A Holistic Approach for Privacy Protection in E-Government

Improving e-government services by using data more effectively is a major focus globally. It requires Public Administrations to be transparent, accountable and provide trustworthy services that improve citizen confidence. However, despite all the technological advantages on developing such services and analysing security and privacy concerns, the literature does not provide evidence of frameworks and platforms that enable privacy analysis, from multiple perspectives, and take into account citizens' needs with regards to transparency and usage of citizens information. This paper presents the VisiOn (Visual Privacy Management in User Centric Open Requirements) platform, an outcome of a H2020 European Project. Our objective is to enable Public Administrations to analyse privacy and security from different perspectives, including requirements, threats, trust and law compliance. Finally, our platform-supported approach introduces the concept of Privacy Level Agreement (PLA) which allows Public Administrations to customise their privacy policies based on the privacy preferences of each citizen.

[1]  José F. Ruiz,et al.  Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform , 2016, 2016 IEEE 24th International Requirements Engineering Conference (RE).

[2]  Haralambos Mouratidis,et al.  Security Requirements Engineering for Cloud Computing: The Secure Tropos Approach , 2016, Domain-Specific Conceptual Modeling.

[3]  Eric S. K. Yu,et al.  Trust Trade-off Analysis for Security Requirements Engineering , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[4]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[5]  KimGang-Hoon,et al.  Big-data applications in the government sector , 2014 .

[6]  Marco Casassa Mont,et al.  A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises , 2006, Privacy Enhancing Technologies.

[7]  Kai Rannenberg,et al.  ABC4Trust: Protecting Privacy in Identity Management by Bringing Privacy-ABCs into Real-Life , 2014, Privacy and Identity Management.

[8]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[9]  Ivar Jacobson,et al.  Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series) , 2005 .

[10]  Silvana Trimi,et al.  Big-data applications in the government sector , 2014, Commun. ACM.

[11]  Haralambos Mouratidis,et al.  Modeling Trust Relationships for Developing Trustworthy Information Systems , 2014, Int. J. Inf. Syst. Model. Des..

[12]  Elena Ferrari,et al.  Towards a Modeling and Analysis Framework for Privacy-Aware Systems , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[13]  Günter Karjoth,et al.  A privacy policy model for enterprises , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[14]  Paolo Giorgini,et al.  Security requirements engineering via commitments , 2011, 2011 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST).

[15]  Stefanos Gritzalis,et al.  Addressing privacy requirements in system design: the PriS method , 2008, Requirements Engineering.

[16]  France Bélanger,et al.  Trust and Risk in eGovernment Adoption , 2008, AMCIS.

[17]  Lin Liu,et al.  Modelling Trust for System Design Using the i* Strategic Actors Framework , 2000, Trust in Cyber-societies.

[18]  Guido Wirtz,et al.  BPMN 2.0: The state of support and implementation , 2018, Future Gener. Comput. Syst..

[19]  Paolo Giorgini,et al.  Maintaining Secure Business Processes in Light of Socio-Technical Systems' Evolution , 2016, 2016 IEEE 24th International Requirements Engineering Conference Workshops (REW).

[20]  Anderson Santana de Oliveira,et al.  Automating Privacy Enforcement in Cloud Platforms , 2012, DPM/SETOP.

[21]  John Mylopoulos,et al.  Adaptive socio-technical systems: a requirements-based approach , 2011, Requirements Engineering.

[22]  Rafal Leszczyna,et al.  Trust case: justifying trust in an IT solution , 2005, Reliab. Eng. Syst. Saf..

[23]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[24]  Aprna Tripathi,et al.  E-Governance challenges and cloud benefits , 2011, 2011 IEEE International Conference on Computer Science and Automation Engineering.