Morton, A; Sasse, MA; (2012) Privacy is a process, not a PET: a theory for effective privacy practice. In: NSPW '12 Proceedings of the 2012 workshop on New Security Paradigms. (pp. 87 - 104). Association for Computer Machinery: New York.

Preview

PDF Morton_and_Sasse_-_2012_-_Privacy_is_a_Process,_Not_a_PET_A_Theory_for_Effe_UCL.pdf Download (1MB)

Abstract

Privacy research has not helped practitioners -- who struggle to reconcile users' demands for information privacy with information security, legislation, information management and use -- to improve privacy practice. Beginning with the principle that information security is necessary but not sufficient for privacy, we present an innovative layered framework - the Privacy Security Trust (PST) Framework - which integrates, in one model, the different activities practitioners must undertake for effective privacy practice. The PST Framework considers information security, information management and data protection legislation as privacy hygiene factors, representing the minimum processes for effective privacy practice. The framework also includes privacy influencers - developed from previous research in information security culture, information ethics and information culture - and privacy by design principles. The framework helps to deliver good privacy practice by providing: 1) a clear hierarchy of the activities needed for effective privacy practice; 2) delineation of information security and privacy; and 3) justification for placing data protection at the heart of those activities involved in maintaining information privacy. We present a proof-of-concept application of the PST Framework to an example technology -- electricity smart meters.

Download activity - last month

Export as JSONXMLCSV

Download activity - last 12 months

Export as CSVXMLJSON

Downloads by country - last 12 months

Export as XMLCSVJSON

Archive Staff Only

View Item