USING OBJECT-ORIENTED CONCEPTS TO DEVELOP A CONCEPTUAL MODEL FOR THE MANAGEMENT OF INFORMATION PRIVACY RISK IN LARGE ORGANISATIONS

In this paper we present a conceptual model for the management of information privacy risk in large organisations. The model is based on the similarities between the concepts of departments in large organisations and the object-oriented computer programming paradigm. It is a high-level model that takes a holistic view of information privacy risk management, and, as such, identifies risk in both manual and automated processes during the acquisition, processing, storage and dissemination of information. While conceptual in nature, the model is well suited to practical implementation due to the structure it derives from the object-oriented paradigm. The practical application of the model is demonstrated by way of an example scenario. This paper contributes by addressing the absence in the literature of freely available models for the holistic management information privacy risk in large organisations.

[1]  Daniel J. Solove A Taxonomy of Privacy , 2006 .

[2]  Joachim Biskup,et al.  The personal model of data: Towards a privacy-oriented information system , 1988, Comput. Secur..

[3]  Deborah J. Armstrong The quarks of object-oriented development , 2006, CACM.

[4]  Matthias Schunter,et al.  Privacy promises, access control, and privacy management. Enforcing privacy throughout an enterprise by extending access control , 2002, Proceedings. Third International Symposium on Electronic Commerce,.

[5]  Luiz Fernando Capretz A brief history of the object-oriented approach , 2003, SOEN.

[6]  P. Agre,et al.  Technology and privacy: The new landscape , 1998 .

[7]  Paul R. Ashley,et al.  Enterprise Privacy Authorization Language , 2003 .

[8]  Günter Karjoth,et al.  A privacy policy model for enterprises , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[9]  Robert Gellman,et al.  Does privacy law work , 1997 .

[10]  Marco Casassa Mont Towards Scalable Management of Privacy Obligations in Enterprises , 2006, TrustBus.

[11]  Lucas C. J. Dreyer,et al.  An Information-Flow Model for Privacy (Infopriv) , 1999 .

[12]  Sebastiaan H. von Solms,et al.  Information Security Management: A Hierarchical Framework for Various Approaches , 2000, Comput. Secur..

[13]  Marco Casassa Mont,et al.  Dealing with Privacy Obligations: Important Aspects and Technical Approaches , 2004, TrustBus.

[14]  A. Ghobadian,et al.  TQM and organization size , 1997 .

[15]  Shuchih Ernest Chang,et al.  Organizational factors to the effectiveness of implementing information security management , 2006, Ind. Manag. Data Syst..

[16]  A. Daniel Oliver-Lalana,et al.  Consent as a Threat. A Critical Approach to Privacy Negotiation in e-Commerce Practices , 2004, TrustBus.