A Privacy Impact Assessment Tool for Cloud Computing

In this paper, we present a Privacy Impact Assessment (PIA) decision support tool that can be integrated within a cloud computing environment. Privacy is an important consideration in cloud computing, as actual or perceived privacy weaknesses will impact legal compliance, data security, and user trust. A PIA is a systematic process for evaluating the possible future effects that a particular activity or proposal may have on an individual's privacy. It focuses on understanding the system, initiative or scheme, identifying and mitigating adverse privacy impacts and informing decision makers who must decide whether the project should proceed and in what form. A PIA, as a proactive business process, is thus properly distinguished from reactive processes, such as privacy issue analysis, privacy audits and privacy law compliance checking [1], applied to existing systems to ensure their continuing conformity with internal rules and external requirements.

[1]  Siani Pearson,et al.  Privacy Management in Global Organisations , 2012, Communications and Multimedia Security.

[2]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[3]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[4]  Barrie Sosinsky,et al.  Cloud Computing Bible , 2010 .

[5]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[6]  Andrew Charlesworth,et al.  Analysis of Privacy Impact Assessments within Major jurisdictions , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[7]  Anil Kumar Understanding Privacy , 2010 .

[8]  Siani Pearson,et al.  Decision Support for Selection of Cloud Service Providers , 2010 .

[9]  J.-M. Van Gyseghem,et al.  Cloud computing and its implications on data protection , 2010 .

[10]  Frank Gens,et al.  Cloud Computing Benefits, risks and recommendations for information security , 2010 .

[11]  Andrew Charlesworth,et al.  The Emergence of Privacy Impact Assessments , 2010 .

[12]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[13]  Andrew Charlesworth,et al.  Accountability as a Way Forward for Privacy Protection in the Cloud , 2009, CloudCom.

[14]  Siani Pearson,et al.  A Privacy Manager for Cloud Computing , 2009, CloudCom.

[15]  Siani Pearson,et al.  Scalable, accountable privacy management for large organizations , 2009, 2009 13th Enterprise Distributed Object Computing Conference Workshops.

[16]  John Rhoton,et al.  Cloud Computing Explained , 2009 .

[17]  Rajneesh Sharma,et al.  Privacy Management for Global Organizations , 2009, DPM/SETOP.

[18]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[19]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[20]  Charles Oppenheim,et al.  Privacy Impact Assessments: International experience as a basis for UK Guidance , 2008, Comput. Law Secur. Rev..

[21]  Anthony Finkelstein,et al.  Privacy Impact Assessment with PRAIS , 2008 .

[22]  Charles Oppenheim,et al.  Privacy Impact Assessments: International Study of Their Application and Effects , 2007 .

[23]  Janice Singer,et al.  Guide to Advanced Empirical Software Engineering , 2007 .

[24]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[25]  Raheel Ahmad,et al.  Expert Systems: Principles and Programming , 2006, Scalable Comput. Pract. Exp..

[26]  Eriks Sneiders,et al.  Automated question answering: review of the main approaches , 2005, Third International Conference on Information Technology and Applications (ICITA'05).

[27]  Richard E. Susskind The latent damage system: a jurisprudential analysis , 1989, ICAIL '89.

[28]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[29]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[30]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .