{"title":"加强国家身份识别系统中的隐私保护:审查利益相关者对隐私设计的认识、态度和做法","authors":"Mohamed Abomhara, Livinus Obiora Nweke, Sule Yildirim Yayilgan, Debora Comparin, Kristel Teyras, Stéphanie de Labriolle","doi":"10.1007/s10207-024-00905-0","DOIUrl":null,"url":null,"abstract":"<p>Privacy by Design (PbD) is a well-known concept that aims to provide a high level of protection for privacy throughout the entire life cycle of systems development. Despite the considerable attention from stakeholders such as researchers, government agencies, and system suppliers, the widespread adoption of PbD faces obstacles due to a lack of knowledge, insufficient awareness of PbD benefits, and the absence of specific implementation guidelines. In this study, stakeholders are identified primarily as diverse participants from government agencies and system suppliers engaged in National Identification Systems (NIDS). Specifically, government agencies representing regulatory bodies and administrators of NIDS, setting the legal framework that governs the NIDS’s privacy aspects. The NIDS system suppliers includes private companies playing a crucial role in the development and implementation of NIDS with a focus on privacy considerations. Through the perspectives of NIDS stakeholders, this study aimed to examine the Knowledge, Attitudes and Practices (KAP) of PbD principles and its integration in NIDS. A survey involving 203 participants from government agencies and NIDS system suppliers engaged in NIDS development was conducted. Subsequently, a focus group discussion was held with 11 members to provide qualitative insights into the KAP of PbD. The survey results revealed a significant correlation between attitudes and practices but a weak correlation between knowledge and attitudes or practices. The focus group discussion assured these findings, emphasizing the role of positive attitudes in facilitating PbD practices and highlighting knowledge-practice gaps. In conclusion, this study offers tailored recommendations for improving the integration of PbD in NIDS development. The recommendations includes strategies such as developing training programs, establishing clear guidelines and standards and creating awareness campaigns.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"57 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-09-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enhancing privacy protections in national identification systems: an examination of stakeholders’ knowledge, attitudes, and practices of privacy by design\",\"authors\":\"Mohamed Abomhara, Livinus Obiora Nweke, Sule Yildirim Yayilgan, Debora Comparin, Kristel Teyras, Stéphanie de Labriolle\",\"doi\":\"10.1007/s10207-024-00905-0\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Privacy by Design (PbD) is a well-known concept that aims to provide a high level of protection for privacy throughout the entire life cycle of systems development. Despite the considerable attention from stakeholders such as researchers, government agencies, and system suppliers, the widespread adoption of PbD faces obstacles due to a lack of knowledge, insufficient awareness of PbD benefits, and the absence of specific implementation guidelines. In this study, stakeholders are identified primarily as diverse participants from government agencies and system suppliers engaged in National Identification Systems (NIDS). Specifically, government agencies representing regulatory bodies and administrators of NIDS, setting the legal framework that governs the NIDS’s privacy aspects. The NIDS system suppliers includes private companies playing a crucial role in the development and implementation of NIDS with a focus on privacy considerations. Through the perspectives of NIDS stakeholders, this study aimed to examine the Knowledge, Attitudes and Practices (KAP) of PbD principles and its integration in NIDS. A survey involving 203 participants from government agencies and NIDS system suppliers engaged in NIDS development was conducted. Subsequently, a focus group discussion was held with 11 members to provide qualitative insights into the KAP of PbD. The survey results revealed a significant correlation between attitudes and practices but a weak correlation between knowledge and attitudes or practices. The focus group discussion assured these findings, emphasizing the role of positive attitudes in facilitating PbD practices and highlighting knowledge-practice gaps. In conclusion, this study offers tailored recommendations for improving the integration of PbD in NIDS development. The recommendations includes strategies such as developing training programs, establishing clear guidelines and standards and creating awareness campaigns.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"57 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-09-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00905-0\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00905-0","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Enhancing privacy protections in national identification systems: an examination of stakeholders’ knowledge, attitudes, and practices of privacy by design
Privacy by Design (PbD) is a well-known concept that aims to provide a high level of protection for privacy throughout the entire life cycle of systems development. Despite the considerable attention from stakeholders such as researchers, government agencies, and system suppliers, the widespread adoption of PbD faces obstacles due to a lack of knowledge, insufficient awareness of PbD benefits, and the absence of specific implementation guidelines. In this study, stakeholders are identified primarily as diverse participants from government agencies and system suppliers engaged in National Identification Systems (NIDS). Specifically, government agencies representing regulatory bodies and administrators of NIDS, setting the legal framework that governs the NIDS’s privacy aspects. The NIDS system suppliers includes private companies playing a crucial role in the development and implementation of NIDS with a focus on privacy considerations. Through the perspectives of NIDS stakeholders, this study aimed to examine the Knowledge, Attitudes and Practices (KAP) of PbD principles and its integration in NIDS. A survey involving 203 participants from government agencies and NIDS system suppliers engaged in NIDS development was conducted. Subsequently, a focus group discussion was held with 11 members to provide qualitative insights into the KAP of PbD. The survey results revealed a significant correlation between attitudes and practices but a weak correlation between knowledge and attitudes or practices. The focus group discussion assured these findings, emphasizing the role of positive attitudes in facilitating PbD practices and highlighting knowledge-practice gaps. In conclusion, this study offers tailored recommendations for improving the integration of PbD in NIDS development. The recommendations includes strategies such as developing training programs, establishing clear guidelines and standards and creating awareness campaigns.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.