The Integrated Privacy Model: Building a Privacy Model in the Business Processes of the Enterprise

This paper discusses the challenges that faced in the "DigNet" age in terms of privacy and proposes a framework for privacy protection. This framework is integral in ensuring that personal data protection is impeded part of business processes of any systems that are involved in collecting, disseminating, and accessing an individual's data. The cooperation and partnership between nations in passing privacy laws is essential and requires some building blocks. In this paper, the author argues that the building blocks should be integrated into the business processes and take into consideration three main domains: governments' legislation, entity's policies and procedures, and data protection controls. The proposed conceptual framework helps organizations develop data protection in their business processes, assess the privacy issues in their organization, protect the interests of their customers, increase their value proposition to customers, and make it easier to identify the impact of privacy on their business.

[1]  Carsten Rudolph,et al.  Security Engineering for Ambient Intelligence: A Manifesto , 2006 .

[2]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[3]  Vinay Kumar,et al.  Hiding Message in Map Along Pre-Hamiltonian Path , 2010, Int. J. Inf. Secur. Priv..

[4]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[5]  Alan R. Hevner,et al.  The Three Cycle View of Design Science , 2007, Scand. J. Inf. Syst..

[6]  John A. Anderson,et al.  Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure , 2008, 2008 IEEE International Conference on Services Computing.

[7]  Haralambos Mouratidis,et al.  Integrating Security and Software Engineering: Advances and Future Visions , 2006 .

[8]  Carla Carnaghan,et al.  Business process modeling approaches in the context of process level audit risk assessment: An analysis and comparison , 2006, Int. J. Account. Inf. Syst..

[9]  James Suleiman,et al.  Data Privacy and Security: HIPAA and Small Business Compliance , 2009, Int. J. Inf. Secur. Priv..

[10]  Reza Barkhi,et al.  An Empirical Investigation of an Individual's Perceived Need for Privacy and Security , 2008, Int. J. Inf. Secur. Priv..

[11]  Hamid Nemati Optimizing Information Security and Advancing Privacy Assurance: New Technologies , 2012 .

[12]  Evangelos A. Kiountouzis,et al.  The use of business process modelling in information systems security analysis and design , 2000, Inf. Manag. Comput. Secur..

[13]  N. N. Loideáin The EC Data Retention Directive: Legal Implications for Privacy and Data Protection , 2011 .

[14]  Robert E. Thomas,et al.  Database Marketing Practice: Protecting Consumer Privacy , 1997 .

[15]  Alan R. Peslak Internet Privacy Policies: A Review and Survey of the Fortune 50 , 2005, Inf. Resour. Manag. J..

[16]  S. Chatterjee,et al.  Design Science Research in Information Systems , 2010 .

[17]  Karim Jamal,et al.  Enforced Standards Versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy Disclosure and Practice in the United States and the United Kingdom , 2004 .

[18]  Alan R. Peslak,et al.  Privacy policies of the largest privately held companies: a review and analysis of the forbes private 50 , 2005, SIGMIS CPR '05.

[19]  Andrew Clement,et al.  The PIPWatch toolbar: Combining PIPEDA, PETs and market forces through social navigation to enhance privacy protection and compliance , 2008, 2008 IEEE International Symposium on Technology and Society.

[20]  Irwin King,et al.  Policy and Issues in Deploying Automated Plagiarism Detection Systems in Academic Communities: A Case Study of VeriGuide , 2011 .

[21]  George R. Milne Privacy and Ethical Issues in Database/Interactive Marketing and Public Policy: A Research Framework and Overview of the Special Issue , 2000 .

[22]  Irene Pollach A Typology of Communicative Strategies in Online Privacy Policies: Ethics, Power and Informed Consent , 2005 .

[23]  Alfred Kobsa,et al.  Privacy-enhanced personalization , 2007, CACM.

[24]  Laurence Ashworth,et al.  Marketing Dataveillance and Digital Privacy: Using Theories of Justice to Understand Consumers’ Online Privacy Concerns , 2006 .

[25]  Marian Quigley,et al.  ICT Ethics and Security in the 21st Century: New Developments and Applications , 2011 .

[26]  Jochen Wirtz,et al.  Consumer online privacy concerns and responses: a power–responsibility equilibrium perspective , 2007 .

[27]  Robert Ellis Smith,et al.  Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet , 2000 .