Abstract
The growth of the Internet has been accompanied by the growth of e-services (e.g. e-commerce, e-health). This proliferation of e-services has put large quantities of customer private information in the hands of service providers, who in many cases have mishandled the information to the detriment of customer privacy. As a result, government bodies have put in place privacy legislation that spells out the privacy rights of customers and how their private information is to be handled. Service providers are required to comply with this privacy legislation. This paper proposes a cooperative visualization technique that can be employed by service providers to understand how private information flows within their organizations, as a way of identifying privacy risks or vulnerabilities that can lead to violations of privacy legislation. The description of the technique includes a model of how an e-service uses private information, a graphical notation for the visualization, and an application example.
NRC Paper Number: NRC 50390.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Goldberg, I., Wagner, D., Brewer, E.: Privacy-Enhancing Technologies for the Internet. In: IEEE COMPCON 1997, pp. 103–109 (1997)
Yee, G., Korba, L.: Semi-Automatic Derivation and Use of Personal Privacy Policies in E-Business. International Journal of E-Business Research 1(1), 54–69 (2005)
Yee, G., Korba, L., Song, R.: Legislative Bases for Personal Privacy Policy Specification. In: Yee, G. (ed.) Privacy Protection for E-Services, pp. 281–294. Idea Group, Inc. (2006)
Yee, G., Korba, L.: Bilateral E-services Negotiation Under Uncertainty. In: International Symposium on Applications and the Internet (SAINT2003), Orlando, Florida, pp. 352–355 (2003)
Yee, G., Korba, L.: The Negotiation of Privacy Policies in Distance Education. In: 14th IRMA International Conference, Philadelphia, Pennsylvania, pp. 702–705 (2003)
Moran, T.P., Chiu, P., van Melle, W.: Pen-Based Interaction Techniques for Organizing Material on an Electronic Whiteboard. In: 10th Annual ACM Symposium on User Interface Software and Technology, Banff, Alberta, Canada, pp. 45–54 (1997)
Hong, J.I., Ng, J.D., Lederer, S., Landay, J.A.: Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems. In: Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, Cambridge, MA, pp. 91–100 (2004)
Karger, P.A.: Privacy and Security Threat Analysis of the Federal Employee Personal Identity Verification (PIV) Program. In: Second Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 114–121 (2006)
The Privacy Impact Assessment Guidelines: A Framework to Manage Privacy Risk, http://www.tbs-sct.gc.ca/pgol-pged/piatp-pfefvp/course1/mod2/mod2-5_e.asp
Salter, C., Sami Saydjari, O., Schneier, B., Wallner, J.: Towards a Secure System Engineering Methodology. In: New Security Paradigms Workshop (1998)
Data Flow Diagram, http://en.wikipedia.org/wiki/Data_flow_diagram
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yee, G.O.M., Korba, L., Song, R. (2008). Cooperative Visualization of Privacy Risks. In: Luo, Y. (eds) Cooperative Design, Visualization, and Engineering. CDVE 2008. Lecture Notes in Computer Science, vol 5220. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88011-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-88011-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88010-3
Online ISBN: 978-3-540-88011-0
eBook Packages: Computer ScienceComputer Science (R0)