Towards Designing a Privacy-Oriented Architecture for Managing Personal Identifiable Information

Adán F. Guzmán-Castillo, Gabriela Suntaxi, Bryan N. Flores-Sarango, Denys A. Flores
{"title":"Towards Designing a Privacy-Oriented Architecture for Managing Personal Identifiable Information","authors":"Adán F. Guzmán-Castillo, Gabriela Suntaxi, Bryan N. Flores-Sarango, Denys A. Flores","doi":"10.58346/jisis.2024.i1.005","DOIUrl":null,"url":null,"abstract":"Recent threat reports have warned researchers and security professionals about a shortage of cybersecurity skills to face devastating personal data breaches. As a response, governments have taken on the challenge of proposing specific legislation to protect citizens' privacy while holding information-processing companies accountable for any misuse. However, unauthorized access to such information, or possible negligent destruction of personal records are some issues that cannot be dealt with privacy laws alone. In this research, we introduce the functional requirements to deploy PriVARq, a novel privacy-oriented architecture to proactively manage any consensual submission of personal identifiable information (PII); i.e. during its collection, processing, verification and transference. PriVARq’s main contribution is the balance between legal frameworks and industry-leading security standards to mitigate the former’s shortage of practical solutions to tackle some privacy and security issues when dealing with PII. Consequently, for defining PriVARq’s functional requirements, a privacy-by-design approach is employed which not only considers legislation proposed in Europe and Latin America but also analyzes technical aspects outlined in international security standards. We aim to provide a proactive approach to reduce the shortage of skills and solutions to tackle privacy leakages in public repositories and devise future research venues to implement PriVARq in public and private organizations.","PeriodicalId":36718,"journal":{"name":"Journal of Internet Services and Information Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-03-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Internet Services and Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.58346/jisis.2024.i1.005","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0

Abstract

Recent threat reports have warned researchers and security professionals about a shortage of cybersecurity skills to face devastating personal data breaches. As a response, governments have taken on the challenge of proposing specific legislation to protect citizens' privacy while holding information-processing companies accountable for any misuse. However, unauthorized access to such information, or possible negligent destruction of personal records are some issues that cannot be dealt with privacy laws alone. In this research, we introduce the functional requirements to deploy PriVARq, a novel privacy-oriented architecture to proactively manage any consensual submission of personal identifiable information (PII); i.e. during its collection, processing, verification and transference. PriVARq’s main contribution is the balance between legal frameworks and industry-leading security standards to mitigate the former’s shortage of practical solutions to tackle some privacy and security issues when dealing with PII. Consequently, for defining PriVARq’s functional requirements, a privacy-by-design approach is employed which not only considers legislation proposed in Europe and Latin America but also analyzes technical aspects outlined in international security standards. We aim to provide a proactive approach to reduce the shortage of skills and solutions to tackle privacy leakages in public repositories and devise future research venues to implement PriVARq in public and private organizations.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
为管理个人身份信息设计一个以隐私为导向的架构
最近的威胁报告警告研究人员和安全专业人员,面对破坏性的个人数据泄露事件,他们缺乏网络安全技能。作为应对措施,各国政府纷纷提出具体的立法建议,以保护公民的隐私,同时追究信息处理公司对任何滥用行为的责任。然而,未经授权访问此类信息,或可能因疏忽而销毁个人记录,这些问题单靠隐私法是无法解决的。在这项研究中,我们介绍了部署 PriVARq 的功能要求,这是一种面向隐私的新型架构,可主动管理任何经同意提交的个人身份信息(PII),即在其收集、处理、验证和传输过程中。PriVARq 的主要贡献是在法律框架和行业领先的安全标准之间取得平衡,以缓解前者在处理 PII 时缺乏解决某些隐私和安全问题的实用解决方案的问题。因此,在定义 PriVARq 的功能要求时,我们采用了隐私设计方法,不仅考虑了欧洲和拉丁美洲提出的立法,还分析了国际安全标准中概述的技术方面。我们的目标是提供一种积极主动的方法,以减少技能和解决方案的短缺,从而解决公共资料库中的隐私泄露问题,并为在公共和私营机构中实施 PriVARq 设计未来的研究场所。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Journal of Internet Services and Information Security
Journal of Internet Services and Information Security Computer Science-Computer Science (miscellaneous)
CiteScore
3.90
自引率
0.00%
发文量
0
审稿时长
8 weeks
期刊最新文献
Evaluating the Effectiveness of a Gan Fingerprint Removal Approach in Fooling Deepfake Face Detection CSA-Forecaster: Stacked Model for Forecasting Child Sexual Abuse A Nonredundant SVD-based Precoding Matrix for Blind Channel Estimation in CP-OFDM Systems Over Channels with Memory An Intelligent Health Surveillance System: Predictive Modeling of Cardiovascular Parameters through Machine Learning Algorithms Using LoRa Communication and Internet of Medical Things (IoMT) Identifying Large Young Hacker Concentration in Indonesia
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1