论文信息 - A SOCIAL, TECHNICAL, AND LEGAL FRAMEWORK FORPRIVACY MANAGEMENT AND POLICIES

A SOCIAL, TECHNICAL, AND LEGAL FRAMEWORK FORPRIVACY MANAGEMENT AND POLICIES

Organizational privacy policies and privacy practices reflect an organization’s perceived trustworthiness to those with which it conducts business. This paper proposes a framework, based upon an in-depth two-year analysis of Internet privacy policies, for examining an organization’s privacy management practices within the context of their respective privacy policies. The framework aids in evaluating privacy from various organizational perspectives: legal, technical, business rules, social norms and contractual norms. It also provides assistance when developing privacy policies for e-commerce Web sites. We discuss a case study in which the framework was employed to analyze 23 Internet health care Web site privacy policies.

Annie I. Antón | Julia B. Earp | Olli P. Jarvinen

[1] Annie I. Antón,et al. The use of goals to surface requirements for evolving systems , 1998, Proceedings of the 20th International Conference on Software Engineering.

[2] Thomas H. Davenport,et al. Book review:Working knowledge: How organizations manage what they know. Thomas H. Davenport and Laurence Prusak. Harvard Business School Press, 1998. $29.95US. ISBN 0‐87584‐655‐6 , 1998 .

[3] Axel van Lamsweerde,et al. Goal-Oriented Requirements Engineering: A Guided Tour , 2001, RE.

[4] Nasir D. Memon,et al. Protecting digital media content , 1998, CACM.

[5] Annie I. Antón,et al. Goal-based requirements analysis , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[6] Thomas C. Rindfleisch,et al. Privacy, information technology, and health care , 1997, CACM.

[7] Bruce Schneier,et al. Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[8] Annie I. Antón,et al. A Taxonomy for Web Site Privacy Requirements , 2001 .

[9] E. Kluge. Professional ethics as basis for legal control of health care information. , 1996, International journal of bio-medical computing.

[10] Brannigan Vm,et al. Patient privacy in the era of medical computer networks: a new paradigm for a new technology. , 1995 .