Processing Data to Protect Data: Resolving the Breach Detection Paradox

3区 文学 Q3 Arts and Humanities SCRIPTORIUM Pub Date : 2020-08-06 DOI:10.2966/scrip.170220.197
A. Cormack
{"title":"Processing Data to Protect Data: Resolving the Breach Detection Paradox","authors":"A. Cormack","doi":"10.2966/scrip.170220.197","DOIUrl":null,"url":null,"abstract":"Most privacy laws contain two obligations: that processing of personal data must be minimised, and that security breaches must be detected and mitigated as quickly as possible. These two requirements appear to conflict, since detecting breaches requires additional processing of logfiles and other personal data to determine what went wrong. Fortunately Europe’s General Data Protection Regulation (GDPR) – considered the strictest such law – recognises this paradox and suggests how both requirements can be satisfied. This paper assesses security breach detection in the light of the principles of purpose limitation and necessity, finding that properlyconducted breach detection should satisfy both principles. Indeed the same safeguards that are required by data protection law are essential in practice for breach detection to achieve its purpose. The increasing use of automated breach detection is then examined, finding opportunities to further strengthen these safeguards as well as those that might be required by the GDPR provisions on profiling and automated decision-making. Finally we consider how processing for breach detection relates to the context of providing and using on-line services concluding that, far from being paradoxical, it should be expected and welcomed by regulators and (2020) 17:2 SCRIPTed 197 198 all those whose data may be stored in networked computers.","PeriodicalId":43374,"journal":{"name":"SCRIPTORIUM","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2020-08-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SCRIPTORIUM","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2966/scrip.170220.197","RegionNum":3,"RegionCategory":"文学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Arts and Humanities","Score":null,"Total":0}
引用次数: 1

Abstract

Most privacy laws contain two obligations: that processing of personal data must be minimised, and that security breaches must be detected and mitigated as quickly as possible. These two requirements appear to conflict, since detecting breaches requires additional processing of logfiles and other personal data to determine what went wrong. Fortunately Europe’s General Data Protection Regulation (GDPR) – considered the strictest such law – recognises this paradox and suggests how both requirements can be satisfied. This paper assesses security breach detection in the light of the principles of purpose limitation and necessity, finding that properlyconducted breach detection should satisfy both principles. Indeed the same safeguards that are required by data protection law are essential in practice for breach detection to achieve its purpose. The increasing use of automated breach detection is then examined, finding opportunities to further strengthen these safeguards as well as those that might be required by the GDPR provisions on profiling and automated decision-making. Finally we consider how processing for breach detection relates to the context of providing and using on-line services concluding that, far from being paradoxical, it should be expected and welcomed by regulators and (2020) 17:2 SCRIPTed 197 198 all those whose data may be stored in networked computers.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
处理数据以保护数据:解决漏洞检测悖论
大多数隐私法都包含两项义务:必须最大限度地减少对个人数据的处理,以及必须尽快发现并缓解安全漏洞。这两个要求似乎是冲突的,因为检测漏洞需要对日志文件和其他个人数据进行额外处理,以确定哪里出了问题。幸运的是,欧洲的《通用数据保护条例》(GDPR)——被认为是此类法律中最严格的——认识到了这一悖论,并提出了如何满足这两项要求的建议。本文从目的限制原则和必要性原则两个方面对安全漏洞检测进行了评估,发现正确实施的漏洞检测应该同时满足这两个原则。事实上,数据保护法所要求的保障措施在实践中对于违规检测实现其目的至关重要。然后审查越来越多地使用自动漏洞检测,找到进一步加强这些保障措施的机会,以及GDPR关于分析和自动决策的规定可能要求的保障措施。最后,我们考虑了漏洞检测的处理如何与提供和使用在线服务的背景相关,得出的结论是,这绝不是矛盾的,监管机构和(2020)17:2 SCRIPTed 197 198所有数据可能存储在网络计算机中的人都应该期待和欢迎它。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
SCRIPTORIUM
SCRIPTORIUM Multiple-
自引率
0.00%
发文量
0
审稿时长
20 weeks
期刊最新文献
arte que nos resta Simulacro e criação brinde às fontes outro sujeito Orides Fontela e a poesia do kairos
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1