Abstract
The compliance with data protection and privacy regulations such as the European General Data Protection Regulation (GDRP) is a challenging task for companies with complex IT landscapes. Current approaches lack of a technical integration with enterprise software systems and therefore require considerable manual effort to keep permissions and retention of data in line with data protection and privacy requirements. We propose an integrated information model to link data privacy requirements with software systems, modules and data to address this problem with the help of Information Lifecycle Management (ILM) functionality. The approach is illustrated with a use case of the compliant deletion of employee data upon fulfillment of the stated purpose.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Referring to Kearney’s “crisis in trust” [1].
References
Kearney, A.T.: rethinking personal data: a new lens for strengthening trust. In: World Economic Forum (2014). Accessed Nov 2014
Loomans, D., Matz, M., Wiedemann, M.: Praxisleitfaden zur Implementierung eines Datenschutzmanagementsystems: Ein risikobasierter Ansatz für alle Unternehmensgrößen. Springer, Heidelberg (2014)
Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manage. Inf. Syst. (2007). doi:10.2753/MIS0742-1222240302
March, S.T., Smith, G.F.: Design and natural science research on information technology. Decis. Support Syst. (1995). doi:10.1016/0167-9236(94)00041-2
Anke, J., Berning, W., Schmidt, J., Zinke, C.: IT-gestützte Methodik zum Management von Datenschutzanforderungen. HMD (2017). doi:10.1365/s40702-016-0283-0
SNIA Data Management Forum: ILM Definition and Scope. An ILM Framework. http://www.snia-dmf.org/library/DMF-ILM-Vision2.4.pdf 20 July (2004). Accessed 2 Mar 2017
Short, J.E.: Information Lifecycle Management Concepts, Practices, and Value (2007)
Tallon, P.P., Scannell, R.: Information life cycle management. Commun. ACM 50(11), 65–69 (2007)
Beigi, M., Devarakonda, M., Jain, R., Kaplan, M., Pease, D., Rubas, J., Sharma, U., Verma, A.: Policy-based information lifecycle management in a large-scale file system. In: Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, 6–8 June 2005, pp. 139–148 (2005). doi:10.1109/POLICY.2005.26
SAP: ILM-Erweiterungen in der Datenarchivierung. https://help.sap.com/saphelp_crm70/helpdata/de/c2/23e47063a74341a7641993dd03df94/content.htm. Accessed 2 Mar 2017
SAP: SAP NetWeaver Information Lifecycle Management. https://help.sap.com/saphelp_nw70ehp1/helpdata/de/7f/e188e04fdd462e8ec330bb80efc389/frameset.htm. Accessed 2 Mar 2017
Haynes, D., Bawden, D., Robinson, L.: A regulatory model for personal data on social networking services in the UK. Int. J. Inf. Manage. 36(6), 872–882 (2016)
Gable, J.: Principles for protecting information privacy. Inf. Manage. J. 48(5), 38–42 (2014)
Al-Jaberi, M.F., Zainal, A.: Data integrity and privacy model in cloud computing. In: Biometrics and Security Technologies (2014)
Loukides, G., Gkoulalas-Divanis, A., Shao, J.: Efficient and flexible anonymization of transaction data. Knowl. Inf. Syst. (2013). doi:10.1007/s10115-012-0544-3
Damiani, M.L.: Location privacy models in mobile applications: conceptual view and research directions. Geoinformatica (2014). doi:10.1007/s10707-014-0205-7
Domingo-Ferrer, J., Sánchez, D.: Database anonymization: privacy models, data utility, and microaggregation-based inter-model connections. Synth. Lect. Inf. Secur. Priv. Trust 8(1), 1–136 (2016)
Kardas, S., Celik, S., Bingol, M.A., Kiraz, M.S., Demirci, H., Levi, A.: k-strong privacy for radio frequency identification authentication protocols based on physically unclonable functions. Wireless Commun. Mob. Comput. (2015). doi:10.1002/wcm.2482
Alavi, S.M., Baghery, K., Abdolmaleki, B., Aref, M.R.: Traceability analysis of recent RFID authentication protocols. Wireless Pers. Commun. (2015). doi:10.1007/s11277-015-2469-0
Hermans, J., Peeters, R., Preneel, B.: Proper RFID privacy: model and protocols. IEEE Trans. Mob. Comput. (2014). doi:10.1109/TMC.2014.2314127
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Zinke, C., Anke, J., Meyer, K., Schmidt, J. (2018). Modeling, Analysis and Control of Personal Data to Ensure Data Privacy – A Use Case Driven Approach. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-60585-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60584-5
Online ISBN: 978-3-319-60585-2
eBook Packages: EngineeringEngineering (R0)