected, the security of the data and access, do UK data privacy laws go far enough to protect peoples rights?
Relevant answer
Answer
Great question - given the attitude afforded by the Investigatory Powers Act in the UK, there is a huge privacy concern posed by CAVs. These are essentially mobile surveillance systems and the concern is how footage from the onboard interior and exterior facing cameras is used and whether state bodies can request access to these. Lots of really questions surrounding CAV use and development in the UK.
Very best wishes, James.
  • asked a question related to Information Privacy
Question
2 answers
xAPI is the new e-learning specification to outsmart SCORM. Any recommendation on undertaking Data privacy assessment?
Thanks!
Relevant answer
Answer
Hi.,
xAPI works by producing simple statements, consisting of a noun, verb and object. For example, Jack has completed Basic Business Math. The statement that's produced lets you know what e-learning Jack has accessed and exactly when it was completed. This information is stored in the Learning Record Store (LRS).
The main data structure used by xAPI to describe tracked experiences is called a statement.The XAPI service enables you to call any of the application XAPIs and return results which can then be used by a later step in the business process.
xAPI statement
  1. Get a library. Visit the code libraries page and download the library. ...
  2. Install the library. Follow the installation instructions to include your library in a project. ...
  3. Configure the LRS. You need to configure the library to send the statement to your LRS. ...
  4. Send the statement. Great!
  • asked a question related to Information Privacy
Question
6 answers
I have just started working on big data privacy and i found that privacy issues with unstructured data is not being focused much. therefore, i am thinking to work on it. Kindly provide any material or suggestion related to this topic.
Thanks in advance.
Relevant answer
Answer
Dear Ekhlas A. Hussein,
I would like to add a few words to this discussion on this important topic. The issue of privacy protection in Big Data analysis for unstructured data is an important and developmental topic. Due to the fact that more and more companies, enterprises, corporations, public and financial institutions use the analytics of large sets of internal data (generated in a specific economic entity or institution) and external (obtained from the Internet), use Big Data Analytics platforms, so the importance of information security and data obtained from various sources, archived and processed will increase. As part of improving the security systems of computerized Big Data Analytics platforms and the data stored on these platforms, intelligent gateway and firewall solutions are created when these platforms download data from the intranet and the Internet. In addition, the systems of institutional email applications are being improved in order to reduce the scale of successful cybercriminal attacks by cybercriminals using malware and ransomware viruses hidden in spamming.
Regards,
Dariusz Prokopowicz
  • asked a question related to Information Privacy
Question
6 answers
I was exploring federated learning algorithms and reading this paper (https://arxiv.org/pdf/1602.05629.pdf). In this paper, they have average the weights that are received from clients as attached file. In the marked part, they have considered total client samples and individual client samples. As far I have learned that federated learning has introduced to keep data on the client-side to maintain privacy. Then, how come the server will know this information? I am confused about this concept.
Any clarification?
Thanks in advance.
Relevant answer
Answer
Thanks for your input. I have their codes. They have followed the same. I have attached their code below.
  • asked a question related to Information Privacy
Question
3 answers
Can anybody share with me a dataset from smart factory that we can use for experiments related to privacy / data anonymization / data protection?
Thanks.
Relevant answer
Answer
Dear Agnes Koschmider,
Have you got any datasets? Can you share it with me?
  • asked a question related to Information Privacy
Question
4 answers
What are the priorities that need to be addressed for AI systems to be dependable and trustworthy?
Data-intensive AI systems are expanding rapidly and are affecting many aspects of our daily life. While effectiveness of AI systems is growing, their dependability and trust seems to be endangered. Redefining and dealing with issues like data security, data privacy are among the key challenges AI systems are facing. What is your opinion on that?
Relevant answer
Answer
Maybe this will bring some fresh perspektives:
"The Black Box" phenomenon:
According to the Merriam-Webster online dictionary, a black box is “a usually complicated electronic device whose internal mechanism is usually hidden from or mysterious to the user; broadly: anything that has mysterious or unknown internal functions or mechanisms.” As organizations advance to implementing Type III and Type IV AI technologies (see below..) — utilizing machines or platforms that can learn on their own or communicate with each other — how the algorithms are operating becomes less transparent or understandable.
→ The black box factor will become more and more of a challenge as an organization’s AI activities become more sophisticated.
To illustrate, what I mean in detail, I invite you to read a little bit further on:
Types of AI
In The Conversation’s “Understanding the four types of AI, from reactive robots to self-aware beings,” Arend Hintze, assistant professor of Integrative Biology & Computer Science and Engineering at Michigan State University, outlines four types of AI:
Type I. Reactive machines: This is AI at its simplest. Reactive machines respond to the same situation in exactly the same way, every time. An example of this is a machine that can beat world-class chess players because it has been programmed to recognize the chess pieces, know how each moves, and can predict the next move of both players.
Type II. Limited memory: Limited memory AI machines can look to the past, but the memories are not saved. Limited memory machines cannot build memories or “learn” from past experiences. An example is a self-driving vehicle that can decide to change lanes because a moment ago it noted an obstacle in its path.
Type III. Theory of mind: Theory of mind refers to the idea that a machine could recognize that others it interacts with have thoughts, feelings, and expectations. A machine embedded with Type III AI would be able to understand others’ thoughts, feelings, and expectations, and be able to adjust its own behavior accordingly.
Type IV. Self-awareness: A machine embedded with Type IV AI would be self-aware. An extension of “theory of mind,” a conscious or self-aware machine would be aware of itself, know about its internal states, and be able to predict the feelings of others.
In other words, a Type II self-driving vehicle would decide to change lanes when a pedestrian is in its path, simply because it recognizes the pedestrian as an obstacle. A Type III self-driving vehicle would understand that the pedestrian would expect the vehicle to stop, and a Type IV self-driving vehicle would know that it should stop because that is what the self-driving vehicle would want if it (the self-driving vehicle) were in the path of another oncoming vehicle. Wow.
Most “smart machines” today are manifestations of Type I or Type II AI. Ongoing research and development initiatives will enable organizations to advance toward practical applications of Type III and Type IV AI.
AI Opportunities and Risks
The first step toward understanding the organization’s AI opportunities and risks is to thoroughly understand the organization’s big data opportunities and risks.
Opportunities
– The ability to compress the data processing cycle.
– The ability to reduce errors by replacing human actions with perfectly repeatable machine actions.
– The ability to replace time-intensive activities with time-efficient activities (process automation), reducing labor time and costs.
– The ability to have robots or drones replace humans in potentially dangerous situations.
– The ability to make better predictions, for everything from predicting sales of certain goods in particular markets to predicting epidemics and natural catastrophes.
– The ability to drive revenue and grow market share through AI initiatives.
Risks
– The risk that unidentified human biases will be imbedded in the AI technology.
– The risk that human logic errors will be imbedded in the AI technology.
– The risk that inadequate testing and oversight of AI results in ethically questionable results.
– The risk that AI products and services will cause harm, resulting in financial and/or reputational damage.
– The risks that customers or other stakeholders will not accept or adopt the organization’s AI initiatives.
– The risk that the organization will be left behind by competitors if it does not invest in AI.
– The risk that investment in AI (infrastructure, research and development, and talent acquisition) will not yield an acceptable ROI.
Maybe you concentrate on a certain area of AI application, so to focus to a more specific approach, maybe industry specific or competency specific, like this categorisation implies:
AI Competencies
– Natural language processing
– API´s (Application program interfaces) such as facial recognition, image analytics, and text analytics
– Algorithms and advanced modeling
– Probabilities and applied statistics
– Data analytics
– Software engineering / Programming language
– Machine learning
– Computer vision
– Robotics
So, finally, let´s have a look on a AI Framework
Such a Framework can be comprised of three components:
AI Strategy, AI Governance, and the Human Factor
An organization’s AI strategy might be an obvious extension of the organization’s overall digital or big data strategy. It should be a deliberate AI strategy consistent with the organization’s objectives.
AI governance
1 General
AI governance refers to the structures, processes, and procedures implemented to direct, manage, and monitor the AI activities of the organization in pursuit of achieving the organization’s objectives. The level of formality and structure for an organization’s AI governance will vary based on the specific characteristics of that organization.
→ → AI governance establishes accountability and oversight, helps to ensure that those responsible have the necessary skills and expertise to effectively monitor AI, and helps to ensure the organization’s values are reflected in its AI activities. This last point should not be overlooked or given little attention.
→ → AI activities must result in decisions and actions that are in line with the ethical, social, and legal responsibilities of the organization.
2 Data Architecture & Infrastructure
AI data architecture and infrastructure will likely be one in the same as the organization’s architecture and infrastructure for handling big data. It includes considerations for:
– The way that data is accessible (metadata, taxonomy, unique identifiers, and naming conventions).
– Information privacy and security throughout the data lifecycle (data collection, use, storage, and destruction).
– Roles and responsibilities for data ownership and data use throughout the data lifecycle.
3 Data Quality
The completeness, accuracy, and reliability of the data on which AI algorithms are built are critical. Unfortunately, it is not unusual for organizations to have a poorly defined, incoherent structure to their data. Often, systems do not communicate with each other or do so through complicated add-ons or customizations. How this data is brought together, synthesized, and validated is crucial.
4 S-M-A-R-T / Performance
As organizations integrate AI into their activities, metrics should be defined to (maybe?..) show how AI activities are aligned to business objectives and business strategy.
The Human Factor
Algorithms are developed by humans. Human error and biases (both intentional and unintentional) will impact the performance of the algorithm. The human factor component considers whether:
– The risk of unintended human biases factored into AI design is identified and managed.
– AI has been effectively tested to ensure that results reflect the original objective.
– AI technologies can be transparent given the complexity involved.
– AI output is being used legally, ethically, and responsibly.
It is widely recognized that human error is the most common cause of information privacy and security breaches. Similarly, the human factor component addresses the risk of human error compromising the ability of AI to deliver the expected results.
  • asked a question related to Information Privacy
Question
3 answers
Hoping to get some insight on your idea or contribution towards the privacy of data in e-mental health services and applications.
Kindly leave a comment of thought towards data privacy especially in Europe.
This is my survey and i am collecting data (anonymous) about what you think about having your sensitive data out there.
please follow the link to my survey.
would Appraciate it
Relevant answer
Answer
Privacy is a part of a transaction security in online transactions, and it require a good mutual out of band multi-factor client - server authentication and data in transit encryption.
  • asked a question related to Information Privacy
Question
6 answers
As far as I know, Egypt is the last country which enacted the Data Protection Law on 13 July 2020. Accordingly, the total number of countries with data protection law is 143. Is there any update other than this?
Relevant answer
Answer
Thanks for this interested question. Agree with
Syed Hassan
  • asked a question related to Information Privacy
Question
8 answers
Data sharing increases utilization of data requiring protection of privacy of the data owner.
There are a number of regulations that try to make sure that data custodians ensure the privacy of data subjects. However, these regulations do not seem to hold during pandemics, not to mention data privacy dangers that arise due to limited effectiveness of privacy systems as well as algorithms' data leaks.
What are the possible dangers of data privacy during corona pandemic that you think of?
Relevant answer
Answer
A very good substantive question. During the SARS-CoV-2 (Covid-19) coronavirus pandemic, the scale of digitization and internationalization of remote communication processes, remote work, e-learning, online shopping and payments, etc., and many other aspects of communication processes, economic processes, increased, financial, social etc. The scale of using ICT, Internet and Industry 4.0 information technologies in these processes has increased. On the other hand, there are doubts whether the pace of improvement of cybercrime risk management systems, the risk of data transfer in the Internet, the risk of viruses and viruses and malware in smartphones used by users of the mobile internet banking application, etc. is keeping pace with the current progress determined by the increase in the digitization and Internetisation of communication processes. , economic, financial, social and other processes.
Best regards, Have a nice day, Stay healthy!
Dariusz Prokopowicz
  • asked a question related to Information Privacy
Question
3 answers
I am interested to know if anyone has conducted online studies with a hierarchical linear modelling design in the field of education involving teachers and their students or in a similar field involving coach/mentor/supervisor and their athletes/employees? What platforms have you used and how has it been compatible with data privacy? What kind of ethical issues have you encountered?
Relevant answer
Answer
Intresting topic
  • asked a question related to Information Privacy
Question
2 answers
I have recently started studying genomic data privacy and it seems the field is relatively new. I am looking for the existing problems. Implementing Homomorphic encryption or differential privacy has a lot going on. Can anyone suggest any other existing challenges?
Relevant answer
Answer
Given that the main routes to breach privacy are
- identity tracing,
- attribute disclosure attacks using DNA (ADAD)
- and completion of sensitive DNA information*,
the main questions would emerge from each of these distinct yet overlapping issues.
Genomic privacy though, I would argue, isn't necessarily about the academic exercise (fascinating as one might find it), but rather a more and more pressing issue, given the development of AI, as well as the various regulatory frameworks concerning data and individual privacy...
I do hope this may have been of some use, though I'm sure a lot has happened in the field since the question was posted. Best of luck with your research!
  • asked a question related to Information Privacy
Question
29 answers
Currently l am thinking of perusing research computing, ideal area cybersecurity problems and IoT, so far proposed research title "security risk assessment in IoT systems: Data privacy and security" any suggestions please experts
Relevant answer
DOI: 10.1109/ACCESS.2019.2946400
  • asked a question related to Information Privacy
Question
9 answers
How does public policy impact the use of internet and help industries invade our privacy? Does fundamental rights (such as that of freedom to express and right to personal privacy) come into play?
Relevant answer
Answer
Dear Ridha Dhawan,
In my opinion, people who use various information services available on the Internet have very different knowledge about the security of personal data posted on various social media portals and / or transferred via various instant messaging and other Internet media. High variation in this knowledge results from different experiences, and above all from possible negative experiences of loss of sensitive data on the Internet or other effects of cyber criminals' activities. People who have less knowledge in this matter are willing to post more personal data about themselves on social media portals. In a situation of greater awareness of the emerging threats in this matter, Internet users use specific actions, practices (e.g. not opening e-mails of unknown origin) and instruments (e.g. anti-virus applications, frequent updating of operating systems). Therefore, Internet users who are individual clients of social media portals and other new Internet media have varied awareness of various aspects of the risk of potential loss of personal data in the Internet, etc., however, they do not examine these risks instrumentally. On the other hand, enterprises, mainly large corporations, financial institutions, including internet banks, build and improve risk management systems for IT systems connected to the Internet, etc. I have described this issue in more detail in some of my publications available on the Research Gate portal. I invite you to cooperation.
Best regards,
Dariusz Prokopowicz
  • asked a question related to Information Privacy
Question
22 answers
The protection of private life is essential since a possible injury might be impossible to repair. The video gives a larger view of the invasion of private life caused by social media with a distinct emphasis on FB as the first mover in this business, but in the end only refers to possible financial damages. In my opinion the safety of the internet transactions is only a secondary aspect of a much bigger problem, which is protection of privacy on internet. I am asking for you opinion.
Relevant answer
Answer
Privacy and social media are in a paradoxical relationship.
  • asked a question related to Information Privacy
Question
8 answers
A need for Data Protection Officers is emerging very fast. After adoption of GDPR, organizations worldwide need hundreds of thousands of DPOs. Are universities ready, are there enough data privacy programs/courses that putts together information security and law?
Relevant answer
Answer
Agree with Ralf's views on this. Universities can look at industry linked programs in Risk and Compliance space and privacy can be covered under that.
  • asked a question related to Information Privacy
Question
6 answers
For providing Big Data privacy, its important that utility of the data/mining result should be preserved. For that before implementing anything, first we need to prove the concept/idea mathematically/theoretically.
Can anyone suggests good Papers/articles/notes on Good Mathematical foundation of Big Data Privacy preserving Models/algorithms?
Also, suggest some open issues in Big Data Privacy/ Privacy Preserving Big Data Analytics.
Hoping for your kind reply.
Relevant answer
Answer
I think using normalization techniques it possible to add.
  • asked a question related to Information Privacy
Question
6 answers
Open Access Journal that should take time to publish and related with Computer related fields like Big Data, Privacy and Security.
Relevant answer
Answer
I agree with Manjula.
  • asked a question related to Information Privacy
Question
3 answers
I am looking for case studies of actual privacy risks. At the core of privacy and data protection impact assessments, we find the concept of 'risk' meaning - in this case - the probability of a threat to personal data and the possible harm or damage caused by this threat. E.g. I fall victim to a phishing attack and the attacker gains access to my bank account, the actual harm being that my account is emptied. Another example would be that my account at a social media platform is hacked and my identity is used to "go shopping".
Now, one finds a lot of literature on privacy (PIA) and data protection impact assessments (e.g. the edited volume by Wright and De Hert (2012) on PIA), on the potential risks of low levels of data security (e.g. Rosner, Kenneally (2018): Clearly Opaque: Privacy Risks of the Internet of Things), on technological and organization standards (e.g. ISO 27001 on Information security management), or on the regulatory frameworks of privacy and data protection (e.g. everything on the details of the GDPR in the EU). But I have a hard time to find research results evaluating actual risks similar to your risk to fall victim to a traffic accident, have your home being broken into, or get cancer.
I would welcome any hint to empirical publications on actual privacy risk analysis be it from medical, social, internet-based or any other research that you consider as most important. I am *not* looking for literature on how to conduct privacy and data protection impact assessments or standards for this purpose. Thank you.
Relevant answer
Answer
This is a great question, and inspired to me to look for some quantification of the risk and probability of data breaches and harm. Found the following reports which may be of interest. They are largely from security companies and insurance companies, which would have access to this kind of data and might need data like that to set insurance policies.
  • asked a question related to Information Privacy
Question
4 answers
Hi, I am conducting a survey on Proximity marketing in retail sectors and your input would be appreciated. This questionnaire is a part of research for my dissertation and will not take more than 5 minutes to complete.
Respondent information will be kept anonymous and data privacy will be maintained as per GDPR rules. Click the link below to start the survey. Thank you !
Relevant answer
Answer
done wish you the best
  • asked a question related to Information Privacy
Question
4 answers
Since organizations and companies are one of the big sources of data, many of them are still not interested in taking advantage of it. Although there are some obstacles and barriers that make managers hesitated to apply these technologies in action, overcoming them could provide huge advantages for organizations. There are some reason such as "organizational silos", privacy and security, costs, lack of appropriately skilled people, organizational culture.
Could you please name some of new challenges you may face in your organization or you experienced before?
Thanks
Relevant answer
Answer
I think as you have mentioned there’s a lack of skilled employees and general lack of knowledge on the subject because in my opinion it’s still relatlively in its infancy. Also it’s trying to understand how to utilise it for the benefit of the company and how it affects things GDPR.
  • asked a question related to Information Privacy
Question
3 answers
How can we apply Differential Privacy to real time data for privacy preserving?
Relevant answer
Answer
The link below may clarify this thing:
  • asked a question related to Information Privacy
Question
2 answers
I am interested in case study recearch and interview with the employees of companies. I search both employees rights and privacy and the data privacy of companies and ethical standarts and permissions of companies about publications related to companies.
Could you recommend me any website, similar case or an article related to this issue?
Relevant answer
Answer
The Electronic Frontier Foundation "The leading nonprofit defending digital privacy, free speech, and innovation."
The Electronic Privacy Information Center
  • asked a question related to Information Privacy
Question
2 answers
I am a last year BCs student (Marketing) and am thinking about a topic related with data disclosure (e.g. permission marketing) in online context. Currently I am trying to look into different factors that would influence willingness to disclose personal data.
I'd like to know if there's a scale developed to measure paranoia in a digital context (digital/ online paranoia?) or any relevant paper/research, for that matter. From what I understand, paranoia has been proven to be a personal characteristic shared amost universally at different degrees, not just a severe clinical condition; would be interesting to see it in an online context.
Thank you in advance, any insight or clue, recommendation is really appreciated!
Relevant answer
Answer
You would probably find more information related to this vector of research if you looked at things associated with "risk tolerance". A highly paranoid person might be thought of as having very low tolerance for risk, while a person with a high tolerance for risk might be thought of as not being paranoid. I am over-simplifying, of course, from a psychological perspective, but since you are looking at behaviors associated with information, this terminology might be more useful to your ability to find related publications/research.
  • asked a question related to Information Privacy
Question
4 answers
I am Information system's student and I have class project and now i am seeking for ideas that i can start with. My concentration is on the (Mobile HCI, Usable security and privacy, social media)
Please help me to start my project proposal please
thank you in advance.
Relevant answer
Answer
Also maybe this paper helps you: https://www.researchgate.net/publication/323837643_A_model_for_users'_profile_recognition_based_on_their_behavior_in_online_applications?_sg=NUMFtFov-uuLhy4A8nzxo0kfndJVOTmI97d0BAwb_LJ4eumZWtCGjRT134qB7Lb6nKi00rrBIIPsTRzkmqIfW-w4gx11PnRoJLCP-KHk.GYvObA3FwTf-m99GeCQ9rqmf21H-PZb1mOlHacBweQp_DHd9fXgdZCS_ZtxxfDDEH90NVX3qEEeEkFmaA5a7Tw
  • asked a question related to Information Privacy
Question
9 answers
How do you feel about disclosing your private info on social media applications such as Facebook? Do you behave the same in your daily life, or is it something special for social media only? How much are you concerned about your privacy in general?
Relevant answer
Answer
Unfortunately, contrary to the assurances of companies that run social media portals, the information contained on these websites is not always fully secured by the activities of cybercriminals. In addition, the issue of downloading data from social media portals by large companies to Big Data database systems should be added in order to process them for marketing purposes. The issue of privacy in social media is very important and is related to the security of personal information. Privacy is at risk in terms of information posted on social media portals.
The problems of the analysis of information contained on social media portals for marketing purposes are described in the publication:
I invite you to discussion and cooperation. Greetings
  • asked a question related to Information Privacy
Question
40 answers
Can anyone recommend some good sources of annotated (labeled) datasets for network security tests and Machine Learning (ML)? In general, various cybersecurity areas are welcomed but from reliable and confident sources. Poor and incorrect annotations or malicious sources are not of interest, so avoid it please.
Relevant answer
Answer
Interesting
  • asked a question related to Information Privacy
Question
2 answers
Currently, I am working on a project (http://smile-h2020.eu/smile/) for smart mobility in the EU land borders to improve border control and management. SMILE increases the tendency to collect, use and process hard and soft biometrics data to optimize and speed up the border checks as well as monitor the flows of people at land borders. In SMILE system, first, the travellers need to pre-register their information includes enrolment of biometrics data using their mobile phone. The biometric information of the traveller is registered in a SMILE database and then becomes the only identifier of the traveller in one-to-many comparison against all biometrics database in EU. Second, upon arrival at the border control point (BCP), traveller will be identified and verified at SMILE "fast lane" using SMILE mobile devices. This is will include people who travels in groups such as family. Family with kids need to register their kids information (biometrics data) also.
I am working on legal and ethical assessment of SMILE use case scenarios and business model. My concerns now are "ethical and legal considerations in biometric data use in assessments with infants and children".
What is the best age for biometric data collection? Is age limits have been considered in other contexts? If so, what are the the age limits for biometric data collection in case of infants and children?
Thanks
Relevant answer
Answer
a lot of work has been done in this respect, see for example
colleagues in the European Union Agency for Fundamental Rights have done a lot see http://fra.europa.eu/en/publication/2018/biometrics-rights-protection
  • asked a question related to Information Privacy
Question
26 answers
I just want to clarify on data privacy as it is being addressed in research nowadays.
Is there really a need to code the research environment or locale?
Thanks.
Relevant answer
Answer
Thank all colleagues and friends
I Agree with Barbara Sawicka definitely!
  • asked a question related to Information Privacy
Question
3 answers
The GDPR seems to be more a protectionist initiative for large and rich publishers. They say that "the GDPR improves transparency and data privacy rights of individuals", but seems to be an initiative to restrict science and reduces the access to information, but is it? Please you must say what your opinion.
Relevant answer
Answer
GPDR can be considered in many aspects.
For small organizations, this will involve many new responsibilities. It will also affect honest and high standards - as there will be a need to document compliance with these standards, while it has been sufficient to comply with them so far.
Larger organizations are likely to feel less because they are more formalized and bureaucratic anyway.
There will be fear of penalties, which may limit some activities. While most probably agree that abuses and uncontrolled trade in personal data should be limited, the problem of borderline events, taken in good faith, will also appear, which, however, can also be interpreted as abuse and transgression.
Will this improve the protection of the right to privacy? It really depends on people and their awareness. The last affair with Facebook showed how easy private data can be used, but on the other hand people should be able to count on such a situation by sharing their data on the Internet. No regulation can replace reason and caution.
Will it affect learning and information flow? I do not think so much. If these regulations were in force many years ago, today we would probably know that the AIDS patient traveled a lot and was homosexual - because they influenced the way the disease spread and that it affected homosexuals in the first place, but we would not know the name this patient, which does not matter to understand the mechanism of disease spread.
I work in data recovery. This is a very sensitive area when it comes to confidentiality and data security. If someone entrusts me with his medium, he expects that the data I will recover will not be disclosed to anyone else or to a jealous wife or police - if I suspect that they may be evidence of a crime. On the other hand, if the client is, for example, the Police, it is not my role to protect someone's intimate secrets that concern legal but very personal matters.
Usually I do not analyze the contents of the media, unless I am explicitly asked for it, so I do not even know about many ethically doubtful situations. However, over the years I have seen something like this several times that I had serious doubts as to how to proceed. Always prevailed loyalty to the client. He is the owner of the data and he is responsible for their use.
  • asked a question related to Information Privacy
Question
4 answers
As i have read many literatures/papers on Privacy in big data, i got to know that various people are using different technique to achieve it. They are:
1. Anonymization Technique
2. Differential Privacy
3. Homomorphic Encryption
All of above have its own pros and cons, so kindly suggest me which is best to choose for providing privacy in Big Data Analytics?
Also where to provide privacy??? At data generation phase, data collection Phase or data analytics phase???
Relevant answer
Answer
Thank you @roger Hallman
  • asked a question related to Information Privacy
Question
13 answers
I recently had a discussion with the go-to information privacy guy at our department about one of my research projects. The project is concerned with motivating and discouraging factors in sharing genome data and we (currently) use the privacy calculus as our theoretical lens.
The result of our discussion was that he advised to refrain from using the privacy calculus since:
  1. There are already too many privacy calculus papers out there, making it somewhat the next TAM and that he had witnessed papers being rejected simply because it was yet another privacy calculus paper.
  2. People do not behave this way and do not actually engage in such a calculus.
What do other scholars think about this? Is the privacy calculus at risk of being the next TAM? Should we still use it, if it fits our research?
Relevant answer
Answer
Hi Scott,
it was pleasure meeting you at ICIS and indeed your paper is interesting.
in my view, most privacy researchers adopt/adapt some form of the privacy calculus, even if the calculus is not mentioned, what is missing however is the boundary conditions to this calculus (e.g., cognitive, motivational, situational factors, to name a few). Identifying these boundary conditions could be our way as privacy researchers to understand the complexity of privacy-related decision making.
good luck!
  • asked a question related to Information Privacy
Question
5 answers
Why to provide data privacy while doing big data analytics?
Which are vulnerabilities in big data analytics w.r.t. privacy concern?
Relevant answer
Answer
Thank you @Maleh Yassine, @Martin Henze, @Dibakar Pal, @Venkatesh Gauri Shankar
  • asked a question related to Information Privacy
Question
1 answer
FOR EXAMPLE PRIVACY ACT IN U.S. FOR HEALTHCARE  Health Insurance Portability and Accountability Act of 1996 etc..
  • asked a question related to Information Privacy
Question
2 answers
I met with the CEO of a very interesting company that provides ultrasonic scanning of piping along with a service where garnet is used to clean pipes and then a 3M product ScotchKote is applied to pipes all the way down to 3/4 to make them non corrosive. Just looking for any formal studies on this approach and it appears it could address the root of many issues from both a Municpal standpoint as well as individual buildings. 
Relevant answer
Answer
We conducted a study on acoustical methods for leak detection.  We have a conference paper published. A more comprehensive report should be out later this year.
  • asked a question related to Information Privacy
Question
3 answers
Hello,
I need the taxonomy tree for each attribute of the adult dataset. It is used on a lot of articles but I could not find it.
Anybody help me?
Relevant answer
  • asked a question related to Information Privacy
Question
3 answers
PKI guarantees that a machine is who it says it is through 3 party system?  What about processes on the same machine.  I want to validate that a signed or encrypted message came from a specific process.
Relevant answer
Answer
I think that a simple read lock should fulfill your requirement of giving merely one process access to a certificate repository. I caught a glimpse of the existing literature and found a patent about a read and write lock management at https://www.google.com/patents/US6029190. I hope it helps you.
  • asked a question related to Information Privacy
Question
10 answers
Also suggest some research papers on it.
Thank you.
Relevant answer
Answer
Hi Jalpesh
When dealing with Big Data Privacy and Security, you need to consider the fact that you must have security first, in order to ensure that you can then have privacy. If you have data which has privacy, but there is no security, then anyone can help themselves to the data, and it is simply a matter of time before the privacy element is cracked and the data is available to the attacker. Whereas, if the data is secure in the first place, then privacy simply adds another level of comfort to your already secure data.
So the first goal must always be to aim for a high level of security. This is then followed by ensuring a high level of privacy can be achieved. Next, we need to ensure we retain the means to ensure we can certify the provenance of the data. Data is useless if it has been accessed and corrupted, modified or had important elements deleted. Thus, we must achieve three goals in order to have a useful outcome.
I have attached a number of useful papers from my own research collection which cover each of these three areas to get you started. As you can see, there is little work on Big Data Provenance, and the work of Thomas Pasquier is something you should explore further.
If you consider the source of data, data which comes from corporate sources, where the corporate is ISO 27002 compliant, it is likely to be a reasonable source of data. For cloud sourced data, while there are some standards now coming out, there is currently no complete cloud security standard, thus this data is likely to be of a lesser standard. Once we move to Internet of Things data, we are moving into 'Wild West' territory. Anybody and their dog can easily hack in to IoT systems, meaning the level of trust in this data has to be considerably discounted.
If you want to find a big data area that can provide you with an exptreme challenge, IoT is the pace to go. Of course, this means that until cloud big data security and privacy are solved, your big data IoT challenge will be an impossible goal to achieve.
Ultimately, the choice is yours, but we need to focus on resolving problems in a logical way, so you may want to address the cloud big data challenge first, before moving on to IoT big data. You could, of course, focus on non-cloud big data, but given the ease with which cloud enables the creation of big data, the cloud route may be the better choice.
I hope this helps.
Regards
Bob
enc
  • asked a question related to Information Privacy
Question
6 answers
Biometric IDs and the Risks Involved
India has generated 111,15,84,242 Aadhaar IDs as of Feb 1, 2017, as per the Authority (UIDAI) Website https://uidai.gov.in/new/ Each ID is linked to a photograph, ten fingerprints and two iris scans of the person involved. There are major research questions related to these cards that computer scientists and others should study.
What are the safeguards necessary for allowing banks, insurance companies, cell phone companies and others to access an individual’s biometrics for identification or other purposes?
I became acutely aware of the risks involved yesterday when a cell phone company tried to persuade my wife to let them access her fingerprint for comparison with the stored fingerprint associated with her Aadhaar number. Visit
“Your fingerprint is not your own! Meaning of privacy in India!"
in the article addressed by the link below. 
Relevant answer
Answer
The customers have unique personally identifiable information (PII) represented in biometric datasets. The PII entails privacy, trust, and security at all times. Cybercriminals seek PII for ransomware and illegal financial gains. To secure-biometric information is to employ secure server for effective authentications of transactions. Stolen biometric datasets could be used for impersonation to evade safeguards. Therefore, measures such as use of datasets for intended purposes only, destruction upon completion, access by trusted personnel only, closely supervised settings, extended access control, safeguarding the private key, and strong passwords (ePassports contents),
  • asked a question related to Information Privacy
Question
4 answers
Hello Folks, Is there anyone who has used Child Exploitation Hash Dataset for cyber crime-related simulation and will be able to share or has a lead as to how I can get it for research purposes only?
Ayodeji
Relevant answer
Answer
Ayodeji,
I am not sure if this will really be much of an assist, but this is probably the best you will be able to do when dealing with anything child related as it is very challenging to procure hash sets for anything child related unless you are law enforcement or LE sponsored to perform forensics etc.  You may want to consider speaking with someone at your local ICAC or NCMEC.
You can use the NSRL datasets found at the included link for non-child related hash sets for research projects.
You can use Autopsy to perform some of that research.
Good Luck.
  • asked a question related to Information Privacy
Question
8 answers
Email users want their email messages or email clients to provide high level of privacy as well as good security.
Relevant answer
Answer
Thanks.
The concept of privacy and security is such a vast and could be applied in several fields.
  • asked a question related to Information Privacy
Question
11 answers
Threat classifications and models have been proposed for classifying threats related to information systems. For example,
Islam, T., Manivannan, D., & Zeadally, S. (2016). A Classification and Characterization of Security Threats in Cloud Computing. INTERNATIONAL JOURNAL OF NEXT-GENERATION COMPUTING, 7(1).
Cyber-physical security for smart cars: taxonomy of vulnerabilities, threats, and attacks
Jouini, M., Rabai, L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489-496.
Threats Classification: State of the Art
However, none of the them talks about classification of threats related to individuals such as home internet users or students. 
My question is can the threat classification proposed for information systems can be used as it is for individuals?
I personally believe it shouldn't be used as human and information systems are different.
Relevant answer
Answer
I agree to explanations provided by Henrique Santos and Jean Damascene Twizeyimana. Info system encompasses users so, models developed for Info System Security applicable to humans also. and yes, if as a human being I will not take the responsibility of safe keeping of my gadgets (s.a, my cards, smart phones, physical keys, laptop etc) or will not  keep certain things private to myself  (e.g., my PINs, Password, OTPs etc) then I doubt anything can provide me security.
  • asked a question related to Information Privacy
Question
3 answers
When working with collaborators in Switzerland it became obvious that the government shot itself in the foot when regulating the use and transfer of patient data. Even some of the simple anonymized statistical data sets require permission from the ethics committee.
These country-specific regulations also serve as a barrier to entry when asking someone for a data set from a published paper in order to replicate their experiments to see if these experiments are reproducible. 
In your experience, what are the best countries (including Asia), where data transactions for research purposes are not regulated and most fluid? 
Relevant answer
Answer
Here is an article discussing the privacy laws between the EU and the US: 
As for the determination of the best country, it will depend on your preset determining factors.
  • asked a question related to Information Privacy
Question
7 answers
Hello,
I am trying to find different case studies that could be used for learnng different information security and privacy (IS&P) concepts, issues, approaches to deal with different IS&P threats. Although I am more interested in case studies focused on human element in information security, however, case studies focusing other aspects of IS&P are also of interest.
In some cases, "scenarios" and "case-based learning" are also used for this kind of teaching or learning.
I myself am searching but if someone already is aware of some resources, it will be really helpful.
Thanks,
Ali
Relevant answer
Answer
Human factor is considered as the weakest link in defending systems' security and privacy. The bulk of known attacks lay in the area of social engineering attacks. Phishing attacks are wide spread in on- and off-line communications (for instance, emailing and postal services).
These bold/italic marked terms above can be used to see their exact meaning in the Wikipedia, and applied with any search engine to collect enormous amount of information relating to the actual analyses of vulnerabilities, threats and their impact on privacy and security. 
  • asked a question related to Information Privacy
Question
5 answers
What is the difference between p-sensitive k-anonymity and l-diversity?
Relevant answer
Answer
You have other variation such as t-closeness
l-diversity guarantees that for a group there is at least l different sensitive attribute values (or combination), in addition to the basic k-anonymity algorithm.
p-sensitivity relates to location query, but could probably be generalised to a larger set of problem.
What do you want to do?
  • asked a question related to Information Privacy
Question
3 answers
Hi,
I need a privacy meter to secure personal data. For this I need to find threshold value,so that I can find all the entities which are below threshold are safe. Other entities which are above threshold values are unsafe.
Can anyone provide some formulas and methods to find how to mitigate privacy risk for a large amount of personal data.
Relevant answer
Answer
Jeff, it was indeed a valuable response and the suggested tool will be great help towards implementation of one of the ideas I have in mind. Thank you so much. Thanks kskyani for asking the question as well :-)
  • asked a question related to Information Privacy
Question
3 answers
Research question: "How aware are high educated parents of their private data in their family household?"
-Target group: Families with children range 7-12 years with high educated parents in any age.
-Subject: Awareness of shared private data in personal surroundings in and around the home.
Relevant answer
Answer
They have been working with families with children, researching their media usage and behavior.
  • asked a question related to Information Privacy
Question
8 answers
I'm looking for work on childrens' views of privacy. At what age do they become aware of the importance of privacy regarding their personal information. are there recommendations from psychologists on the need to protect childrens privacy?
Relevant answer
Answer
I have quickly scanned this recent study about privacy perception among teenagers. 
  • asked a question related to Information Privacy
Question
4 answers
Is there any research done that increasing global information privacy concerns are impacting the telemetry sharing among organizations and  impacting the over all threat intelligence ? 
Relevant answer
Answer
@shuaibu , any references ? 
  • asked a question related to Information Privacy
Question
5 answers
Data blocking is becoming recognised as a problem in data analytics in healthcare and has been known to be a problem in health research for a long time. Although data breaches are not uncommon, has anyone measured the resultant harm to patients from these eg how many have actually suffered identity theft or embarrassment from 
Relevant answer
Answer
Thanks Tobias and Gottfried. I do mean concrete harms such as medical identity theft, work or insurance prejudices, significant embarrassment or personal disruption.
By data blocking I mean: information blocking, “where persons or entities knowingly and unreasonably interfere with the exchange or use of electronic health information.”
The ONC report Below mostly refers to vendor and financial reasons for promulgating data silos, but I am also interested in other more local reasons such as control and rivalry and misapplication or over-application of privacy protecting legislation particularly at the health service level.
Yes, paper records are also susceptible to breach and blocking
  • asked a question related to Information Privacy
Question
1 answer
From your finding in this work, do you think that the security policy should be tailor made based on HCO? I mean that rather than enforcing the policy by considering the role of the employers, we include the rules that they can learn.
Relevant answer
Answer
Sure that is the good idea, better educate than punishment.
  • asked a question related to Information Privacy
Question
3 answers
l been researching on improving privacy in shibboleth identity provider. Please l want to know the parameter (variable) used in measuring the capability of privacy in that system?
Secondly, How do we know that a system enhances privacy on cloud?
Thirdly, Are there quantities for measuring Privacy?
Fourthly,I want to know the mode of data collection in the above system too?
Thank you.
Relevant answer
Answer
Thank you Noah Adjonyo and Quist-Aphetsi Kester for the information.
  • asked a question related to Information Privacy
Question
4 answers
I need datasets of residential energy consumptions using smart meter, where the appliances are detected based on the energy signature.
Relevant answer
  • asked a question related to Information Privacy
Question
8 answers
I am interested to find the advantages for each method , because there are a  lot of researchers used k-anonymity and they were make many enhancement to it. Some others worked on l-diversity also for protecting sensitive data privacy.If anyone know other techniques I appreciate that..  
Relevant answer
Answer
Authentication User’s Privacy: An Integrating Location Privacy Protection Algorithm for Secure Moving Objects in Location Based Services
read this paper also related reference it will help you .
  • asked a question related to Information Privacy
Question
2 answers
deFinetti's theorem is considered as "final nail in the coffin" for its impact on privacy preserving data mining techniques that are syntactic type. For example k-anonymity, l-diversity, t-closeness etc. Can any one explain why ?
  • asked a question related to Information Privacy
Question
3 answers
I´m working a new research addressing privacy and life satisfcation. Does anyone know good references for this empirical study in social networking sites, eg Facebook? Any suggestions?
Relevant answer
Answer
Maybe have a look at the GDP and beyond project at the EU:
The project tries to shec some light on the issue of well-being of nations.
  • asked a question related to Information Privacy
Question
5 answers
The future data protection package includes a General Regulation and a Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data.
However, the data protection package initially leaves unaffected Prüm regime as was pointed out by the European Data Protection Supervisor (Opinion of the European Data Protection Supervisor on the data protection reform package, 7 March 2012, 443, page 68 ).
The Amendment 6 of EU Parliament (14 March 2014) introduced it. (EP legislative resolution of 12 March 2014 COM(2012)0010 – C7-0024/2012 – 2012/0010(COD)) Today (4 December 2014) is in discussion within the Council (http://eur-lex.europa.eu/procedure/EN/201285)
I am interested in know any comments or articles regarding this question, thanks!
Relevant answer
This paper perhaps does not respond to your question but is a good overview of the efforts to come to common ground and to identify the minimum standards between US-EU privacy law 
  • asked a question related to Information Privacy
Question
3 answers
Hi All. I'm Khairil from Malaysia.
Currently, I've being working on developing a model / framework regarding the Data Leakage Protection for government sector. Does anyone have references? Thank you so much for your help.
Relevant answer
Answer
these are reference articles which discussed about data leakage protection and model, hopefully can help you.
  • asked a question related to Information Privacy
Question
8 answers
Adoption of cloud computing as a new environment for software development is a good idea due to the great benefits cloud computing can give.
But, the important point that all organizations are worrying about is security and data privacy. So, how strong is the security of the cloud and how can I manage such aspects?
Relevant answer
Answer
I have some experiences wit the MIT App Inventor. In the end of December their where a infrastructure problem, storing media data for apps. In some cases I lost parts of my block-diagrams (the source) code. This caused some additional work. However the problem was solved in some days.  So one risk is to lose time if the Cloud solution is not working  as expected.
  • asked a question related to Information Privacy
Question
7 answers
I am not asking about what you DO to protect privacy, but rather what (if anything) your institution has TOLD you are privacy rules when using social media for instructional tasks. My impression is that many schools give teachers little guidance, unless there is formal research involved.
Relevant answer
Answer
In my experience at two different institutions I have worked at, there is no such policy in existence. Usually social media interaction is not considered as invasion of ones privacy in those countries. The only guidance we had so far came from the ministry of higher education regarding data protection, but that was pretty much it. I know social platforms such as Facebook are a big part of modern life, but I generally avoid any kind of interaction with my current students via such platforms. 
  • asked a question related to Information Privacy
Question
4 answers
I referred a patient to a private imaging clinic for MRI investigation. The exam was payed for. My question now is who has the IPRs for those images? Is it enough to ask the patient for his permission to publish the case or do I need the approval of the private clinic?
Relevant answer
Answer
We are on two issues here. One on moral grounds , where the images belong to the patient. Period. The center has no rights to use the image in any manner . Another one on legal grounds........ where different jurisdictions have different orientations. For example HIPPAA is serious on medical records and protection. However, most of the countries especially emerging economies do not have a stringent privacy policy which protect the patient information. 
So to answer your question who owns IPR , it depends on the country you are in...........
  • asked a question related to Information Privacy
Question
3 answers
I am studying functional encryption for application in Data privacy. I need to know that how performance and complexities are measured for key policy attribute based encryption, Ciphertext policy attribute based encryption, Inner product encryption. Are there any real world deployment for these?. Any mathamatical or Practical Implementation available for the exact understanding of above algorithms?
Relevant answer
Answer
Charm crypto library has plenty of these implementations
We have did some experiments around the same for network telemetry anonymization and searching over encrypted data using these schemes. Wait for few more weeks we can make it publicly available as eprint copy.
  • asked a question related to Information Privacy
Question
7 answers
Traditional searchable encryption has been widely studied in the context of cryptography. Could anyone present some information, survey about the public key encryption with keyword search applied to cloud computing?
Thanks
Relevant answer
Answer
Regarding cloud computing we are implementing a protocol but it will take some time to publish it. However, I can keep you up to date..
  • asked a question related to Information Privacy
Question
4 answers
Dear colleagues, we are looking for data on informality among firms in Latin America, and comparisons to other emerging regions.
In particular, we would like to know estimates of the share of firms not registered (while they should); or firms paying taxes, etc...
Apparently, some household surveys include the question, but we would favor firm surveys.
Many thanks!
Note: The WB Entreprise survey only surveys formal firms, and how they compete with informal ones.
Relevant answer
Answer
Gracias Fabio! I'll take a look (although I doubt that most workers know whether their employers are registered or pay taxes...)
  • asked a question related to Information Privacy
Question
4 answers
.
Relevant answer
Answer
To be honest I can hardly imagine any connection between your research goal 'testing the trust of people' and your request for 'downloading a container, include a secret and pick a strong password'.
What do you want to evaluate?
If users put in a 'real secret' or just some random data?
How do you want to appraise if the data is a secret or not?
  • asked a question related to Information Privacy
Question
19 answers
If different parties have different security policies, how do I harmonize them?
Relevant answer
Answer
The attached contribution is helpful to understand data security in virtual organization.
  • asked a question related to Information Privacy
Question
12 answers
It is pretty much common nowadays to store, process, or transmit data by means of a Cloud. Whatever the Cloud of your choice might be (public or private), you expect the Cloud provider to provide you with the security of your information. But how safe is a Cloud? And what can one do to tackle this issue?
Relevant answer
Answer
The Cloud is not one monolithic entity. You need to read the provider's user license and review the provider' system. They vary widely.
For me, Google Docs is not a solution because they are allowed to make specified use of data.
1. The most difficult part of ensuring compliance with your ethical duties will probably be knowing which questions to ask. The following are good questions to consider.
i. What type of facility will host the data?
ii. Who else has access to the cloud facility, the servers, and the data and what mechanisms are in place to ensure that only authorized personnel will be able to access your data? How does the vendor screen its employees? If the vendor doesn’t own the data center, how does the data center screen its employees?
iii. Does the contract include terms that limit data access by the vendor’s employees to only those situations where you request assistance?
iv. Does the contract address confidentiality? If not, is the vendor willing to sign a confidentiality agreement?
v. How frequently are back-ups performed? How are you able to verify that backups are being performed as promised?
vi. Is data backed up to more than one server? Where are the respective servers located? Will your data and any backup copies of it always stay within the boundaries of the a particular country?
vii. How secure are the data centers where the servers are housed?
viii. What types of encryption methods are used and how are passwords stored? Is your data encrypted while in transit or only when in storage?
ix. Has a third party, such as McAfee, evaluated or tested the vendor’s security measures to assess the strength of, among other things, firewalls, encryption techniques, and intrusion detection systems?
x. Are the audits of the security system, e.g. under SAS 70, available for your review?
xi. Are there redundant power supplies for the servers?
xii. Does the contract include a guarantee of uptime? How much uptime? What happens in the event that the servers are down? Will you be compensated if there is an unexpected period of downtime that exceeds the amount set forth in the agreement?
xiii. If a natural disaster strikes one geographic region, would all data be lost? Are there geo-redundant backups?
xiv. What remedies does the contract provide? Are consequential damages included? Are total damages capped or are specific remedies limited?
xv. Does the service agreement contain a forum selection clause? How about a mandatory arbitration clause?
xvi. If there is a data breach, will you be notified? How are costs for remedying the breach allocated?
xvii. What rights do you have upon termination? Does the contract contain terms that require the vendor to assist you in transitioning from their system to another?
xviii. What rights do you have in the event of a billing or similar dispute with the vendor? Do you have the option of having your data held in escrow by a third party, so that it is fully accessible in the event of a dispute? Alternatively can you back up your data locally so that it is accessible to you should you need it?
xix. Does the provider carry cyber insurance? If so, what does it cover? What are the coverage limits?
  • asked a question related to Information Privacy
Question
4 answers
I am looking for the state of the art algorithms so I can use it for proving the we have privacy preserving issues and then make some adjustment into the algorithm and make it privacy proof.
Relevant answer
Answer
Hi Ahmad,
Here is the state of the Art in data mining which does NOT preserve privacy at all, at least not in the European Union.
Most people were introduced to the arcane world of data mining when National Security Agency contractor Edward Snowden allegedly leaked classified documents that detail how the U.S. government uses the technique to track terrorists. The security breach revealed that the government gathers billions of pieces of data—phone calls, emails, photos, and videos—from Google, Facebook, Microsoft, and other communications giants, then combs through the information for leads on national security threats. The disclosure caused a global uproar over the sanctity of privacy, the need for security, and the perils of government secrecy. People rightfully have been concerned about where the government gets the data—from all of us—but equal attention has not been paid to what it actually does with it. Here's a guide to big-data mining, NSA-style.
The Information Landscape
Just how much data do we produce? A recent study by IBM estimates that humanity creates 2.5 quintillion bytes of data every day. (If these data bytes were pennies laid out flat, they would blanket the earth five times.) That total includes stored information—photos, videos, social-media posts, word-processing files, phone-call records, financial records, and results from science experiments—and data that normally exists for mere moments, such as phone-call content and Skype chats.
Veins of Useful Information
The concept behind the NSA's data-mining operation is that this digital information can be analyzed to establish connections between people, and these links can generate investigative leads. But in order to examine data, it has to be collected—from everyone. As the data-mining saying goes: To find a needle in a haystack, you first need to build a haystack.
Data Has to Be Tagged Before It's Bagged
Data mining relies on metadata tags that enable algorithms to identify connections. Metadata is data about data—for example, the names and sizes of files on your computer. In the digital world, the label placed on data is called a tag. Tagging data is a necessary first step to data mining because it enables analysts (or the software they use) to classify and organize the information so it can be searched and processed. Tagging also enables analysts to parse the information without examining the contents. This is an important legal point in NSA data mining because the communications of U.S. citizens and lawful permanent resident aliens cannot be examined without a warrant. Metadata on a tag has no such protection, so analysts can use it to identify suspicious behavior without fear of breaking the law.
Finding Patterns in the Noise
The data-analysis firm IDC estimates that only 3 percent of the information in the digital universe is tagged when it's created, so the NSA has a sophisticated software program that puts billions of metadata markers on the info it collects. These tags are the backbone of any system that makes links among different kinds of data—such as video, documents, and phone records. For example, data mining could call attention to a suspect on a watch list who downloads terrorist propaganda, visits bomb-making websites, and buys a pressure cooker. (This pattern matches the behavior of the Tsarnaev brothers, who are accused of planting bombs at the Boston Marathon.) This tactic assumes terrorists have well-defined data profiles—something many security experts doubt.
Open Source and Top Secret
The NSA has been a big promoter of software that can manage vast databases. One of these programs is called Accumulo, and while there is no direct evidence that it is being used in the effort to monitor global communications, it was designed precisely for tagging billions of pieces of unorganized, disparate data. The secretive agency's custom tool, which is based on Google programming, is actually open-source. This year a company called Sqrrl commercialized it and hopes the healthcare and finance industries will use it to manage their own big-data sets.
The Miners: Who Does What
The NSA, home to the federal government's codemakers and code-breakers, is authorized to snoop on foreign communications. The agency also collects a vast amount of data—trillions of pieces of communication generated by people across the globe. The NSA does not chase the crooks, terrorists, and spies it identifies; it sifts information on behalf of other government players such as the Pentagon, CIA, and FBI. Here are the basic steps: To start, one of 11 judges on a secret Foreign Intelligence Surveillance (FISA) Court accepts an application from a government agency to authorize a search of data collected by the NSA. Once authorized—and most applications are—data-mining requests first go to the FBI's Electronic Communications Surveillance Unit (ECSU), according to PowerPoint slides taken by Snowden. This is a legal safeguard—FBI agents review the request to ensure no U.S. citizens are targets. The ECSU passes appropriate requests to the FBI Data Intercept Technology Unit, which obtains the information from Internet company servers and then passes it to the NSA to be examined with data-mining programs. (Many communications companies have denied they open their servers to the NSA; federal officials claim they cooperate. As of press time, it's not clear who is correct.) The NSA then passes relevant information to the government agency that requested it.
What the NSA Is Up To
Phone-Metadata Mining Dragged Into the Light
The NSA controversy began when Snowden revealed that the U.S. government was collecting the phone-metadata records of every Verizon customer—including millions of Americans. At the request of the FBI, FISA Court judge Roger Vinson issued an order compelling the company to hand over its phone records. The content of the calls was not collected, but national security officials call it "an early warning system" for detecting terror plots (see "Connecting the Dots: Phone-Metadata Tracking").
PRISM Goes Public
On the heels of the metadata-mining leak, Snowden exposed another NSA surveillance effort, called US-984XN. Every collection platform or source of raw intelligence is given a name, called a Signals Intelligence Activity Designator (SIGAD), and a code name. SIGAD US-984XN is better known by its code name: PRISM. PRISM involves the collection of digital photos, stored data, file transfers, emails, chats, videos, and video conferencing from nine Internet companies. U.S. officials say this tactic helped snare Khalid Ouazzani, a naturalized U.S. citizen who the FBI claimed was plotting to blow up the New York Stock Exchange. Ouazzani was in contact with a known extremist in Yemen, which brought him to the attention of the NSA. It identified Ouazzani as a possible conspirator and gave the information to the FBI, which "went up on the electronic surveillance and identified his coconspirators," according to congressional testimony by FBI deputy director Sean Joyce. (Details of how the agency identified the others has not been disclosed.) The NYSE plot fizzled long before the FBI intervened, but Ouazzani and two others pleaded guilty of laundering money to support al-Qaida. They were never charged with anything related to the bomb plot.
Mining Data as It's Created
The slides disclosed by Snowden indicate the NSA also operates real-time surveillance tools. NSA analysts can receive "real-time notification of an email event such as a login or sent message" and "real-time notification of a chat login," the slides say. That's pretty straightforward use, but whether real-time information can stop unprecedented attacks is subject to debate. Alerting a credit-card holder of sketchy purchases in real time is easy; building a reliable model of an impending attack in real time is infinitely harder.
What is XKeyscore?
In late July Snowden released a 32-page, top-secret PowerPoint presentation that describes software that can search hundreds of databases for leads. Snowden claims this program enables low-level analysts to access communications without oversight, circumventing the checks and balances of the FISA court. The NSA and White House vehemently deny this, and the documents don't indicate any misuse. The slides do describe a powerful tool that NSA analysts can use to find hidden links inside troves of information. "My target speaks German but is in Pakistan—how can I find him?" one slide reads. Another asks: "My target uses Google Maps to scope target locations—can I use this information to determine his email address?" This program enables analysts to submit one query to search 700 servers around the world at once, combing disparate sources to find the answers to these questions.
How Far Can the Data Stretch?
Oops—False Positives
Bomb-sniffing dogs sometimes bark at explosives that are not there. This kind of mistake is called a false positive. In data mining, the equivalent is a computer program sniffing around a data set and coming up with the wrong conclusion. This is when having a massive data set may be a liability. When a program examines trillions of connections between potential targets, even a very small false-positive rate equals tens of thousands of dead-end leads that agents must chase down—not to mention the unneeded incursions into innocent people's lives.
Analytics to See the Future
Ever wonder where those Netflix recommendations in your email inbox or suggested reading lists on Amazon come