Privacy in Business Processes – Disclosure of Personal Data to 3 rd Parties – Dagstuhl Perspectives Workshop 11061 Online Privacy: Towards Informational Self-Determination on the Internet February 6-11, 2011 National Institute of Informatics Dr. Sven Wohlgemuth Prof. Dr. Isao Echizen Prof. Dr. Noboru Sonehara National Institute of Informatics, Japan Prof. Dr. Günter Müller University of Freiburg, Germany
10
Embed
Privacy in Business Processes - Disclosure of Personal Data to 3rd Parties
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1 Sven Wohlgemuth On Privacy by Observable Delegation of Personal Data
National Institute of Informatics
Privacy in Business Processes
– Disclosure of Personal Data to 3rd Parties –
Dagstuhl Perspectives Workshop 11061 Online Privacy: Towards Informational Self-Determination on the Internet
February 6-11, 2011
National Institute of Informatics
Dr. Sven Wohlgemuth Prof. Dr. Isao Echizen
Prof. Dr. Noboru Sonehara National Institute of Informatics, Japan
Prof. Dr. Günter Müller
University of Freiburg, Germany
Access control No usage control for the disclosure of personal data
2
National Institute of Informatics
1. Privacy and Disclosure of Personal Data to Third Parties
User
d
Privacy legislation: „Privacy is the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others.“ (Westin, 1967 è regulations of Germany/EU, Japan and HIPAA)
DP = Data provider DC = Data consumer d, d’ = Personal data
Disclosure of personal data to third parties
d, d’
d
Services
d, d’
d, d’
DP
DC / DP
DC / DP DC / DP
DC
Privacy in Business Processes Dr. Sven Wohlgemuth Wohlgemuth, S., Echizen I., Müller, G., and Sonehara, N., 2010
National Institute of Informatics
Patient “inherits” responsibility and risk. Dishonest parties may modify or disclose personal data to 3rd parties without authorization.
Ø Privacy Problem How can the patient control the disclosure of medical data to 3rd parties?
Hospital
Examination
Dentist
Pharmacy
Laboratory
Advertiser
Employer
Patient
Example: Cloud Computing
(e.g. Patient and Electronic Health Card Infrastructure)
Haas, S., Wohlgemuth, S., Echizen. I, Sonehara, N., and Müller, G., 2009
Drug maker
Different data protection legislations (e.g. EC 95/46/EC, Japan, HIPAA)
3 Privacy in Business Processes Dr. Sven Wohlgemuth
Wohlgemuth, S., Echizen, I., Müller, G., Sonehara, N., Privacy-compliant Disclosure of Personal Data to Third Parties, it – Information Technology 52(6), Oldenbourg, pp. 350-355, 2010. Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G., Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy, IFIP SEC 2010, IFIP AICT 330, pp. 241-252, 2010. Selected as one the best papers of IFIP SEC 2010 Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G., Aspects of Privacy for Electronic Health Records, Int. Journal of Medical Informatics 80(2), Elsevier, pp. e26-e31, 2011. Haas, S., Wohlgemuth, S., Echizen, I., Sonehara, N., Müller, G., On Privacy in Medical Services with Electronic Health Records, IMIA SiHIS 2009 workhops on CoHMI, 2009. Gerd Griesser Award 2009